Skip to content

Instantly share code, notes, and snippets.

@sadams
Created May 21, 2015 09:56
Show Gist options
  • Save sadams/9a7454f1a1c2a3d98b14 to your computer and use it in GitHub Desktop.
Save sadams/9a7454f1a1c2a3d98b14 to your computer and use it in GitHub Desktop.
understanding first/third party cookie behaviour

understanding first/third party cookie behaviour

scenario 1

  1. set cookie from foo.example.com with no domain
  2. is it readable by foo.example.com?
  3. is it readable by bar.example.com?
  4. is it overwritable by bar.example.com?

scenario 2

  1. set cookie from foo.example.com with .example.com domain
  2. is it readable by foo.example.com?
  3. is it readable by bar.example.com?
  4. is it overwritable by bar.example.com?
  5. is it read/write-able by example.com

scenario 3

  1. set 'disalow third party' cookies
  2. include(scenario 1)

scenario 3

  1. set 'disalow third party' cookies
  2. include(scenario 2)
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment