: Setting cookies only on the naked domain As far as I know, one can set a cookie for example.com and not .example.com and then the cookie will only be visible on example.com and not sub.example.com.

@Gloria169

In response to the Yahoo Developer page, they are talking about you serving content on your site from example.com, but explicitly setting the domain of the cookie - in which case you have to set the cookie as either .example.com or .www.example.com.

When you set a cookie, you have two options:


Do not specify the domain name - in which case the cookie will default to the "Request-Host" (without a dot at the beginning) - in your case example.com or example.com (note the embedded dot).
Specify a URL, in which case you fall under the rule "An explicitly specified domain must always start with a dot."


What the Yahoo page is stating is that if you've already issued cookies to .example.com then those cookies will also be sent to subdomain.example.com as well, so if you want to serve your static content on a "cookieless domain" you'd have to use a different URL.

Vote Up Vote Down

@Eichhorn148

The cookie specification indicates that you are correct:


A is a FQDN string and has the form NB, where N is a non-empty name
string, B has the form .B', and B' is a FQDN string. (So, x.y.com
domain-matches .y.com but not y.com.)


Even if you do use example.com for your site, you still probably want to set some cookies to *.example.com so that they can also be read on a subdomain like blog.example.com.

Vote Up Vote Down