Setting cookies for multiple sub-domains

If you set the cookie domain to ".example.com", the cookie will work for all subdomains.

Webpages can only set cookies for the second (or higher) level domain that they belong to.

This means that secure.example.com can read and set cookies for secure.example.com or .example.com, the latter of which can also be read and set by www.example.com

One last note: If the secure flag is set on a cookie, it can only be read and set over an https connection.