Cookies and subdomains

20
votes

Can a cookie be shared between two sites on the same top level domain? Say www.example.com and secure.example.com ? We are looking into implementing a cache for non-secure content, and need to segregate secure content to another domain. What parameters does the cookie need? I'm using asp.net

3
asp.netcookies
Note: This can cause bugs or security issues depending on the cookie content. More info hereChristopher Jon Mankowski

3 Answers

23
votes

Yes, you can. Use:

Response.Cookies("UID").Domain = ".myserver.com"
5
votes

The easiest way to apply a cookie domain that can be shared across subdomains is to put it in your web.config:

<forms cookieDomain="example.com">
1
votes

Yes, but beware don't set same-named cookies in various subdomains, as the resulting cookie appears to be random; instead, set one cookie in the .maindomain.com only (not in any .sub.domain.com)