How to set a cookie that is only valid for a specific domain like example.com but not its sub-domains?

if I have a domain example.com, is there any way to make cookies valid only for that specific domain and not for sub-domains like www.example.com?

I know I can set it to only www.example.com, but can it be wit开发者_如何学编程hout a sub-domain?

---

Cookies are identified by the combination of their name, domain, and path. So if set correctly, you can limit it's scope to a specific domain/sub-domain and path.

Read Wiki's HTTP Cookie's Attribute Section
or RFC2965

---

Strictly speaking a cookie carrying the qualifier ";domain=example.com" should not be visible to the "www.domain.com" domain. Whereas ";domain=.example.com" would be visible to the www host.

However I would be very wary of this. I haven't tested this recently but I wouldn't be surprised to see some browsers not conforming properly to this.