Does a session cookie on different subdomain count as 3rd-party?

Tag: iframe , cookies , subdomain , privacy , 3rd-party Author: ztea_lin Date: 2012-03-25

Suppose I have a site at which has an IFRAME pointing to ASP.NET site - this causes issues with session and 3rd-party cookies which I understand.

If I moved the embedded app to, would the session cookie still count as a 3rd-party cookie as it is a different subdomain?


Best Answer

if you set a Cookie on domain

then a cookie from and will be considered the same.

no cookie is treated as a 3rd party cookie.


Not sure what domain ASP.NET will use by default for session, but looking at this question it looks like it will be - I'll test and report back
Seems to have worked, so ASP.NET session cookies on different subdomains still count as first party.
A cookie set on a website that is loaded in an iframe of a different website is considered to be a third party cookie to the parent website.