CookieDomain — set domain common to all servers providing Interchange content




The directive specifies the domain common to all servers providing Interchange content.

By default, the session ID cookie domain is set to the hostname you're accessing. For example, if you access the catalog using server myhost.mydomain.local, then cookie will be set by myhost.mydomain.local.

Things, however, go bad if you use more Interchange servers (in a non-transparent way for the user) to provide content. For example, if SSL content was served from host ssl.mydomain.local, then users would have one session for myhost.mydomain.local and another for ssl.mydomain.local. This is undesired, of course.

To fix the described problem, we need to find part of the FQDN that is common to all servers (mydomain.local in our example), and add it as the domain= parameter to the Set-Cookie directive that we send off to users' browsers. That's what the CookieDomain does.

CookieDomain accepts a space-separated list of domains to set cookies for, in which case the Set-Cookie: ... is sent to the client for each of the specified domains. Due to the cookie restrictions described in the section called “NOTES”, specifying multiple domains is only rarely (if ever?) needed and possible to implement.


Catalog directive


Example: Specifying CookieDomain

CookieDomain .mydomain.local


The cookie specification mandates that the domain part must contain at least two fields (or 1 dot lying in between). The value of .mydomain.local is valid, but .local wouldn't be.

Furthermore, cookie source can only be the FQDN of the host itself, or some of the subdomains, or domain it belongs to. Browsers will ignore all cookies that do not satisfy this requirement. Host myhost.mydomain.local can set a cookie for itself or the domain mydomain.local, but it cannot set a cookie for say, mydomain.local2. It is very fortunate we have this protection, or unrelated sites would read and set each other's cookies — something we definitely don't want to happen!

At least in Mozilla-like browsers, the domain is prefixed with a dot even if you omit it in the CookieDomain specification (mydomain.local ends up being the same as .mydomain.local).

For a complete discussion on cookies, see cookie glossary entry.


CookieDomain is available in Interchange versions:

4.6.0-5.9.0 (git-head)


Interchange 5.9.0:

Source: lib/Vend/
Line 662

['CookieDomain',     undef,              ''],


Interchange Development Group


Cookies(7ic), Mall(7ic), CookieLogin(7ic), SaveExpire(7ic)

DocBook! Interchange!