http-client icon indicating copy to clipboard operation
http-client copied to clipboard

Published 20 hours ago verified publisher icon snoyberg

Cookies for subdomains

Open uzhas-sovka opened this issue 4 years ago • 2 comments

Let's, for example, set cookie for site.com:

Cookie {cookie_name = "some_name", cookie_value = "some_value", cookie_domain = "site.com"}

This cookie is sent successful when I send request to site.com. It is not sent to test.site.com.

Now let's add dot to cookie_domain

Cookie {cookie_name = "some_name", cookie_value = "some_value", cookie_domain = ".site.com"}

Now it's not sent neither to site.com nor to test.site.com.

Is this expected behavior?

uzhas-sovka avatar May 24 '20 05:05 uzhas-sovka

Looking at this StackOverflow answer, it looks like RFC 6265 is currently accepted for cookie handling with subdomains. According to that SO answer:

In summary, if you set a cookie like the second example above from mydomain.com, it would be accessible by subdomain.mydomain.com, and vice versa. This can also be used to allow sub1.mydomain.com and sub2.mydomain.com to share cookies.

I'd be open to a PR that brings http-client in line with RFC 6265.

snoyberg avatar May 24 '20 10:05 snoyberg

I saw SO answer and thought I might be doing something wrong with http-client. Finally I stepped back to list all domains explicitly

Cookie {cookie_name = "some_name", cookie_value = "some_value", cookie_domain = "first.site.com"}
Cookie {cookie_name = "some_name", cookie_value = "some_value", cookie_domain = "second.site.com"}
Cookie {cookie_name = "some_name", cookie_value = "some_value", cookie_domain = "third.site.com"}

uzhas-sovka avatar May 24 '20 12:05 uzhas-sovka