Cookie Domains – Web Development
Articles,  Blog

Cookie Domains – Web Development


So as we saw in the demos, the cookies can have extra parameters, not just the value. So, let me, let me draw anoth, an, an example cookie for you. Here’s a, here’s an example set cookie header for setting this cookie, whose name is name, nice and confusing. Whose value is Steve. And now we’ve added a couple extra parameters. We’ve got semicolon to end the value. We’ve added this domain parameter. And this is what domain this cookie is relevant to. So in this case, it is relevant to www.reddit.com and this is the path that it’s relevant to. So the path is easier to explain. basically, you can put whatever you want here and then, in this case, this is the default path. If you don’t specify a path we just assume you mean slash. And this is actually the most common use case of cookies. You the cookie applies to all of the paths. But if you want to restrict the cookie to a particular path, you can specify that path here and the browser will make sure that the path you’re requesting starts with this value before it sends the cookie. So the domain is much more interesting and much more complex. And let’s, let’s talk about this a little bit so this means that basically, this cookie will not get sent by the browser to the server unless the server’s domain is www.reddit.com or basically, ends with www.reddit.com. So, domains that this work for are, for example, www.reddit.com foo.www.reddit.com. Domains that, that will not receive this cookie, would be for example just reddit.com without the ww, or bar.reddit.com because this cookie was restricted to www, so basically, the, the site you’re at has to begin, or I mean sorry end with www.reddit.com. You can’t set cookies to just .com, you have to have at least two periods. So the minimum domain you can set a cookie for is .reddit.com. If you try to set for just reddit.com, the, that first period will automatically get added. That controls, the domain controls which domain a browser will send the cookie to. What about, you know, can, can I have can I have a web server at reddit.com that sets a cookie for google.com? The answer is, no. Similar to how the domain parameter restricts which domains a browser will send a cookie to, the domain who’s serving the request, the, the, basically the domain of the web server, that, of, of the webpage, you may only set a cookie to that domain or higher. So if we’re at www.reddit.com the browser will only accept cookies for by default, www.reddit.com if there’s no, no domain parameter. If there is a domain parameter, the only valid domains are www.reddit.com or reddit.com. We can’t set a cookie for bar.reddit.com or foo.reddit.com. And, and this is to prevent you know, if you have multiple websites, kind of sharing the same top-level domain, you know, halfspot.com for example, you know, you don’t, I, I can’t see a cookie on, in my app that affects the behavior of your app. I can only set a cookie that get sent with www and with the top level. That’s how the domain restrictions work. Let’s have a little quiz.

3 Comments

Leave a Reply

Your email address will not be published. Required fields are marked *