set cookie on parent domain but from sub-domain website

When I visit a sub-domain website ex: https://sub2.example.com, from a browser console I can set a cookie for parent domain.

document.cookie = "nameCookie=HelloWorld; domain=.example.com;"

as per Cookie RFC this works! and this cookie should be available to all sub-domains.
ex:

But my problem, this concept is not working on some websites.

for ex:

  • Go to https://square.github.io/

  • open browser console

    document.cookie = "nameCookie=HelloWorld; domain=.github.io;"
    console.log(document.cookie)
    

check that nameCookie is not available.

Why it is not working here? any Http header/rule setup on those websites?

>Solution :

Because github.io is on the list of effective top-level domains (eTLDs) (raw list here), so each github.io subdomain is treated like a subdomain of a top-level domain (that is, _______.github.io is treated just like _______.com or _______.co.uk).

Leave a Reply