You signed in with another tab or window. Reload to refresh your session.You signed out in another tab or window. Reload to refresh your session.You switched accounts on another tab or window. Reload to refresh your session.Dismiss alert
What specific section or headline is this issue about?
Domain attribute
What information was incorrect, unhelpful, or incomplete?
Contrary to earlier specifications, leading dots in domain names (.example.com) are ignored.
Despite the specification in RFC 6265, in our testing, it appears that current browsers (Chrome, Firefox, Safari) actually need the leading dot to make cookies from subdomains work in parent domains.
What did you expect to see?
Cookies should be accessible across domains sharing a common suffix even when the Domain attribute does not specify a leading dot (as in Domain = example.com).
Do you have any supporting links, references, or citations?
Hi,
I've seen also this issue with most modern Browsers.
But it seems that browsers have a lot stuff not being compliant with RFC 6265. Here Ivan Nikulin
covers a lot of problems.
I think in the MDN documentation should not state (as a fact) that cookies behave in this way. Also can be seen here in which states "if you set Domain=mozilla.org, cookies are available on mozilla.org and its subdomains like developer.mozilla.org." which in most cases is not true, and should be set to domain=.mozilla.org to be available to subdomains.
Josh-Cena
added
help wanted
If you know something about this topic, we would love your help!
and removed
needs triage
Triage needed by staff and/or partners. Automatically applied when an issue is opened.
labels
Jun 20, 2024
MDN URL
https://developer.mozilla.org/en-US/docs/Web/HTTP/Headers/Set-Cookie
What specific section or headline is this issue about?
Domain
attributeWhat information was incorrect, unhelpful, or incomplete?
Despite the specification in RFC 6265, in our testing, it appears that current browsers (Chrome, Firefox, Safari) actually need the leading dot to make cookies from subdomains work in parent domains.
What did you expect to see?
Cookies should be accessible across domains sharing a common suffix even when the
Domain
attribute does not specify a leading dot (as inDomain = example.com
).Do you have any supporting links, references, or citations?
No response
Do you have anything more you want to share?
No response
MDN metadata
Page report details
en-us/web/http/headers/set-cookie
The text was updated successfully, but these errors were encountered: