In this lesson, we'll study supercookies.


What if we were able to set a cookie on a top-level domain (TLD) such as .com or .org? That would be a huge security concern, for two reasons:

  • user privacy: every website running on that specific TLD would be able to track information about the user in shared storage
  • information leakage: a server could mistakenly store a sensitive piece of data in a cookie available to other sites

In the following code, by appending ?super=on to the URL, the server is going to set a cookie on the domain local (e.g., wasec.local). Since it is a top-level domain, the client will refuse to process this cookie.

Get hands-on with 1200+ tech skills courses.