|
|
|
|
|
|
by diafygi
2361 days ago
|
|
|
blog.domain.com is much better from a security perspective since logged-in session cookies from your main domain won't be sent in blog requests (different origin). That provides protection for if someone manages to get a malicious script into your blog, they can't start making authenticated requests (since it isn't the same origin). |
|
|