sidstamm
commented
7 years ago Yep. Once cookies are set, there's no way to figure out where they came from (only where they will be retransmitted).
What is your concern with this?
Closed efronbs closed 7 years ago
sidstamm
commented
7 years ago Yep. Once cookies are set, there's no way to figure out where they came from (only where they will be retransmitted).
What is your concern with this?
efronbs
commented
7 years ago I think for now, this is more or less irrelevant. When I posted this, I was thinking we might want to do something like track metadata about different sites, and having all cookies be readable from different subdomains of the websites could make it difficult to track such metadata. I'm not actually going to do that, so it's not really a concern anymore. I'll reopen this if something comes up and we start caring about exactly what data any single domain has access to, but for now I don't think I need to put any time into this.
Cookies only have a domain value, not an origin value. Thus for any specific domain I will only be looking at cookies for that domain, though it could read cookies from subdomains and vice versa. I don't think this will be an issue, but tracking this relationship might be worth doing.