Home/ Questions/Q 4254242
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-21T05:03:23+00:00

I need an HttpOnly authentication cookie to work on: mydomain.com www.mydomain.com abc.mydomain.com so that

  • 0

I need an HttpOnly authentication cookie to work on:

mydomain.com
www.mydomain.com
abc.mydomain.com

so that I can be logged into all three places via a single login.

This is working fine, by setting my cookie domain to: 

.mydomain.com

here is the response header that sets the cookie:

MYAUTHCOOKIE=FOO; domain=.mydomain.com; path=/; HttpOnly

This all works fine for normal browser requests.

However, I need to make an AJAX request from mydomain.com and www.mydomain.com to abc.mydomain.com.

When I make the request, it isn’t passing the authentication cookie. Why is this, and what can i do about it?

If i make a request to the same host as the page the JS resides on, it does send the cookie :s

Here’s my request code:

$.ajax({
    type: "POST"
    , data: { data: { foo: bar} }
    , dataType: "json"
    , url: "http://abc.mydomain.com/foo"
    , timeout: 5000
    , success: function (data, textStatus) {
        alert('woo!');
    }
    , error: function (xhr, textStatus, error) {
        alert('meh');
    }
});

Is this some cross domain policy? Why doesnt the cookie domain make this work?

Thanks

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    According to the same origin policy, subdomains are indeed “hostile” to your top domain, but it can be fixed by setting document.domain (same article).

    • 0