Base domain matches on different domains

I have one Login for a url https://stackoverflow.com/ with base domain matching.
I noticed this Login is used when autofilling https://vi.stackexchange.com/users/login.
I’m confused why this happens. Two sites has different domains but the same Login still used. Does anyone know anything about this?

Hello @aiotter - welcome!

Those two domains are on the Global Equivalent Domains list in the Bitwarden settings. Since both domains share the same authentication system and accept the same credentials, this feature makes it easier to use your login among dissimilar domains.

If you don’t want this behaviour, I believe you can just set the uri matching for your login items in Bitwarden to Host matching instead of Domain matching for each entry (i.e., one login item for stackexchange and another item for stackoverflow).

3 Likes

Hi David, thank you for your reply!
I found stackoverflow.com on my Settings/Domain Rules/ Global Equivalent Domains. Now I know what happens there. I appreciate your help!

1 Like

Two different domains (e.g. mydomain.com and subdomain.mydomain.com , or sub1.mydomain.com and sub2.mydomain.com ) can only share cookies if the domain is explicitly named in the Set-Cookie header. Otherwise, the scope of the cookie is restricted to the request host. (This is referred to as a “host-only cookie”
For instance, if you sent the following header from subdomain.mydomain.com, then the cookie would only be sent for requests to that domain, and won’t be sent for requests to any other domains:

Set-Cookie: name=value

However if you use the following, it will be usable on both domains:

Set-Cookie: name=value; domain=mydomain.com