What does the dot prefix in the cookie domain mean?

by

The leading dot means that the cookie is valid for subdomains as well; nevertheless recent HTTP specifications (RFC 6265) changed this rule so modern browsers should not care about the leading dot. The dot may be needed by old browser implementing the deprecated RFC 2109.

RFC 6265 section 4.1.2.3

For example, if the value of the Domain attribute is “example.com”, the user agent will include the cookie in the Cookie header when making HTTP requests to example.com, www.example.com, and www.corp.example.com. (Note that a leading %x2E (“.”), if present, is ignored even though that character is not permitted, but a trailing %x2E (“.”), if present, will cause the user agent to ignore the attribute.)

More Related Contents:

  1. Cross-Domain Cookies
  2. Cookies on localhost with explicit domain
  3. What are allowed characters in cookies?
  4. Fetch API with Cookie
  5. Clear cookies on browser close
  6. Safari doesn’t set Cookie but IE / FF does
  7. Setting a cookie using JavaFX’s WebEngine/WebView
  8. How does Facebook set cross-domain cookies for iFrames on canvas pages?
  9. Why won’t asp.net create cookies in localhost?
  10. What is the maximum size of a cookie, and how many can be stored in a browser for each web site?
  11. How cookies work?
  12. Can two different browser share one cookie?
  13. Send cookies with curl
  14. IE8 losing session cookies in popup windows
  15. how to disable cookies using webdriver for Chrome and FireFox JAVA
  16. Cookie path and its accessibility to subfolder pages
  17. Same-Site flag for session cookie in Spring Security
  18. How do I access HttpContext in Server-side Blazor?
  19. Does every web request send the browser cookies?
  20. Sending cookies with postman
  21. How to add a cookie to the cookiejar in python requests library
  22. Yahoo Finance Historical data downloader url is not working
  23. When does a cookie with expiration time ‘At end of session’ expire?
  24. How to handle expired access token in asp.net core using refresh token with OpenId Connect
  25. Clearing all cookies with JavaScript
  26. Automatic cookie handling with OkHttp 3
  27. Javascript Cookie with no expiration date
  28. Why are cookies unrecognized when a link is clicked from an external source (i.e. Excel, Word, etc…)
  29. Where does Chrome store cookies?
  30. Should JWT be stored in localStorage or cookie? [duplicate]

Leave a Comment