I just want to take a note about http cookie path. I am trying to have multiple web applications in single domain, such as: http://localhost/app1/ and http://localhost/app2/. Both are supposed to have different session cookie in their respective path and that’s when I come into cookie path and get confuse when cookie is not being sent back to server even if it’s there… sitting innocently in the browser window realm… just being a jerk.
Confusion #1 Cookie with path just not working
The path for the cookie with trailing backslash is recipe to disaster, like “/app1/dir/” it’s not gonna work either for server or client scope, except… for the root path (‘/’) – obviously
but, I have found the reason why browser did it.
(if this solve your problem, don’t finish reading yet).
Confusion #2 Cookie with path not sent back to server
Ha! No cookie with path will sent back to server! Why? I don’t know… same domain check! except… for the root path (‘/’)
Confusion #3 Cookie with path work as promised in another tab with different sub-directory path
Ha! That because the way it is, in fact, I should not confuse about this. Take that root path cookie…
Confusion #4 Just like anything already clear, Cookie with pad still acting like a jerk
check your URL, server still serve url directory with double path separator like http://localhost//////app1/ (repetition are intended) and browser debugging tool still reading the cookie, but the code not… yeah of course, you guess it, except… for the root path (‘/’) – obviously
Conclusion for now related to why cookie not being sent back to server, with respect to domain, expiration time, http-only, and secure parameters, only root path cookie sent over to server.
I don’t know if there is something I do wrong in my code, messaging are done with jQuery ajax, and I still not find if there is any issue with it regarding cookie. People who has similar questions with this, mostly because it from different domain or satisfied by setting cookie path to root path. Maybe it browser specific issue, I use Google Chrome and Mozilla Firefox, each have slightly different behaviour in my PC when sending cookie to static resources, but for root path cookie its the same.
I know cookie can be very strict for security issue, but any guidance is telling that cookie path will sent over to server with the respective domain and path but that not happening (my problem actually). But, that’s ok, I think I am settled with this. But, I am not satisfied, maybe somebody can show me if this is the standard behaviour or I just got lost.
Playing with cookie path is also confusing, because previous cookie that live in browser, make sure we clear all browser cookie before we reload with a change, otherwise we think that it works when actually not.