document.cookie = "name=value; path=/; domain=.sitename.com; secure";
Cookie Attributes:
name=value: The cookie name and its value.
path=/: Specifies that the cookie is accessible for the entire domain.
domain=.sitename.com: Allows the cookie to be shared with all subdomains of sitename.com.
secure: (Optional) Indicates that the cookie should only be sent over secure (HTTPS) connections.
Considerations:
HTTPS and Secure Cookies: If the cookie is marked as secure, it will only be transmitted over secure (HTTPS) connections. Ensure your sites are accessed via HTTPS if you’re using the secure attribute.
SameSite Attribute: Modern browsers have implemented a security feature that can restrict how cookies are sent with cross-site requests. The SameSite attribute can be set to None, Lax, or Strict. For a cookie to be sent with requests initiated from another site, SameSite=None; Secure must be used. However, this is typically more relevant for cross-origin scenarios than subdomain access.
Browser Cookie Policies: Be aware of the browser’s cookie policies, which may affect how cookies are stored and shared. Some browsers have stricter default settings for cross-site cookie sharing.
Privacy and Consent: When implementing cross-subdomain cookies, especially for tracking purposes, be mindful of privacy regulations (e.g., GDPR, CCPA) and ensure you have appropriate consent mechanisms in place.
If the nats cookie from your initial question is intended to be shared across join.sitename.com and www.sitename.com, ensure it is set with domain=.sitename.com from wherever it is first created. This will make it accessible from both subdomains and any others under sitename.com.