0

I'm working with a third party website that has two subdomains. One for staging and one for production. Let's take site1.example.tld and site2.example.tld. when logging in to site1.example.tld The website set's the authentication cookies on the example.tld domain making them accessible to both subdomains. When going to site2.example.tld it will realize that the cookies are invalid, remove them, and force a login. Yes, this is a misconfiguration on their side but there isn't much I can do about that for now.

I recently learned about the Public Suffix List and how browsers use it. Adding example.tld as an eTLD to that list would allow me to force the browser to treat the two subdomains as separate domains and allow me to stay logged on both origins.

Is there a way to edit/override/append to that list locally in chrome or chromium based browsers?

nezu
  • 318
  • 3
  • 11
  • Not sure if that info is stored in any easily accessible way, so that you could modify it without compiling the source code again yourself. (If this _was_ easy to manipulate, then I guess there would be some abuse potential by talking naive users into making certain changes ...) I think I would probably just visit the staging system in a private browser window here, to that it doesn't interfere with the cookies set in the non-private window where you are working with the prod system .. – CBroe Jun 06 '23 at 13:25

0 Answers0