Home / Cookies and domains

Cookies and domains

A little while back I posted how to set cookies with jQuery and was asked about the domain setting and how setting the domain affects sub domains. This post explains how cookies and domains work, and covers some tests I did to check my assumptions were correct.

Setting the domain with jQuery

This example shows how to set a cookie using jQuery whose name is “the_cookie”, has a value of “the_value”, will be set for the domain “www.example.com” at the root path:

$.cookie('the_cookie', 'the_value', { path: '/', domain: 'www.example.com' });

Setting the domain with PHP

Here’s the same example, but doing it on the server-side using PHP:

setcookie('the_cookie', 'the_value', 0, '/', 'www.example.com');

Example domain and subdomains

The example domains and subdomains I will use in this post are as follows:

  • example.com
  • www.example.com
  • images.example.com

Domain = example.com, set cookie domain as example.com

Example URL: http://example.com/cookie.php

jQuery Example:

$.cookie('the_cookie', 'the_value', { path: '/', domain: 'example.com' });

PHP Example:

setcookie('the_cookie', 'the_value', 0, '/', 'example.com');

If the domain the page is on is at example.com, and the cookie domain is set as example.com then the cookie will be accessible at that domain and also at all subdomains. So it can be accessed (and modified) at www.example.com and images.example.com as well.

Domain = www.example.com, set cookie domain as example.com

Example URL: http://www.example.com/cookie.php

jQuery Example:

$.cookie('the_cookie', 'the_value', { path: '/', domain: 'example.com' });

PHP Example:

setcookie('the_cookie', 'the_value', 0, '/', 'example.com');

www.example.com is a subdomain of example.com and it is possible to set the cookie domain as example.com. When this is done, it is also possible to access this cookie at example.com and all subdomains. So a cookie set in this way at www.example.com can be used at www.example.com, example.com and images.example.com

Domain = www.example.com, set cookie domain as www.example.com

Example URL: http://www.example.com/cookie.php

jQuery Example:

$.cookie('the_cookie', 'the_value', { path: '/', domain: 'www.example.com' });

PHP Example:

setcookie('the_cookie', 'the_value', 0, '/', 'www.example.com');

This is effectively the same as the first example where the domain and cookie domain were both example.com. The cookie will be accessible at www.example.com and all subdomains if there are any. The difference in this instance is that it is not accessible at example.com

Domain = example.com, set cookie domain as www.example.com

Example URL: http://example.com/cookie.php

jQuery Example:

$.cookie('the_cookie', 'the_value', { path: '/', domain: 'www.example.com' });

PHP Example:

setcookie('the_cookie', 'the_value', 0, '/', 'www.example.com');

This will not work and the cookie will not be set.

What happens if no domain is specified

If the domain is not specified then the current domain is used as the default. There is a difference between Internet Explorer (I only tested this in IE8 but expect it will be the same for all versions) and all the other browsers.

In Internet Explorer, if the domain is not specified, the cookie will be accessible on the domain and all subdomains.

For all other browsers (at least the ones I tested, current versions of Firefox, Chrome, Opera, Safari) the cookie will only be accessible on the domain on which it is set. Even if it’s set on a page at example.com (and it’s not set explicitly in the setting of the cookie) then it will be available at example.com only and not the subdomains e.,g. www.example.com and images.example.com.