Is it possible to delete cookie in http://domain.com from subdomain http://subdomain.domain.com
You can delete it if the cookie have been set from the domain, or the same subdomain.
When you make a cookie one of the parametres are the domain
Response.Cookies["nameof"].Domain
If you not set that parameter, then is get the domain that read from url.
If this parameter is with out subdomain domain.com then the cookie can be acceded from all subdomains.
If this parameter have subdomain, eg www.domain.com then can be acceded only from that one.
Related
I added CNAME for my.example.com and it works well, problem is with www.my.example.com.
I tried to create another CNAME record for www.my.example.com pointing to firebase, but there is SSL Certification Warning.
How can I redirect www subdomain to non www? Thanks.
According to Firebase hosting docs what you're trying to do won't work.
Subdomain depth: Subdomains of up to one level of depth are supported.
Deeper subdomains, like my.app.example.com, are not allowed.
You could potentially do the redirect through another provider. Some DNS providers for example will do redirects for subdomains.
If I store a cookie or set a session associated with http://mydomain.com, the same cookie or session will not be picked up on http://www.mydomain.com. I am putting down http://mydomain.com as my default URL.
Will Google Analytics track both the www and non-www domains as one in this case?
If you set your own cookie with a domain of "mydomain.com", then it will only be visible on that domain (no subdomains). If you set your own cookie as ".mydomain.com" (prefix it with a dot), then it will be visible "mydomain.com" and any subdomain of mydomain.com.
GA by default sets its cookie on the exact domain, so if you are on "www.mydomain.com" then it will set it for "www.mydomain.com" and it will not be visible on "mydomain.com" or some other subdomain. If however you specify to GA to use "mydomain.com" then it will be available on any subdomain. Note the lack of dot, which is not consistent with how you would normally set a cookie domain with your own code. This is because GA automatically prefixes a dot to it, within their own code.
For more info, refer to their document entry on Tracking Multiple Domains
Under domain cookie in question I mean cookie with domain like .domain.com.
I can read this cookie from any subdomain, but can I sett this cookie with new value from domain example.domain.com?
Suppose I have a cookie that is set for .domain.com, and my subdomain is sub.domain.com. Can I delete cookies that are set for the main domain? I know it is possible to read them, but is it possible to delete these cookies, or overwrite their values?
Yes, a subdomain can set/expire a cookie for the main domain, but the main domain cannot set/expire a cookie for a subdomain. See RFC 6265 Sections 5.1.3, 5.3 (see point #6), and 8.6. Section 8.6 in particular describes how a subdomain can set a cookie for the main domain and have it affect a sibling subdomain.
when I create a cookie for a domain, is it possible for me to set that this domain should be on both the www and non www domain?
I check for a cookie, and if not present I rediret to login page (its not a super secure thing). it seems when the user has a cookie, if the url changes to www. it gets redirected to login again.
When you drop the cookie specify .mydomain.com - note the leading period. That should work for both the root domain and the www subdomain.
#electronherders' solution works, but you should also consider canonicalising either the www or the no-www domain. Redirect visitors from one to the other, so there's only one correct URL for your site.