Cookie - Scope

About

The scope of a cookie name is a calculated property defined by the concatenation of

If the request URL matches the scope (ie domain and path expression), the user agent (browser) will add the cookies in the Cookies header to the request returning it to the server (if the other cookie property (such as expiration date, http only,..) are also valid)

You can have the same name below differents scope.

Below you can see that their is 2 cookie named visits below two differents scopes.

Cookie Scope Name

Example

For instance:

  • A cookie that should be returned to every path and every subdomain of example.com would be set by the server with the following set-cookie response header
Set-Cookie: key=value; Path=/; Domain=example.com

Cookies: key=value

Properties

Domain

The domain attribute determines the scope and determine which host (port excluded) are allowed to receive the cookie.

The scope rules are applied top down (ie applied to the domain and all subdomain)

If the domain property of the cookie is:

More … see The domain property of a cookie in depth

Path

The path attribute is a scope attribute and is matched against the request URL path where:

  • / means all paths including the root

The default value of the path is the parent of the last name:

  • If the URL of the request is https://example.com/foo/bar
  • the default scope/cookie path is /foo

If several cookies shares the same name with different path, a list of values is returned ordered by scope order. For instance, suppose that

  • there is two cookies with the same name: visits
  • their respective path are:
    • /
    • /cookie
  • their respective value are:
    • 3
    • 2
  • a call to https://example.com/cookie
  • will result in the following cookie header:
Cookie: visits=2; visits=3

As seen in the Cookie value, there is no way to know the path of the values.





Discover More
Devtool Tracking Cookie Identifier Counter
How does a tracking cookie work? A step by step example

This page shows you a basic example of a tracking ... cookie so that you can understand and implement the underlying mechanisms. These cookies are third-party cookie. A tracking cookie is also known...
Set Cookie Block Bad Domain Att Vs Current Host Url
The domain property of a cookie in depth

This article is about the domain property of a cookie and defines what is a domain, how it's used and what's permitted.
What are the elements of security in HTTP? Security headers and cookie properties explained

In HTTP, the security is done via the setting of: response header known as security header that drives the execution of the browser page load cookies properties mostly samesite that control if the...
Chrome Cookies
What is a Cookie? (HTTP Set-Cookie Header )

A cookie is: a key-value data with some associated that control how the browser should manage them. set by a HTTP response via the set-cookie header The received cookies by the browser can be...



Share this page:
Follow us:
Task Runner