Subdomain Cookies and Localhost

So I have a site – we’ll call that sets a client side cookie named CookieName1 and I need a subdomain to be able to read that value. Using php’s standard setcookie() method I set the cookie on www by using:

setcookie( “CookieName1″, $CookieName1Value, $CookieExpDate, “/”, “” );

This works, no problem.  Now uses .NET to read in the value and do something.  Pretty standard stuff here:

  If Request.Cookies(“CookieName1″) IsNot Nothing Then


  End If


Build > Debug, set a breakpoint on the if block, skips right over it.  Huh?  I make sure IE has the cookie, try again.  Nope, Request.Cookies(“CookieName1″) is Nothing.  Can’t be an IE thing can it?  Run same scenerio in FireFox – same result.  Then it dawns on me, I’m not running this under, I’m running this under localhost.  Everything was working as expected, cookies can only be read by *  So how am I going to test this thing on my local machine? I do have a sandbox,, but what if I didn’t?  A simple solution is to change the host file found at %SystemRoot%\system32\drivers\etc\ with: localhost

Run another Debug, change the http://localhost to and now I’m able to read cookies from * Nifty.

Written by Tim on May 22nd, 2007 with 4 comments.
Read more articles on and php and web 2.0 ish.

Related articles


Read the comments left by other users below, or:

Get your own gravatar by visiting Patrick
#1. April 20th, 2009, at 12:17 PM.

Very good tip! I am working with cookies accross sub domains and I know I would have hit this issue. Thanks for the tip!

Get your own gravatar by visiting Patrick
#2. April 25th, 2009, at 4:06 AM.

Just got to the work of using cookies accross subdomains. I came back to get your example, and, it works like a charm!

Thanks for posting this information.

Get your own gravatar by visiting Richard Atkins
#3. January 18th, 2010, at 12:13 PM.

YES BUT … Place a breakpoint somewhere like Global.asax or in a page and check the value in Request.URL

You will find it reads ‘http://localhost:…’ not ‘http://test.localhost:…’ so your results are being returned (and your cookie read) from the domain not the subdomain. This debugging trick works by ‘faking’ the subdomain to be the localhost domain. Any code you have that depends on Request.URL being correct will no longer work.

Is there a better fix for this? I haven’t found one yet!

Get your own gravatar by visiting Richard Atkins Again
#4. January 20th, 2010, at 12:09 AM.

YES BUT … I found the answer. You need to check the HOST header in the request which has the full domain name (e.g. subdomain.localhost:XXXX) instead of using Request.URL.Authority. To do this I created an extension method in the Uri object which does this check and returns a ‘hacked’ version of the Uri with the correct domain name inserted using Regex. Sorted.

Leave your comment...

If you want to leave your comment on this article, simply fill out the next form:

You can use these XHTML tags: <a href="" title=""> <abbr title=""> <acronym title=""> <b> <blockquote cite=""> <cite> <code> <del datetime=""> <em> <i> <q cite=""> <strike> <strong> .