From e2558cb8df25bc12f20c07c146bd8a73827f870d Mon Sep 17 00:00:00 2001 From: joaquinelio Date: Sat, 3 Apr 2021 17:56:04 -0300 Subject: [PATCH 1/4] domain cookie option --- 6-data-storage/01-cookie/article.md | 12 ++++++------ 1 file changed, 6 insertions(+), 6 deletions(-) diff --git a/6-data-storage/01-cookie/article.md b/6-data-storage/01-cookie/article.md index 9fc5f695..749e4551 100644 --- a/6-data-storage/01-cookie/article.md +++ b/6-data-storage/01-cookie/article.md @@ -96,9 +96,13 @@ Usually, we should set `path` to the root: `path=/` to make the cookie accessibl A domain defines where the cookie is accessible. In practice though, there are limitations. We can't set any domain. -By default, a cookie is accessible only at the domain that set it. So, if the cookie was set by `site.com`, we won't get it at `other.com`. +**There's no way to let a cookie be accessible from another domain, so `other.com` will never receive a cookie set at `site.com`.** -...But what's more tricky, we also won't get the cookie at a subdomain `forum.site.com`! +It's a safety restriction, to allow us to store sensitive data in cookies, that should be available only on one site. + +By default, a cookie is accessible only at the domain level that set it. + +...What's tricky, we won't get the cookie at a subdomain `forum.site.com`! ```js // at site.com @@ -108,10 +112,6 @@ document.cookie = "user=John" alert(document.cookie); // no user ``` -**There's no way to let a cookie be accessible from another 2nd-level domain, so `other.com` will never receive a cookie set at `site.com`.** - -It's a safety restriction, to allow us to store sensitive data in cookies, that should be available only on one site. - ...But if we'd like to allow subdomains like `forum.site.com` to get a cookie, that's possible. When setting a cookie at `site.com`, we should explicitly set the `domain` option to the root domain: `domain=site.com`: ```js From 2c1d14b98da3c08856b2c8c6e5faa4a82efc6163 Mon Sep 17 00:00:00 2001 From: joaquinelio Date: Sat, 3 Apr 2021 18:27:28 -0300 Subject: [PATCH 2/4] Update article.md --- 6-data-storage/01-cookie/article.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/6-data-storage/01-cookie/article.md b/6-data-storage/01-cookie/article.md index 749e4551..ee007d97 100644 --- a/6-data-storage/01-cookie/article.md +++ b/6-data-storage/01-cookie/article.md @@ -98,7 +98,7 @@ A domain defines where the cookie is accessible. In practice though, there are l **There's no way to let a cookie be accessible from another domain, so `other.com` will never receive a cookie set at `site.com`.** -It's a safety restriction, to allow us to store sensitive data in cookies, that should be available only on one site. +It's a safety restriction, to allow us to store sensitive data in cookies that should be available only on one site. By default, a cookie is accessible only at the domain level that set it. From b9752634f71ecdce64bcb7e22732692416321696 Mon Sep 17 00:00:00 2001 From: joaquinelio Date: Sat, 3 Apr 2021 18:53:16 -0300 Subject: [PATCH 3/4] Update article.md --- 6-data-storage/01-cookie/article.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/6-data-storage/01-cookie/article.md b/6-data-storage/01-cookie/article.md index ee007d97..f7de5938 100644 --- a/6-data-storage/01-cookie/article.md +++ b/6-data-storage/01-cookie/article.md @@ -100,7 +100,7 @@ A domain defines where the cookie is accessible. In practice though, there are l It's a safety restriction, to allow us to store sensitive data in cookies that should be available only on one site. -By default, a cookie is accessible only at the domain level that set it. +By default, a cookie is accessible only at the domain that set it. ...What's tricky, we won't get the cookie at a subdomain `forum.site.com`! From ad0df9950eec1ce638416e11f58f1585e41e4e74 Mon Sep 17 00:00:00 2001 From: joaquinelio Date: Fri, 24 Dec 2021 08:53:33 -0300 Subject: [PATCH 4/4] Update article.md --- 6-data-storage/01-cookie/article.md | 2 +- 1 file changed, 1 insertion(+), 1 deletion(-) diff --git a/6-data-storage/01-cookie/article.md b/6-data-storage/01-cookie/article.md index f7de5938..89a24d50 100644 --- a/6-data-storage/01-cookie/article.md +++ b/6-data-storage/01-cookie/article.md @@ -96,7 +96,7 @@ Usually, we should set `path` to the root: `path=/` to make the cookie accessibl A domain defines where the cookie is accessible. In practice though, there are limitations. We can't set any domain. -**There's no way to let a cookie be accessible from another domain, so `other.com` will never receive a cookie set at `site.com`.** +**There's no way to let a cookie be accessible from another 2nd-level domain, so `other.com` will never receive a cookie set at `site.com`.** It's a safety restriction, to allow us to store sensitive data in cookies that should be available only on one site.