What's the difference between "domain" and "non-domain" cookies?

I'm reading the MDC entry for nsICookieManager2.add and it talks a开发者_如何学JAVAbout domain and non-domain cookies. What are the differences between the two types of cookies?

From RFC2109:

Host A's name domain-matches host B's if [...] A is a FQDN string and has the form NB, where N is a non-empty name string, B has the form .B', and B' is a FQDN string. (So, x.y.com domain-matches .y.com but not y.com.)

So, if I understand it right, a domain cookie has a domain like .y.com and a non-domain cookie has a domain like x.y.com. A domain cookie is visible for all subdomains, and non-domain cookie is only visible for it's specific subdomain.

A cookie with the domain .y.com is visible when visiting subdomains like www.y.com and test.y.com (but not y.com), while a cookie with the domain x.y.com only is visible when visiting the subdomain x.y.com but not any other subdomain.

Looking at the RFC, if the domain is not specified when the cookie is created, the domain from the requesting host will be applied. So a request from www.foo.com without a domain specified will have www.foo.com in the domain.

However, you may wish to explicitly set the domain to use the cookie across a variety of sub-domains. Setting the cookie domain to foo.com will allow you to access it on www.foo.com or help.foo.com or *.foo.com. This comes in very useful when passing some state around applications you maybe hosting.

As far as i understand a non-domain cookie makes no sense. Cookies are always tied to a domain and only the cookies for that domain gets passed to the application and can be used. But yes there are techniques by which we can create cross domain cookies. Here is a tutorial that explains this. I don't know if you are using php for your project, because this tutorial explains the concept using php.

http://www.tutorialized.com/view/tutorial/Implementing-Cross-Domain-Cookies/372

Hope this helps.