A community in which webmasters can ask for help with topics such as PHP coding , MySQL , IT jobs, web design, IT security.
Current location:homephp forumphp talk in 2008 yearPHP: Cookie domain / subdomain control - page 1
User InfoPosts
PHP: Cookie domain / subdomain control#1
I'm working on a site with multiple subdomains, some of which should get their own session.

I think I've got it worked out, but have noticed something about cookie handling that I don't understand. I don't see anything in the docs that explains it, so thought I would see if anyone here has some light to shed on the question.

If I just do:

session_start();


I end up with a session cookie like this:

subdomain.example.net

However, if I make any attempt to set the cookie domain myself, either like

ini_set('session.cookie_domain', 'subdomain.example.net');


or like

session_set_cookie_params( 0, "/", "subdomain.example.net", false, false);


I end up with a cookie for .subdomain.example.net (note the opening dot), which I believe means "match all subdomains (or in this case sub-subdomains).

This seems to happen with all my cookies actually, not just session. If I set the cookie domain myself, it automatically has the dot prepended, meaning this domain and all subs of it. If I don't set the domain, then it gets it right by using only the current domain.

Any idea what causes this, and what I can do to control that prepending dot?

Thanks!

posted date: 2008-12-07 15:06:00


Re: PHP: Cookie domain / subdomain control#2
I had made out the solution of this problem. click to view my topic...

hope that hepls.

posted date: 2008-12-07 15:06:01


Re: PHP: Cookie domain / subdomain control#3
PHP's cookie functions automatically prefix the $domain with a dot. If you don't want this behavior you could use the header function. For example:header("Set-Cookie: cookiename=cookievalue; expires=Tue, 06-Jan-2009 23:39:49 GMT; path=/; domain=subdomain.example.net");

posted date: 2008-12-07 15:42:00


Re: PHP: Cookie domain / subdomain control#4
If you run your PHP script under "http://subdomain.example.net", don't use the domain parameter:setcookie('cookiename','cookievalue',time()+(3600*24),'/');You will get a cookie with "subdomain.example.net" (and not ".subdomain.example.net")

posted date: 2009-04-13 15:14:00


Re: PHP: Cookie domain / subdomain control#5
This may help someone (i spent some hours to figure this out). After make the changes in the source files and before you test it, close your browser to properly destroy PHPSESSIONID in all domains and subdomains. Hope this save some time!

posted date: 2011-01-23 05:43:00


Re: PHP: Cookie domain / subdomain control#6
You can also use the session part of Firebug if you want to manage the session cookies explicitly.

posted date: 2011-01-24 13:46:00


Re: PHP: Cookie domain / subdomain control#7
If you read all of RFC 6265, you'll realize that the only proper way to have a "host-only" cookie, is to NOT set the domain attribute. tools.ietf.org/html/rfc6265#section-5.4

posted date: 2011-11-14 05:13:00


Re: PHP: Cookie domain / subdomain control#8
If you read all of RFC 6265, you'll realize that the only proper way to have a "host-only" cookie is to NOT set the domain attribute.http://tools.ietf.org/html/rfc6265#section-5.4

posted date: 2011-11-14 05:14:00


Re: PHP: Cookie domain / subdomain control#9
I realise this is an old question but I was having this problem and none of the answers above quite did it.I wanted to set the session cookie for a subdomain, but also enable httponly and secure.To avoid a leading . infront of the subdomain, Kevin and stolsvik are correct don't set the domain attribute.So to do this and still be able to set httponly and secure mode, set the domain to NULL as follows:session_set_cookie_params(0, '/', NULL, TRUE, TRUE);You will now have a session cookie, for a specific subdomain (without a leading .) with httponly and secure set to true.

posted date: 2012-02-25 04:14:00


Re: PHP: Cookie domain / subdomain control#10
Setting the domain to ".example.com" should make it host-only.

posted date: 2012-09-09 14:53:00


Re: PHP: Cookie domain / subdomain control#11
What's the difference between an explicit domain set to subdomain.example.net and one that is not set?

posted date: 2013-06-06 16:54:00


Re: PHP: Cookie domain / subdomain control#12
if you set it, you get a dot in front which matches all subdomains, instead of only matching the current subdomain only

posted date: 2013-07-26 12:48:00


select page: « 1 2 »
Copyright ©2008-2017 www.momige.com, all rights reserved.