Cookie domain setting

azhang · August 31, 2020, 1:47am

ory/kratos/blob/master/docs/docs/guides/configuring-cookies.mdx

---
id: configuring-cookies
title: Configuring Cookies
---

When working with cookies, keep the following in mind:

1. HTTP Cookies **are not port specific**. If a cookie is set on
   `https://mydomain.com:1234` it is also valid for `https://mydomain.com:4321`
   and `https://mydomain.com`.
2. Unless `--dev` is set, ORY Kratos' cookies are only sent over HTTPS.
3. Cookies in ORY Kratos are always `httpOnly`.
4. It is possible to set a cookie for `mydomain.com` when the original request
   was made to `subdomain.mydomain.com`. It is however not possible to set a
   cookie for `anotherdomain.com` when the original request was made to
   `mydomain.com`. See also [this answer] on
   [SackOverflow](https://stackoverflow.com/questions/18492576/share-cookie-between-subdomain-and-domain).

:::note

This file has been truncated. show original

This doc says that domain is configurable. I’d like to use more subdomains with the same cookie but I get

session: map[cookie:map[domain:asdf.com] cookie_same_site:Lax lifespan:1h]
^-- additionalProperties “cookie” not allowed

hackerman · September 3, 2020, 8:35am

Which version are you running?