the domain api.example.com is accessed over https, it set a cookie named \'uid\', and secure flag of \'uid\' default to true(browser do it).
and the subd
