A cookie without a domain?

About

Asked 3/2, 2012 at 18:32 Answered 13/5, 2013 at 9:20

Solved cookies setcookie httpcookie

Is it possible to set a cookie without a domain?

This will mean all domains will have access to it.

Ferrel answered 3/2, 2012 at 18:32 Comment(1)

What underlying problem are you trying to solve? – Sasser 3/2, 2012 at 18:47

No, that is not possible. If a cookie doesn't declare a domain, the browser will assume the domain of the object requested.

What you're asking for is generally considered a security, or at least privacy, risk. It's possible to configure browsers to allow access to cookies from other than the domain that they were created, but browsers aren't commonly configured that way.

Sasser answered 3/2, 2012 at 18:47 Comment(8)

Thanks for your answer. Follow up question, is possible to set cookie on domain but specify that another domain has access to it? – Ferrel 3/2, 2012 at 18:51

@jamjam, no, it isn't. The normal way of dealing with this restriction is to place all applications that need access to the same cookie in the same domain. – Sasser 3/2, 2012 at 18:54

not all browsers will assume domain if a cookie doesn't declare a domain. – Stigmasterol 1/8, 2012 at 0:47

see here.. FireFox 13 can also control whether domain is assumed when cookie doesn't declare one. – Stigmasterol 1/8, 2012 at 3:32

I don't see where the question you reference makes that point, @Frank. I'd be interested in a reference for the Firefox 13 setting. – Sasser 1/8, 2012 at 3:35

RFC2109The host or domain for which the cookie is set. presence of a leading dot indicates a domain cookie; otherwise, the cookie is treated as a non-domain cookie. See RFC2109 for details. The host string will be normalized to ASCII or ACE; any trailing dot will be stripped. To be a domain cookie, the host must have at least two subdomain parts (e.g. '.foo.com', not '.com'), otherwise an exception will be thrown. An empty string is acceptable (e.g. file:// URI's). – Stigmasterol 1/8, 2012 at 3:55

Yes, that is a quote from RFC2109, @Frank, and that RFC is discussed in the article I link to. How does that quote support your point? – Sasser 1/8, 2012 at 3:58

Plenty of homebrew scripts here that can override the default. You can use a fireFox add-on called Greasemonkey to run them! – Stigmasterol 1/8, 2012 at 4:28

RFC 2109 tells this parameter is optional. But depending on the browser, behavior may be different.

Molt answered 13/5, 2013 at 9:20 Comment(0)

Hot tags

Godot Unity Godot Help Programming Godot 4.X GUI GDScript 3D 2D Physics CSharp Godot 3.X VR XR Projects C++

Recommended topics

Hot tags