Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

PHP: Cookie domain / subdomain control

Tags:

php

cookies

I'm working on a site with multiple subdomains, some of which should get their own session.

I think I've got it worked out, but have noticed something about cookie handling that I don't understand. I don't see anything in the docs that explains it, so thought I would see if anyone here has some light to shed on the question.

If I just do:

session_start();

I end up with a session cookie like this:

subdomain.example.net

However, if I make any attempt to set the cookie domain myself, either like

ini_set('session.cookie_domain', 'subdomain.example.net');

or like

session_set_cookie_params( 0, "/", "subdomain.example.net", false, false);

I end up with a cookie for .subdomain.example.net (note the opening dot), which I believe means "match all subdomains (or in this case sub-subdomains).

This seems to happen with all my cookies actually, not just session. If I set the cookie domain myself, it automatically has the dot prepended, meaning this domain and all subs of it. If I don't set the domain, then it gets it right by using only the current domain.

Any idea what causes this, and what I can do to control that prepending dot?

Thanks!

like image 460
Eli Avatar asked Dec 07 '08 23:12

Eli

People also ask

Can subdomain read domain cookie?

That is, if the domain name in your cookie's domain parameter doesn't start with a period, then it will not let subdomains read that cookie. If it does start with the period, then all subdomains will have full access to that cookie's value. Can only be read by example.com.

Is a subdomain a third party cookie?

Conclusion: if a resource sets a cookie and the base domain on the resource is the same as the base domain on the web site, but the subdomain is different, popular browsers do not treat it as a third-party cookie.

Can cookies be shared between domains?

To share a cookie between domains, you will need two domains, for example myserver.com and slave.com . One of the domains will issue the cookies and the other domain will ask the first domain what cookie should be issued to the client.

Can PHP set cookies?

With PHP, you can both create and retrieve cookie values. The name of the cookie is automatically assigned to a variable of the same name. For example, if a cookie was sent with the name "user", a variable is automatically created called $user, containing the cookie value.

1 Answers

PHP's cookie functions automatically prefix the $domain with a dot. If you don't want this behavior you could use the header function. For example:

header("Set-Cookie: cookiename=cookievalue; expires=Tue, 06-Jan-2009 23:39:49 GMT; path=/; domain=subdomain.example.net");
like image 95
Brian Fisher Avatar answered Sep 23 '22 03:09

Brian Fisher
Sign in to Comment

Related questions

PHP function with variable as default value for a parameter
Why "no such file or directory ... autoload.php" when accessing Laravel app?
Enable PHP short open tags via .htaccess
Laravel - htmlspecialchars() expects parameter 1 to be string, object given
unpacking an array of arguments in php
Scaling a chat app - short polling vs. long polling (AJAX, PHP)
How to create a custom admin page in opencart?
How many interfaces can a class implement in PHP?
How to print current URL path?
How to display the symfony profiler for API request made in the browser?
PHP daylight saving time detection
symfony2 twig and multiple levels of subfolders
Load More Posts Ajax Button in WordPress
How to prepare statement for update query? [duplicate]
How to detect user's timezone?
Laravel Delete Query Builder
Laravel PDOException SQLSTATE[HY000] [1049] Unknown database 'forge'
getting output and exit status from shell_exec()
trying to send mail using swift mailer, gmail smtp, php
PHP Shorthand ternary operator "?:" Parse error unexpected ":"

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!