Session cookies lack the ability to set the domain

Question

Session cookies lack the ability to set the domain

Opened this issue 11 years ago · 3 comments

The site I'm working on makes use of subdomains. We would like to allow our users to login once and have that session persist across all subdomains in addition to the primary domain. Currently, session cookies are set for the domain that was used when the session was started.

Answer 1 · 2014-02-08T00:05:44.000Z

I am not even sure if what you suggest is possible. Can a cookie have more than one domain? I've never had to do it that way, so I'm not sure. You typically end up playing some iframe tricks to achieve that kind of cross-domain integration...

Answer 2 · 2014-02-10T14:28:33.000Z

You just set the cookie's domain to .example.com and it will be sent to all subdomains of example.com.

Answer 3 · 2015-06-04T15:26:18.000Z

@amontague is absolutely right here. rfc6265