Cognito-At-Edge by default sets all cookies with the domain attribute. This attribute really should be optional as it leads to issues where you may not want to share cookies across subdomains and could potentially lead to WAF restrictions if a WAF restricts the size of cookie headers.
Why is this needed:
The Domain attribute specifies which hosts are allowed to receive the cookie. If unspecified, it defaults to the same host that set the cookie, excluding subdomains. If Domain is specified, then subdomains are always included. Therefore, specifying Domain is less restrictive than omitting it. However, it can be helpful when subdomains need to share information about a user.
What would you like to be added:
Cognito-At-Edge by default sets all cookies with the domain attribute. This attribute really should be optional as it leads to issues where you may not want to share cookies across subdomains and could potentially lead to WAF restrictions if a WAF restricts the size of cookie headers.
Why is this needed:
The Domain attribute specifies which hosts are allowed to receive the cookie. If unspecified, it defaults to the same host that set the cookie, excluding subdomains. If Domain is specified, then subdomains are always included. Therefore, specifying Domain is less restrictive than omitting it. However, it can be helpful when subdomains need to share information about a user.