Skip to content
Advertisement

Different pages on same domain show different cookies (by target domain)

I have a Single Sign On implementation that adds cookies to a website when people login. I see the cookie in the chrome Inspector when looking at one page, but not in another page on the same domain.

  • The cookie path is set to “/”, so should be available on all files
  • The target domain for the disappearing cookie is another domain

When I go to one page on the site, I see many cookies (including with various target domains).

When I go to other pages on the same domain, I see fewer cookies (all seem to be with the local domain as target)

Using Apache, SSL, Ubuntu, it’s a sub-domain, it’s a session cookie, using exact same https and www in url, all standard stuff.

How come different pages on same domain can show different cookies, (in chrome Inspector)?

Obviously the clue here is the cookie target domain, but why is that an issue?

Advertisement

Answer

Third-party cookies are only shown, if there’s any requests to those domains happening in the context of the current page.

Let’s say your domain is A, and you have a cookie set for domain B in your browser.

Your page 1 embeds something from domain B – could be an image, a script file, … – anything that causes an actual HTTP request to domain B to be made. Then you will see the cookie for domain B listed in dev tools.

Your page 2 however does not embed any such resources from domain B. No cookies from B are actually “involved” now in what happens on this page 2 – so no need or reason for dev tools to show them now either, while you are on page 2.

User contributions licensed under: CC BY-SA
4 People found this is helpful
Advertisement