What is a host only cookie?
First of all, it is not possible for foo.com to set a cookie that can be read by bar.com. Host-only only protects example.com cookies from being read by bar.example.com. From RFC 6265 regarding setting a cookie and its Domain attribute: If the domain-attribute is non-empty: If the canonicalized request-host does not domain-match the domain-attribute: Ignore … Read more