I have a question about cookies relationship between base domain (base.com) and subdomain (sub.base.com).
I have just faced with a problem that I can't add a cookie to base domain if I already have a cookie with the same name for any of subdomains of this base domain if a cookie which has been set for subdomain is only for secure connection (https) and a cookie which I want to set for base domain is for non-secure connection (http).
Let me show an example for you. It's hard to explain.
- We have a base non-secure (http) domain with the hostname: base.com.
- Also, we have a secured (https) subdomain with the hostname: sub.base.com.
- We have set a secured cookie with the name 'test' and a value 'qwe' to sub.base.com from sub.base.com host.
- We have tried to set a non-secured cookie with the same name (test) and a value 'zxc' to our base domain (base.com) from base.com.
Expectations:
Two different cookies. The first to sub.base.com with a value 'qwe'. The second to (.)base.com with a value 'zxc'.
Reality:
One cookie for sub.base.com with a value 'qwe'.
So, seems like we can't set a new non-secure cookie for a base domain if the name of a cookie we try to set will be equal to any name of secured cookies from subdomains.
I have tried to search something via google and I have read sections about cookies at RFC6265 but found nothing.
Is it works fine or it's a bug?
I hope someone has any info about this. Thanks.
Aucun commentaire:
Enregistrer un commentaire