AWS documentation has explained how to sign the cookie and set the cookie.
- sign the cookie use the private key
- set cookie
- the browser of the user carries the cookie and tries to download the file.
- CloudFront validates the cookie and responds to the request.
I have gone through several related questions.
- Stackoverflow: Setting Cookies for CloudFront
- Stackoverflow: share cookie between subdomain and domain
Due to security, it seems not possible to share cookies between different subdomains.
Take this real-world scenario as an example:
- Web application's domain
www.example.com
- AWS CloudFront distribution
file.example.com
How does www.example.com
(web application) set a signed cookie for file.example.com
(CloudFront)?