Sub domain cookie security

Question

Very simple question here. Knowing about cross domain cookie security, does the same apply to sub domains?

EG. Should I be able to read a cookie set on some.abc123.com from the sub domain of www.abc123.com?

score 5 · Accepted Answer · answered Nov 19 '12 at 13:59

5

Cookie domains are suffix matching, so cookies of www.abc123.com will not be sent on the site of some.abc123.com and visa versa.

To have cookies be sent on both domains you should use .abc123.com as the domain.

answered Nov 19 '12 at 13:59

Ja͢ck

score 1 · Answer 2 · edited May 23 '17 at 11:58

1

As an alternative set a cookie at the abc123.com level then set and read cookies from there.

edited May 23 '17 at 11:58

Community

answered Nov 19 '12 at 13:56

James

2 Answers2