Read Cross-Domain (Cross-Sub-Domain) Cookies in ColdFusion (HTTPS)

Question

I need to read a cookie created on https://sub1.domain.com from http://origin.domain.com using ColdFusion. I've seen a lot of info about how to create a cookie in a subdomain using CFCOOKIE, but I don't know how to access a cookie that already exists.

Will the HTTPS make this impossible anyway?

ADDENDUM: The checked answer below correctly addresses the question as worded above. In my case, it did not work. I should have explained: The cookie on sub1.domain.com is created by a hosted third party product - not written in coldfusion and not under my control.

Answer 1

This is really quite easy. When you create the cookie, give it a domain attribute equal to your domain. The important part to remember is that it MUST have a leading dot.

<cfcookie name="mycookie" value="myvalue" domain=".mydomain.com" path="/" />

The leading dot tells the browser to send the cookie to any subdomain of mydomain.com which would include sub.mydomain.com and blah.mydomain.com.

You would then be able to access the cookie from any of the subdomains just as you would any other cookie:

<cfset thevalue = cookie.mycookie />

You should do this as a best practice to support older browsers.

Here is the statement from RFC2109: HTTP State Management Mechanisms that could affect older browsers

"To prevent possible security or privacy violations, a user agent rejects a cookie (shall not store its information) if… The value for the Domain attribute contains no embedded dots or does not start with a dot."

I believe this is overridden by RFC 2965: HTTP State Management Mechanism which states

"Domain=value OPTIONAL. The value of the Domain attribute specifies the domain for which the cookie is valid. If an explicitly specified value does not start with a dot, the user agent supplies a leading dot."

Which explains why it might be working for you in, presumably, a modern browser. I would still suggest you add it.