We have several web applications across multiple subdomains, app1.company.com, app2.company.com.. Additionally, we have multiple environments, prod, staging, dev1, dev2
Each environment has all of it's services use -ENV at the end of the app name to distinguish it from the others. For example
- app1.company.com
- app2.company.com
- app1-staging.company.com
- app2-staging.company.com
- app1-dev1.company.com
- app2-dev1.company.com
This would not be an issue except that we want to start sharing cookies from within an environment. This would mean that cookies would have to have their domain set to .company.com. Which would break our sandboxing. The alternative would be to prefix the environment to cookie names, but that also seems like a kludge, and doesn't provide real security.
So the question is how do people set up their prod, staging and dev environments so that cookies are sandboxed from each other.