Because it's not trivial to tell short domain names apart from TLDs, Microsoft maintains a list of special cases for IE8. The list can be found in res://urlmon.dll/ietldlist.xml.
However, I don't understand how to actually make use of that list. Even the privileged two-letter domains that are listed seem to misbehave.
For example, the domain cn.ca can be found on the list. But here's what I get in IE8's javascript console:
The same method works perfectly on a longer domain, such as stackoverflow.com (I cleared my cookies before this example to avoid unrelated noise):
Is the list of special cases actually broken, or do I simply misunderstand its purpose? Is there any way to set cookies (not limited to a subdomain) for short domains in IE8?
No good info in the documentation. However, I found a good write up on this in an MSDN blog post.
Most relevant to your question is Q6:
IE won’t set a cookie for certain domains, like those of the format http://xx.yy?
Correct. The idea is that you may not set a cookie on a "top-level"
domain shared by unrelated organizations. Historically, ccTLDs of the
format xx.yy were effective TLDs, so cookies may not be set on them.
While this heuristic was never perfect, it's been unchanged for over
15 years and hence is not likely to change any time soon. The
intricacy of this issue merits a long blog post all its own—see this
post.
Other interesting tidbits:
IE's cookie code doesn't seem to support as defined in
RFC2109 or RFC2965.
Internet Explorer (including IE8) does not attempt to support any RFC
for cookies. WinINET (the network stack below IE) has cookie implementation based on the pre-RFC Netscape draft spec for cookies.
If I don’t specify a leading dot when setting the DOMAIN attribute, IE
doesn’t care?
Correct. All current version browsers (Chrome, FF, Opera, etc) seem to treat a leading dot as implicit
From Microsoft Support (Affects IE 6.0, 7.0, and 8.0) :
Symptoms: A user opens a webpage from http://servername.xxx.yy. The web site at that address sets a cookie and specifies "xxx.yy" as the domain for that cookie. However, Internet Explorer does not save the cookie information.
Cause: For security reasons, Internet Explorer does not save cookie data for domains like xxx.yy, where .yy is a two-letter country code domain and the three letters xxx are one of the generic top level domain names: com, edu, gov, int, mil, net, or org. Domains of this form are treated as top level domains, effectively a country-specific version of the generic top level domain. For security reasons, wininet prevents setting cookies for such domains. In this case, xxx.yy is effectively a top level domain, and is protected in the same way as ".com" would be.
Resolution: This behavior is by design.
{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://i.stack.imgur.com/xKoNO.png', '推荐 冷血范 的文章《How to set cookies for two-letter domains in IE8?》','https://www.manongdao.com/article-735675.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}