purpose of disableCookieDomain - as will default to origin domain?

[jbrough]

How can we help?

185       domain: this._disableCookieDomain ? undefined : domain,

this will force the browser to set the domain to the origin domain, in effect it's a no-op?

setting the domain to dot domain, ".example.com", will include all subdomains and might be the behaviour most users expect from this setting?

I've forked to add a setting to allow all subdomains and just wondering about the context around disableCookieDomain as I think this setting can be safely removed.

[borisfba]

Hi @jbrough,

Domain=value OPTIONAL. The value of the Domain attribute specifies the domain for which the cookie is valid. If an explicitly specified value does not start with a dot, the user agent supplies a leading dot.

As per specification, Domain=example.com is equivalent to Domain=.example.com. Therefore, setting disableCookieDomain to false will effectively make cookies available to subdomains.

We do agree that this configuration is confusing, and have a task in our backlog to depreciate this setting in favour of user configurable domain.