I use the Cookies class of GWT to generate cookies.
When I use the following
Cookies.setCookie(LOGIN_COOKIE_NAME, value, expires);
everything works fine. Checking the cookie in the browser leads to mydomay as it should.
But, when I use the following:
String path = "/"
String domain = "mydomain"
Cookies.setCookie(LOGIN_COOKIE_NAME, value, expires, domain, path, secure);
I can see a dot before the domain when I check it in my browser:
.mydomain
Where does the dot comes from?
It turns out that Cookies.removeCookie(LOGIN_COOKIE_NAME) does not work for me if .mydomain is given. Why is it not possible to delete this cookie when there is a dot in front?
I use the Cookies class of GWT to generate cookies.
When I use the following
Cookies.setCookie(LOGIN_COOKIE_NAME, value, expires);
everything works fine. Checking the cookie in the browser leads to mydomay.com as it should.
But, when I use the following:
String path = "/"
String domain = "mydomain.com"
Cookies.setCookie(LOGIN_COOKIE_NAME, value, expires, domain, path, secure);
I can see a dot before the domain when I check it in my browser:
.mydomain.com
Where does the dot comes from?
It turns out that Cookies.removeCookie(LOGIN_COOKIE_NAME) does not work for me if .mydomain.com is given. Why is it not possible to delete this cookie when there is a dot in front?
Share Improve this question edited Feb 12, 2014 at 14:21 Michael asked Dec 13, 2013 at 15:45 MichaelMichael 33.3k50 gold badges223 silver badges374 bronze badges4 Answers
Reset to default 11The dot means that the cookie also holds for any subdomain to mydomain.com, such as example.mydomain.com. Think of it as *.mydomain.com where * is a wildcard.
You can find a highly similar question here: What is the cookie dot rule?
You have to set the expire date to now such that the cookie expires imidiately.
Cookies.setCookie(COOKIE_NAME, "", new Date(), domain, path, false);
If you passed a domain when it was created then, when you clear a cookie, you need to pass the same domain (e.g. How do you remove a Cookie in a Java Servlet?); however, there's no API here to allow that.
This sounds a lot like a bug reported as RFE: Provide a Cookies.removeCookie(name, domain, path) method:
A cookie is set on the server for a given URL and the domain name and path are explicitly set on the cookie as part of the returned result. Cookies.remove(name) and Cookies.remove(name, path) will not remove the cookie on FF3.0.14. (The path based remove does work on IE 6).
The workaround suggested in that issue is to patch the GWT Cookies class.
Dot here signifies that cookie also holds for a sub-domain, such as abcd.mydomain.com. IT is very similar to say that you can add an entirely different website onto your domain, say registration segment separated in a different sub-domain so in general it can be substituted with a wildcard say *.mydomain.com. This is referred to as Cookie Dot Rule. Refer to the IETF Page for the same. You can let the same cookie refer to multiple token values as well.