Using appspot.com as a partial domain cookie

Question

I'm baffled over a recent problem I'm having with use of a partial domain name cookies. I'm using partial domain cookies in my app to manage a single sign-on scenario. Everything was working fine until I happened to try it with the Google App Engine domain appspot.com.

Try as I may, I could not get the browser to accept appspot.com as a partial domain cookie. Here is the HTTP response header I am sending:

foo=bar;Path=/;Domain=.appspot.com

If my app is at http://my.appspot.com the browser ignores the set cookie. I can do this with other domains (e.g. google.com) and all is well (I am using my hosts file to direct the browser to my mac). It fails when I run it locally, on App Engine, or anywhere else.

I can't think of any reason this domain name would be special. Does anyone have any ideas?

Answer 1

I believe this might answer your question.

To quote:

I tested. It is not possible for a page of child domain to create a cookie for parent domain. Hence this issue dont exist.

Further clarification that might help; according to this Google Groups thread:

It appears that I cannot set a cookie with domain=.appspot.com

When I do that, it doesn't show up in the list of cookies. I can set a cookie in a sub-domain of .appspot.com (domain=foo.appspot.com) but not on appspot.com itself.

And Jon McAlister's reply:

It's because appspot.com was added to the public suffix list of domains that modern browsers should not allow cookies to be set for: see here