I'm not sure so please explaine me if you know. I have problem with domain in Cookies.
According to the newewst rfc 6265 document it doesn't matter if domain in cookie starting with 'dot' or not.
For example:
Set-Cookie: example.com means the same as .example.com and it's valid for all subdomains like something.example.com and of course example.com .
So I have a question. How about "www"... If client have cookie setting to www.example.com -> client shouldn't send cookie for "example.com"??? But should send to: www.example.com???
Or maybe "www." is ignored too?
Could you explain me that? I can't find the answer.
Thank you.
No, there's nothing special about www; it works the same as any other subdomain. www.example.com is different to example.com as far as cookies are concerned. Regardless of your opinion, that is the fact. www as a subdomain is not special.
This is an important point, and does catch a lot of beginners out, particularly when they write links in their sites with the full domain name. If you navigate from www.example.com/index.html to example.com/nextpage.html, your cookies may not be visible on the second page if the cookies were created on the index page in the www subdomain.
You say you've already read the RFC, but you might find that this answer gives a little more clarification on it.
Hope that helps.
Related
I have set (I use PHP) my cookies' domain to be www.example.com - but will those cookies be sent back to the static.www.example.com? From what I've read already the answer is a depressing 'yes'.
The reason is that I'm trying to implement a static subdomain for CSS/images without resorting to buying an entire new domain (eg www.example-static.com)
From what I've read already the answer is a depressing 'yes'.
That's correct. If you set the cookie domain to www.example.com it will be sent to *.www.example.com.
Using static-www.example.com would work as expected and the cookie will not be sent to this subdomain.
When I was doing some web design, I found one interesting thing.
When I type
http://example.com/xxx/xxx
it always asks me for credentials. However, when I use
http://www.example.com/xxx/xxx
it logs me in directly! I know there is something with the cookie.
But what I really want to know is:
What is the difference between http://example.com and http://www.example.com?
Do tell me it is the browser automatically adding "www" to the url.
Thanks,
: )
www is a subdomain like any other (e.g. http://math.stackexchange.com/). It's just a convention to have it point to the same place as the main domain. This answer has some good points about why you would use www.
Please bear with me because I am not very familiar how akamai works.
I am having issues with redirection. We are redirecting links domain.com/a/b to domain.com/c/d. However, akamai does not respect domain.com and the 301 goes to the original server. To illustrate:
http://akamai.ex.example.com/a/b
Redirects to
http://original.ex.example.com/b/c
When it is supposed to redirect to
http://akamai.ex.example.com/a/b
What is going on and how can this be resolved?
I can't tell why, but I can tell you how to work around it:
Path-absolute (or host-relative?) redirect URLs of the form "/b/c" completely bypass the issue, and will make the browser go to the same host (and port, and protocol.)
(There's a typo in the RFC, relative URIs are allowed in the Location header, all browers support it anyway: http://trac.tools.ietf.org/wg/httpbis/trac/ticket/185)
I am explicitly setting a cookie domain so it is shared between the domain and a sub domain. Think mysite.com and payment.mysite.com. Sometimes I get two session cookies when I only have one specified. When looking in firefox the domains on the cookies are different, one is "mysite.com" and the other is ".mysite.com" how does this happen? I am setting the domain to mysite.com but it is trimmed from one.
I am using asp.net.
Thanks
It depens what you specify as a domain in setcookie function. Please take a look at the description in here http://php.net/setcookie.
I simply cannot believe this is quite so hard to determine.
Even having read the RFCs, it's not clear to me if a server at subdomain.example.com can set a cookie that can be read by example.com.
subdomain.example.com can set a cookie whose Domain attribute is .example.com. RFC 2965 seems to explicitly state that such a cookie will not be sent to example.com, but then equally says that if you set Domain=example.com, a dot is prepended, as if you said .example.com. Taken together, this seems to say that if example.com returns sets a cookie with Domain=example.com, it doesn't get that cookie back! That can't be right.
Can anyone clarify what the rules really are?
Yes.
If you make sure to specify that the domain is .example.com, then *.example.com and example.com can access it.
It's that principle that allows websites that issue cookies when somebody goes to www.website.com to access cookies when someone leaves off the www, going to website.com.
EDIT: From the PHP documentation about cookies:
domain The domain that the cookie is
available. To make the cookie
available on all subdomains of
example.com then you'd set it to
'.example.com'. The . is not required
but makes it compatible with more
browsers. Setting it to
www.example.com will make the cookie
only available in the www subdomain.
Refer to tail matching in the ยป spec
for details.
http://php.net/manual/en/function.setcookie.php
And it's not unique to PHP.