Reputation: 25
Cookies behaviour difference while using CNAME vs changing domain nameservers
Assume you have 2 domains A.com and B.org. A.com is owned by you and there you have servers with the application running. While B.com is owned by a third party.
I am trying to understand the difference in behaviour of cookies in 2 cases:
- You set a CNAME, so that B.org points to A.com
- You change the B.org domain nameservers in a way that B.org points to the same ip address as A.com
Do I understand it correctly that in the first option it is impossible for a server to set a cookie as a first-party, you can set only a third-party cookie with the domain A.com, while in the second option cookies set by the server are treated as first-party cookies with the domain B.org?
And with the option 2, can you get a cookie with domain A.com while being on domain B.org?
Please share your knowledge and I would appreciate it if you point me to some RFC/blog/documentation
Upvotes: 0
Views: 54
Answers (1)
Reputation: 16572
HTTP cookies are completely oblivious to nameservers and IP addresses. The domain name specified in the URL is the "origin" – as long as the user has entered an http://B.org/foo URL, the browser will behave as if they are accessing B.org and that's the end of the story.
Upvotes: 0
Related Questions
- What is the difference between localStorage, sessionStorage, session and cookies?
- Cross-Domain Cookies
- Share cookies between subdomain and domain
- Why is it common to put CSRF prevention tokens in cookies?
- Cookies on localhost with explicit domain
- Get and Set a Single Cookie with Node.js HTTP Server
- Setting cross-domain cookies in Safari
- Is it possible to allow cross-domain requests through the use of CNAME records?