Can a subdomain delete a domain cookie?

Tag: http , cookies Author: zgz5914521 Date: 2013-06-05

Suppose I have a cookie that is set for .domain.com, and my subdomain is sub.domain.com. Can I delete cookies that are set for the main domain? I know it is possible to read them, but is it possible to delete these cookies, or overwrite their values?

Actually, it is the other way around. A subdomain can set/expire a cookie for the root domain, but the root domain cannot set/expire a cookie for a subdomain. See RFC 6265 Sections 5.1.3, 5.3 #6, and 8.6. Section 8.6 in particular describes how a subdomain can set a root domain cookie that affects a sibling subdomain.

Other Answer1

Yes, a subdomain can set/expire a cookie for the main domain, but the main domain cannot set/expire a cookie for a subdomain. See RFC 6265 Sections 5.1.3, 5.3 (see point #6), and 8.6. Section 8.6 in particular describes how a subdomain can set a cookie for the main domain and have it affect a sibling subdomain.