How to Share Cookies Across Subdomains

Set the Cookie Domain to the Parent Domain: When setting a cookie that should be accessible from multiple subdomains, you need to specify the domain attribute to the parent domain, and it should be prefixed with a dot. For example, to share a cookie between http://www.sitename.com and join.sitename.com, you should set the cookie domain to .sitename.com. Here’s an example of how to set such a cookie:


document.cookie = "name=value; path=/; domain=.sitename.com; secure";


Cookie Attributes:

name=value: The cookie name and its value.
path=/: Specifies that the cookie is accessible for the entire domain.
domain=.sitename.com: Allows the cookie to be shared with all subdomains of sitename.com.
secure: (Optional) Indicates that the cookie should only be sent over secure (HTTPS) connections.

Considerations:

HTTPS and Secure Cookies: If the cookie is marked as secure, it will only be transmitted over secure (HTTPS) connections. Ensure your sites are accessed via HTTPS if you’re using the secure attribute.

SameSite Attribute: Modern browsers have implemented a security feature that can restrict how cookies are sent with cross-site requests. The SameSite attribute can be set to None, Lax, or Strict. For a cookie to be sent with requests initiated from another site, SameSite=None; Secure must be used. However, this is typically more relevant for cross-origin scenarios than subdomain access.

Browser Cookie Policies: Be aware of the browser’s cookie policies, which may affect how cookies are stored and shared. Some browsers have stricter default settings for cross-site cookie sharing.

Privacy and Consent: When implementing cross-subdomain cookies, especially for tracking purposes, be mindful of privacy regulations (e.g., GDPR, CCPA) and ensure you have appropriate consent mechanisms in place.

If the nats cookie from your initial question is intended to be shared across join.sitename.com and http://www.sitename.com, ensure it is set with domain=.sitename.com from wherever it is first created. This will make it accessible from both subdomains and any others under sitename.com.

Scroll to Top