Menu
I have a site that uses www.example.com for standard pages and secure.example.com for HTTPS. I am trying to set a cookie when user logs in that will be valid on both the HTTP & HTTPS versions of the site.
I am doing this by setting path to "/" and domain to ".example.com". This works fine in Firefox and Internet Explorer, but in Chrome the cookie is only working on the version of the site where it was set (http://www.example.com or https://secure.example.com)
Is this a bug or am I doing something wrong? If it's a bug is there a workaround?
The cookie is being set by PHP in headers.
setcookie("login",base64_encode($email."::".md5($password)),2840184012,"/",".example.com");
635
You cannot set a cookie for both HTTP and HTTPS at the same time. You need to set two separate cookies, one for HTTP and one for HTTPS:
setcookie("login", base64_encode($email."::".md5($password)), 2840184012, "/", ".example.com");
setcookie("login", base64_encode($email."::".md5($password)), 2840184012, "/", ".example.com", true);
This does only work if you set the cookies in https://secure.example.com as you can only set secure cookies via HTTPS.
Oh, and by the way: Do not store the authentication information in a cookie! Use a once valid authentication token instead.
123
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
