Hey everyone! I'm currently working on two websites: admin.domain.com and shop.domain.com. I'm sending a Boolean value to differentiate requests coming from the admin site versus the shop site. Right now, I'm setting up a cookie that is accessible to both subdomains by using the cookie property set to .domain.com. I attempted to set the cookie specifically for admin.domain.com, but the browser is blocking it from being saved. My goal is to have separate cookies for each subdomain, meaning cookies from admin shouldn't be accessible by shop and vice versa. For context, I'm using express.js for my setup. Any help would be much appreciated!
2 Answers
While you're figuring this out, check out some articles on cookie security, especially around cookie tossing. Understanding that might save you some future headaches related to cookie management on subdomains. It's a pretty interesting topic and could be useful for your project!
You might consider retrieving the hostname directly from the HTTP request. That way, you can distinguish between requests from the admin and shop sites without relying on cookies alone. Using the hostname could help you identify which cookies need to be set based on the origin. Just a thought!
I was actually working locally, so both hostnames were localhost, haha. But I'm looking for a way to identify the request's source more clearly. Can you elaborate on how this would help in setting cookies for subdomains individually?
That's really useful info! I noticed the article mentions that cookies set for a subdomain apply to all its subdomains. But when I try setting the cookie for admin.domain.com, it doesn't save. Why does it work that way?