Does a session cookie on different subdomain count as 3rd-party?

Tag: iframe , cookies , subdomain , privacy , 3rd-party Author: ztea_lin Date: 2012-03-25

Suppose I have a site at www.example.com which has an IFRAME pointing to ASP.NET site myapp.othersite.com - this causes issues with session and 3rd-party cookies which I understand.

If I moved the embedded app to myapp.example.com, would the session cookie still count as a 3rd-party cookie as it is a different subdomain?

Thanks

Best Answer

if you set a Cookie on domain .example.com

then a cookie from www.example.com and www.myapp.example.com will be considered the same.

no cookie is treated as a 3rd party cookie.

comments:

Not sure what domain ASP.NET will use by default for session, but looking at this question it looks like it will be example.com - I'll test and report back
Seems to have worked, so ASP.NET session cookies on different subdomains still count as first party.
A cookie set on a website that is loaded in an iframe of a different website is considered to be a third party cookie to the parent website.