Ask HN: Why do most platforms have the same host pattern?

I work at Aptible, another PaaS that follows the same host pattern you describe for providing one-off addresses when someone doesn&#x27;t want to bring their own domain. The reasons you stated are both valid, along with the fact that a single domain means we don&#x27;t need to _register_ new domains for every customer app.<p>Another note: we use `on-aptible.com` for our hosted app domains, separate from `aptible.com` for an important security reason: it is a second line of defense in avoiding cookie&#x2F;CORS attacks (the first line of defense being setting cookies we control in a single subdomain and avoiding wildcards for CORS).<p>A related important measure for a PaaS using a single domain for subdomains owned by different accounts is to register that domain on the Public Suffix List [0], which prevents &quot;supercookies&quot; being set across these separately-owned subdomains.<p>[0] <a href="https:&#x2F;&#x2F;publicsuffix.org&#x2F;" rel="nofollow">https:&#x2F;&#x2F;publicsuffix.org&#x2F;</a>

<i>What other reasons would this common pattern be used?</i><p>Laziness. Some of the higher-end platforms create customer specific sub-domains and use sub-domain wildcards once that customer is in a particular revenue bracket.<p>The pattern you mention has gotten many AWS and related platform customers into trouble from sub-domain take-over as humans are good at creating things and quite bad at de-provisioning things despite automation. There are some bug-bounty folks that spend their entire time looking for sub-domain take-over opportunities and I hear it can be quite lucrative.

From the top of my head, using the same domain means cookies can be shared across a domain if you set them to be able to do that but you can&#x27;t do that across multiple domains