Cookie Domains – Web Development
Articles,  Blog

Cookie Domains – Web Development

So as we saw in the demos, the cookies can have extra parameters, not just the value. So, let me, let me draw anoth, an, an example cookie for you. Here’s a, here’s an example set cookie header for setting this cookie, whose name is name, nice and confusing. Whose value is Steve. And now we’ve added a couple extra parameters. We’ve got semicolon to end the value. We’ve added this domain parameter. And this is what domain this cookie is relevant to. So in this case, it is relevant to and this is the path that it’s relevant to. So the path is easier to explain. basically, you can put whatever you want here and then, in this case, this is the default path. If you don’t specify a path we just assume you mean slash. And this is actually the most common use case of cookies. You the cookie applies to all of the paths. But if you want to restrict the cookie to a particular path, you can specify that path here and the browser will make sure that the path you’re requesting starts with this value before it sends the cookie. So the domain is much more interesting and much more complex. And let’s, let’s talk about this a little bit so this means that basically, this cookie will not get sent by the browser to the server unless the server’s domain is or basically, ends with So, domains that this work for are, for example, Domains that, that will not receive this cookie, would be for example just without the ww, or because this cookie was restricted to www, so basically, the, the site you’re at has to begin, or I mean sorry end with You can’t set cookies to just .com, you have to have at least two periods. So the minimum domain you can set a cookie for is If you try to set for just, the, that first period will automatically get added. That controls, the domain controls which domain a browser will send the cookie to. What about, you know, can, can I have can I have a web server at that sets a cookie for The answer is, no. Similar to how the domain parameter restricts which domains a browser will send a cookie to, the domain who’s serving the request, the, the, basically the domain of the web server, that, of, of the webpage, you may only set a cookie to that domain or higher. So if we’re at the browser will only accept cookies for by default, if there’s no, no domain parameter. If there is a domain parameter, the only valid domains are or We can’t set a cookie for or And, and this is to prevent you know, if you have multiple websites, kind of sharing the same top-level domain, you know, for example, you know, you don’t, I, I can’t see a cookie on, in my app that affects the behavior of your app. I can only set a cookie that get sent with www and with the top level. That’s how the domain restrictions work. Let’s have a little quiz.


Leave a Reply

Your email address will not be published. Required fields are marked *