Subdomains don't solve the problem, because Google very much intentionally puts ... | Hacker News

Hacker Newsnew | past | comments | ask | show | jobs | submit

		lolinder on May 4, 2023 \| parent \| context \| favorite \| on: Gitlab and Google Cloud Partner to Expand AI-Assis... Subdomains don't solve the problem, because Google very much intentionally puts the user session cookie on the root of .google.com, thereby sharing with all subdomains.

cma on May 5, 2023 [–]

The tld he is talking about is different though right?

lolinder on May 5, 2023 | [–]

Yes, but I read that as suggesting they could use their own tld OR use subdomains. If you open a new domain on that tld, you don't need subdomains to protect Google account cookies.

Guidelines | FAQ | Lists | API | Security | Legal | Apply to YC | Contact