Comment 68 for bug 44062

Revision history for this message
In , N-admin-blindchaos-net (n-admin-blindchaos-net) wrote :

Would it make more sense to allow a site say foo.bar.com to have access to change/read/delete cookies in all subdomains, and all domains above it. i.e.:
...*.*.foo.bar.com.
.foo.bar.com.
.bar.com.
.com.

this would stop the need to deal handle special rules for domains like: .co.uk.

foo.co.uk could set cookies in the .co.uk. domain if wanted, and bar.co.uk. could read those, but only a fool developer at foo.co.uk would expect his cookies to be safe at that level. then also all of his subdomains would be able to read and set cookies. I believe this would solve the problems brought up by this issue.