Open
Description
I believe the CodeQL documentation here conflicts with MDN by omission:
In this example cookie1 is accessible from online-bank.com ...
HttpCookie cookie1 = new HttpCookie("sessionID"); cookie1.Domain = "online-bank.com";
https://codeql.github.com/codeql-query-help/csharp/cs-web-broad-cookie-domain/
According to MDN, that cookie would also be available to subdomains:
For example, if you set Domain=mozilla.org, cookies are available on mozilla.org and its subdomains like developer.mozilla.org.
https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#domain_attribute
The CodeQL documentation should state that "In this example cookie1 is accessible from online-bank.com and its subdomains".