Let's assume I'm on sub.example, how can I get the cookies of .example from there? If that's not possible, is there a workaround like an hack or whatever that redirects to .example and then stores the cookies?
Let's assume I'm on sub.example, how can I get the cookies of .example from there? If that's not possible, is there a workaround like an hack or whatever that redirects to .example and then stores the cookies?
- @SamOnela that doesn't pletely answer my questions. I'm asking also for a workaround of that. – WayneXMayersX Commented Aug 15, 2017 at 20:20
2 Answers
Reset to default 11A web page only has visibility to the cookie with the most specific domain that matches its URL.
So if both example and sub.example both have a cookie named mycookie, a web page in sub.example can only access the one in the subdomain. It hides the cookie in the example domain, and there's no way to access it.
But if there's only a cookie in example, it will be visible to both example and sub.example pages.
When creating a cookie, it defaults to the full domain of the page, but the code can specify a less specific domain. So if sub.example creates a cookie, it will default to domain=sub.example. But the code can override this by putting domain=.example in the cookie explicitly.
More details can be found in The Definitive Guide to Cookie Domains.
The cookie was set as HttpOnly flag, and the browser made me not able to get the cookie for JavaScript.