I'm looking to implement a straightforward method to check if a given cookie domain domain-matches a given hostname.
To do this I will be implementing the domain matching conditions defined in section 5.1.3 of RFC 6265.
The second of the two matching conditions defined is a multipart condition where three sub-conditions apply:
All of the following conditions hold:
- The domain string is a suffix of the string.
- The last character of the string that is not included in the domain string is a %x2E (".") character.
- The string is a host name (i.e., not an IP address).
For clarity, when the above quoted text refers to "the string" it is referring to the domain value of a cookie and when the above quoted text refers to "the domain name" it is referring to the domain name of a host to which cookies might be sent.
Of these three sub-conditions, the first and third are quite clear. It is the wording of the second that I am finding confusing.
I do know that a cookie domain of "example.com" matches only "example.com" and a cookie domain of ".example.com" matches "<anything>.example.com". My best guess is that above second sub-condition if referring to this broad subdomain matching concept, however given the wording I can't be sure.
Is anyone able to translate this second sub-condition into plain technical English?