session cookie working on a site with multiple sub domains

$res = setcookie('var_name', 'var_value', null, "/", '.mydomain.com' );
var_dump($res); exit;



v I don't think you can have a (sub)domain point to a different domain, but you can have both the (sub)domain and the other domain point to the same IP-address.

If your cookie is set at domain.com, you can read it at forum.domain.com, but not at siteforum.com, even though they are at the same location and have the same IP address.

What you can do to read a cookie on a different domain, is write a script that sets a cookie, and store the script on the other domain.

Then, in a page on the first domain, you call the script:
PHP Code:
// in page on domain.com
setcookie( $value, $name, ... );
$dummy =  file( "http://siteforum.com/setcookie?cookie=$name&value=$value" );



You determine the $cookiedomain as the value of $_SERVER['SERVER_NAME']. I guess this may work for you cause you always used the same server or a shared hosting? Maybe the SERVER_NAME can be different something than a domain name.

And, your cookie will be useful only on www domain. I want it to be useful for people without www domain too.

So, I wrote the following:



$cookiedomain = $_SERVER['HTTP_HOST'];
if(strtolower(substr($cookiedomain, 0, 4)) == 'www.') {
$cookiedomain = substr($cookiedomain, 4);
}
$cookiedomain = '.' . $cookiedomain;

setcookie("username", $_SESSION['username'], 2147483647, "/", $cookiedomain, 0);






----------------------------------------------------------------------------------------------------

Hi All,

I'm working on a site with multiple subdomains, some of which should get their own session.

I think I've got it worked out, but have noticed something about cookie handling that I don't understand. I don't see anything in the docs that explains it, so thought I would see if anyone here has some light to shed on the question.

If I just do:

session_start();
I end up with a session cookie like this:

subdomain.example.net

However, if I make any attempt to set the cookie domain myself, either like

ini_set('session.cookie_domain', 'subdomain.example.net');
or like

session_set_cookie_params( 0, "/", "subdomain.example.net", false, false);
I end up with a cookie for .subdomain.example.net (note the opening dot), which I believe means "match all subdomains (or in this case sub-subdomains).

This seems to happen with all my cookies actually, not just session. If I set the cookie domain myself, it automatically has the dot prepended, meaning this domain and all subs of it. If I don't set the domain, then it gets it right by using only the current domain.

Any idea what causes this, and what I can do to control that prepending dot?

Thanks!
-------------------------------------------------------------
answers

header("Set-Cookie: cookiename=cookievalue; expires=Tue, 06-Jan-2009 23:39:49 GMT; path=/; domain=subdomain.example.net");


If you run your PHP script under "http://subdomain.example.net", don't use the domain parameter:

setcookie('cookiename','cookievalue',time()+(3600*24),'/');
You will get a cookie with "subdomain.example.net" (and not ".subdomain.example.net")

Post a Comment

0 Comments