Make a sub-domain or create a sub-folder?


Today an SSL certificate vendor informed me that my is not secure, that the correct would be is this true?

Does it make any difference to a sub-domain instead of a sub-folder?

asked by anonymous 22.06.2015 / 20:56

2 answers


Not necessarily, it seems a little overkill of it (and even lack of knowledge, or confusion of it).

What is unsafe

If the page contains session cookies (or other session method) this data can be passed to , however it is totally possible to prevent this, for example with PHP it is possible to define the cookie PATH of session.

Why use a sub-domain

The subdomain does not share cookies from the main site and this would theoretically make it more secure.

As I said is not totally right and not totally wrong, it varies from how your system was created to use a sub-folder does not really make it insecure.


Of course he may have talked about something else that I really do not know

22.06.2015 / 21:02

In some contexts, yes. You can, for example, restrict a cookie to ; then it will not appear if the user accesses , which in this case obviously does not make a difference, but prevents your intranet credentials from leaking to the site open to the public.

Another situation in which the subdomain makes a difference is for AJAX: unless you explicitly authorize, the browser will not let you make a request from to or vice versa; this protects the accidental leak of information from your intranet to the public.

(Both of the above use cases are most relevant when you are a Tumblr or GitHub site, where a user can put any content in his subdomain - in the case of GitHub, in - but it never hurts to put a layer of protection in your service.)

22.06.2015 / 21:03