Skip to content

Commit c2c73cd

Browse files
FagnerMartinsBrackFagnerMartinsBrack
committed
Document the format of the "domain" attribute
Provide more information regarding on how the "domain" attribute works according to the RFC 6265 and the actual behavior of major browsers. Closes js-cookiegh-87. Closes js-cookiegh-91. Related to js-cookiegh-81.
1 parent f28a0fd commit c2c73cd

File tree

1 file changed

+16
-4
lines changed

1 file changed

+16
-4
lines changed

README.md

Lines changed: 16 additions & 4 deletions
Original file line numberDiff line numberDiff line change
@@ -175,17 +175,29 @@ This means one cannot set a path using `path: window.location.pathname` in case
175175

176176
### domain
177177

178-
A [`String`](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String) indicating a valid domain where the cookie is visible.
178+
A [`String`](https://developer.mozilla.org/en-US/docs/Web/JavaScript/Reference/Global_Objects/String) indicating a valid domain where the cookie should be visible. The cookie will also be visible to all subdomains.
179179

180-
**Default:** Domain of the page where the cookie was created.
180+
**Default:** Cookie is visible only to the domain or subdomain of the page where the cookie was created, except for Internet Explorer (see below).
181181

182182
**Examples:**
183183

184+
Assuming a cookie that is being created on `site.com`:
185+
184186
```javascript
185-
Cookies.set('name', 'value', { domain: 'sub.domain.com' });
186-
Cookies.get('name'); // => undefined (need to read at 'sub.domain.com')
187+
Cookies.set('name', 'value', { domain: 'subdomain.site.com' });
188+
Cookies.get('name'); // => undefined (need to read at 'subdomain.site.com')
187189
```
188190

191+
**Note regarding Internet Explorer default behavior:**
192+
193+
> Q3: If I don’t specify a DOMAIN attribute (for) a cookie, IE sends it to all nested subdomains anyway?
194+
> A: Yes, a cookie set on example.com will be sent to sub2.sub1.example.com.
195+
> Internet Explorer differs from other browsers in this regard.
196+
197+
(From [Internet Explorer Cookie Internals (FAQ)](http://blogs.msdn.com/b/ieinternals/archive/2009/08/20/wininet-ie-cookie-internals-faq.aspx))
198+
199+
This means that if you omit the `domain` attribute, it will be visible for a subdomain in IE.
200+
189201
### secure
190202

191203
Either `true` or `false`, indicating if the cookie transmission requires a secure protocol (https).

0 commit comments

Comments
 (0)