Expires
sets an expiry date for when a cookie gets deletedMax-age
sets the time in seconds for when a cookie will be deleted (use this, it’s no longer 2009)Domain
attribute specifies which hosts can receive a cookie. If unspecified, the attribute defaults to the same host that set the cookie, excluding subdomains. If Domain
is specified, then subdomains are always included. Therefore, specifying Domain
is less restrictive than omitting it. However, it can be helpful when subdomains need to share information about a user.Domain=mozilla.org
, cookies are available on subdomains like developer.mozilla.org
. But if you don't, the cookie won't be sent to subdomains.Path
attribute indicates a URL path that must exist in the requested URL in order to send the Cookie
header. The %x2F
("/") character is considered a directory separator, and subdirectories match as well.document.cookie
)\r\nTRACE
instead of TRACE
to IE6.0 SP2.