This file has been truncated. show original
title: Configuring Cookies
When working with cookies, keep the following in mind:
1. HTTP Cookies **are not port specific**. If a cookie is set on
`https://mydomain.com:1234` it is also valid for `https://mydomain.com:4321`
2. Unless `--dev` is set, ORY Kratos' cookies are only sent over HTTPS.
3. Cookies in ORY Kratos are always `httpOnly`.
4. It is possible to set a cookie for `mydomain.com` when the original request
was made to `subdomain.mydomain.com`. It is however not possible to set a
cookie for `anotherdomain.com` when the original request was made to
`mydomain.com`. See also [this answer] on