Skip to content

Navigation Menu

Sign in
Appearance settings

Search code, repositories, users, issues, pull requests...

Provide feedback

We read every piece of feedback, and take your input very seriously.

Saved searches

Use saved searches to filter your results more quickly
Sign up
Appearance settings

Commit 0cd40ae

Browse files
authored
Merge pull request #2564 from joaquinelio/patch-10
domain cookie option
2 parents 25d51b1 + ad0df99 commit 0cd40ae

File tree

1 file changed

+6
-6
lines changed

1 file changed

+6
-6
lines changed

‎6-data-storage/01-cookie/article.md‎

Lines changed: 6 additions & 6 deletions
Original file line numberDiff line numberDiff line change
@@ -96,9 +96,13 @@ Usually, we should set `path` to the root: `path=/` to make the cookie accessibl
9696

9797
A domain defines where the cookie is accessible. In practice though, there are limitations. We can't set any domain.
9898

99-
By default, a cookie is accessible only at the domain that set it. So, if the cookie was set by `site.com`, we won't get it at `other.com`.
99+
**There's no way to let a cookie be accessible from another 2nd-level domain, so `other.com` will never receive a cookie set at `site.com`.**
100+
101+
It's a safety restriction, to allow us to store sensitive data in cookies that should be available only on one site.
102+
103+
By default, a cookie is accessible only at the domain that set it.
100104

101-
...But what's more tricky, we also won't get the cookie at a subdomain `forum.site.com`!
105+
...What's tricky, we won't get the cookie at a subdomain `forum.site.com`!
102106

103107
```js
104108
// at site.com
@@ -108,10 +112,6 @@ document.cookie = "user=John"
108112
alert(document.cookie); // no user
109113
```
110114

111-
**There's no way to let a cookie be accessible from another 2nd-level domain, so `other.com` will never receive a cookie set at `site.com`.**
112-
113-
It's a safety restriction, to allow us to store sensitive data in cookies, that should be available only on one site.
114-
115115
...But if we'd like to allow subdomains like `forum.site.com` to get a cookie, that's possible. When setting a cookie at `site.com`, we should explicitly set the `domain` option to the root domain: `domain=site.com`:
116116

117117
```js

0 commit comments

Comments
(0)

AltStyle によって変換されたページ (->オリジナル) /