What is the scope of a cookie?
The scope of a cookie determines where the cookie can be sent and accessed within a website to ensure its security. You can control which domains, subdomains, or paths on a website can access a cookie. This is done through two key attributes:
- Domain attribute: Specifies which domains or subdomains can access the cookie. For example, Domain=example.com allows the cookie to be shared across all subdomains of example.com.
- Path attribute: Limits the cookie to specific URL paths. For instance, a cookie scoped to /shop will only be sent to URLs within the /shop directory.
Other key attributes like Secure (restricting cookies to HTTPS), HttpOnly (blocking access by client-side scripts), and SameSite (limiting cross-site cookie sharing) enhance security by preventing unauthorized access and attacks like cross-site scripting (XSS) and cross-site request forgery (CSRF).