2

Can anybody give me a further explanation about the isDomain property of the nsICookie interface?

nmaier
  • 32,336
  • 5
  • 63
  • 78
user2102196
  • 99
  • 1
  • 7

1 Answers1

2

If .isDomain is true, the cookie is to be used for the whole domain (host + all subdomains), otherwise it is only to be used for a specific host.

When setting the cookie and specifying a domain= value with a leading ., the cookie becomes a domain cookie. See the document.cookie documentation.

E.g.

  • domain=.example.org will be a domain cookie (.isDomain == true) and will be used for example.org and all sub-domains, such as www.example.org.
  • domain=example.org will not be a domain cookie (.isDomain == false) and will only be used for example.org, but not for subdomains.
  • domain=www.example.org will not be a domain cookie (.isDomain == false) and will only be used for www.example.org, but not for subdomains.

It is implemented simply as:

inline bool IsDomain() const { return /* const char* */ *mHost == '.'; }

meaning: Return true if the first char of the string is a ., else return false.

nmaier
  • 32,336
  • 5
  • 63
  • 78
  • So if a cookie domain is .google.com, this cookie can be used for accounts.google.com, right? – user2102196 Sep 05 '13 at 13:35
  • Yep, such a cookie is a domain cookie and should be transmitted to all google.com domains incl. accounts.google.com. Of course, there are other restrictions in place as well that need to be followed, such as same origin policy stuff when creating and selecting cookies. Read the RFC 2965 if in doubt. – nmaier Sep 05 '13 at 13:40