sessionStorage with document.domain

Question

According to the spec, I should be able to set the document.domain to my root domain and thus have subdomains share sessionStorage. But I can't seem to get that to work. Is that no longer allowed? https://html.spec.whatwg.org/multipage/browsers.html#relaxing-the-same-origin-restriction

// set the document domain to the top level
let hostParts = location.hostname.split('.').reverse();
if (hostParts.length > 1)
    document.domain = `${hostParts[1]}.${hostParts[0]}`;

this.sessionId = window.sessionStorage.getItem('hplrSn');
if (!this.sessionId) this.sessionId = generateId();

The above code will generate a new Id for both site1.dn.domain.com and site2.dn.domain.com

I think you have missed a dot at the beginning, i.e. `document.domain = .${hostParts[1]}.${hostParts[0]}` so it's set to `.domain.com` (I'm not sure it will work, but it fullfills the "prefixed by a U+002E FULL STOP (.)" requirement). — pawel, Mar 18 '17 at 21:44
@pawel it tells me that `.domain.com` is not a suffix of `site1.dn.domain.com` :( — Digant C Kasundra, Mar 18 '17 at 21:56

score 0 · Answer 1 · edited Jun 20 '20 at 09:12

0

Check this question: In HTML5, is the localStorage object isolated per page/domain?

It work for page www.a.com/page1 and www.a.com/page2, but not for your use case: sessionstorage for www.a.a.com and www.b.a.com is not shared.

You should try Cookie

edited Jun 20 '20 at 09:12

Community

1
1

answered Mar 18 '17 at 21:38

Matej Marconak

1,275
3
19
23

1

Even that page talks about `relaxing` the rule with the use of `document.domain` but I can't get that to work at all. Maybe I should try `Cookie` but I really want to isolate it to the lifetime of the window/tab, not the browser (so if you have two windows open, they should get their own ID) – Digant C Kasundra Mar 18 '17 at 21:44

sessionStorage with document.domain

1 Answers1