Cookie path and its accessibility to subfolder pages

CookiesHttpcookie

Cookies Problem Overview

Let say I have a website with domain: www.example.com

If I set a cookie with path '/' the cookie will be accessible via all pages in the domain, eg:

What if we set the cookie to path '/subfolder1', will the cookie will be made available to any page or subfolder beneath the folder? Eg:

So, if not, I guess, I have no choice but to use path '/' for those cookies, right?

Cookies Solutions

Solution 1 - Cookies

> If we set the cookie to path '/subfolder1', will the cookie will be made available to any page or subfolder beneath the folder?

Yes. The cookie will be available to all pages and subdirectories within the /subfolder1 path.

Solution 2 - Cookies

To remove some ambiguity by reusing a portion of this answer:

> A request-path path-matches a given cookie-path if at least one of the > following conditions holds: > > - The cookie-path and the request-path are identical. > - The cookie-path is a prefix of the request-path, and the last character of the cookie-path is %x2F ("/"). > - The cookie-path is a prefix of the request-path, and the first character of the request-path that is not included in the cookie-
> path is a %x2F ("/") character.

There is a slight (but potentially important) difference between setting a cookie on the /subfolder1 path and the /subfolder1/ path.

If you rely on the former your request path needs to start with a "%x2F ("/") character" (a forward slash) to guarantee the desired behaviour. For an example, take a look at the linked answer.

Setting the cookie path to simply / avoids any edge cases, but as you say - the cookie would be accessible the entire domain.

Solution 3 - Cookies

if we set the cookie to path /subfolder1, the following pages in the example are accessible:

> www.example.com/subfolder1/page1.html
> www.example.com/subfolder1/moresubfolder1/page1.html
> etc.

However, the page www.example.com/page1.html will not be accessible as it does not belong to the allowed path.

Categories
Recommended Cookies Solutions

Previous Solution:

Sentiment analysis for Twitter in Python

PythonMachine LearningNlpOpen SourceSentiment Analysis

Next Solution:

String.Join vs. StringBuilder: which is faster?

.NetPerformanceStringStringbuilder

Attributions

All content for this solution is sourced from the original question on Stackoverflow.

The content on this page is licensed under the Attribution-ShareAlike 4.0 International (CC BY-SA 4.0) license.

Content TypeOriginal AuthorOriginal Content on Stackoverflow
QuestionNordinView Question on Stackoverflow
Solution 1 - CookiesAlex BarrettView Answer on Stackoverflow
Solution 2 - CookiesMichaelView Answer on Stackoverflow
Solution 3 - CookiesthefunfreakView Answer on Stackoverflow