Setting cookie from subdomain to another subdomain
Question
So I have the following URL structure for a project.
- development.project.com hosts a brochure website
- api.development.project.com hosts an API service
- cms.development.project.com hosts a CMS
Now when I make a login request from cms.development.project.com to api.development.project.com, and return a cookie with Domain set to .project.com, the cookie is rejected by browser for invalid domain. The same happens when setting .development.project.com
Note: I read that the loading dot wildcard (.) in the domain of the cookie is deprecated and actually ignored by modern browsers. I tried with and without, with the same result.
The cookie has other properties: httponly, secure and SameSite None.
Why is the cookie rejected when both projects are under the same main domain (project.com) and the same 1st level subdomain (development.project.com)? How can make api.development.project.com set cookies for cms.development.project.com?
1 answers
solution1
0 ACCPTED 2021-11-16 09:30:22
The cookie wasn't actually rejected. It was just the browser saying that the cookie is rejected for the direct domain. But sending calls from other subdomains to the API subdomain did actually included the wanted cookie.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.