Forum Discussion

Altostratus

Jun 26, 2010

Multi-Domain Cookie Issue

Here's my situation... I have a site, www.sample.com - configured with Akamai. The "origin" points to a VS on my LTM to which I have an iRule that sends users to different pools depending on...

Cirrostratus

Jun 28, 2010

HTTP user agents enforce a domain "firewall" to prevent one site from setting, accessing or modifying cookies from another domain. A subdomain can set cookies for it's own root domain though. So site1.example.com can set cookies for example.com which will be sent by clients to site2.example.com. But as you found, no subdomain on example.com can't set cookies for example2.com or any other domain.

See this wikipedia article for details:

http://en.wikipedia.org/wiki/Same_origin_policy

Can you use subdomains for this? If not, I think you'll need to re-architect the solution. I suppose you could insert something in the URI in the redirect which contains similar info.

Aaron

Help guide the future of your DevCentral Community!

What tools do you use to collaborate? (1min - anonymous)

DevCentral Quicklinks

* Getting Started on DevCentral
* Community Guidelines
* Community Terms of Use / EULA
* Community Ranking Explained
* Community Resources
* Contact the DevCentral Team
* Update MFA on account.f5.com

Discover DevCentral Connects

* Podcasts
* Social Channels
* Video Streaming

GitHub Awesome-F5

Forum Discussion

Multi-Domain Cookie Issue

F5 Academy at AppWorld 2026

Introducing the F5 AI Assistant for BIG-IP

Recent Discussions

How can I get started with iCall

Connection Rest f5

Kubernetes cert-manager + LetsEncrypt + F5

The GSLB pool is providing an incorrect IP to end users

Unable to ping from some self ip on Velos

Related Content

Cookie-based DDoS protection

Encrypting Cookies

2. SYN Cookie: Operation

1. SYN Cookie: Intro

8. SYN Cookie: Troubleshooting tcpdump

ABOUT DEVCENTRAL

RESOURCES

SUPPORT

PARTNERS