Open RKushnir opened 6 years ago
The existing code for cookie validation was written 9 years ago, before the RFC 6265. So it only supports one level of subdomains between the cookie domain-value and the requested host name:
Set-Cookie: "Hello=w0r1d;Path=/;Domain=.grandma.com"
matches eat.grandma.com, but does not match lets.eat.grandma.com.
The existing code for cookie validation was written 9 years ago, before the RFC 6265. So it only supports one level of subdomains between the cookie domain-value and the requested host name:
matches eat.grandma.com, but does not match lets.eat.grandma.com.