0

I'm trying to deal with two PHPSESSID cocokies. One uses the www subdirectory - so www.mydomain.com - while the other uses .mydomain.com.

As it stands now the script is able to set the cookie domain, but if another script is ran at the www subdomain before I access mydomain.com, then the cookie is set for www.mydomain.com. Then if I visit mydomain.com a cookie for .mydomain.com is set. This means that I can end up with two PHPSESSID cookies.

Is there a way to be sure of which cookie I'm dealing with in a scenario like this?

I've looked at another post but didn't come away with anything conclusive.

How to handle multiple cookies with the same name?

Community
  • 1
  • 1
Andre
  • 1,347
  • 3
  • 14
  • 23

3 Answers3

0

Why not just change the session cookie name in the php.ini?

session.name = WHATEVER_YOU_LIKE
Niet the Dark Absol
  • 320,036
  • 81
  • 464
  • 592
  • Because the script that's being used sets the session.name and can be accessed either with or without the www subdomain. I gave PHPSESSID in the example, because I felt it made it easier to understand the nature of the problem. – Andre Feb 25 '13 at 20:48
0

You should instead redirect all of your traffic to one of the two. This will take care of your issue you are having and take care of duplicate search results. Use either www or no www. Check line 362:

https://github.com/h5bp/html5-boilerplate/blob/master/.htaccess

Unless you have a reason to use both www. and .

David Nguyen
  • 8,368
  • 2
  • 33
  • 49
0

Put this at the top of the first php file that runs, like index.php or a config.php file.. before the session starts.

<?php

if(stripos($_SERVER['HTTP_HOST'],'www')===false) {
   ini_set('session.cookie_domain', 'site.com');
} else {
   ini_set('session.cookie_domain', 'www.site.com');
}

?>

This will cause the cookie to only be associated with 1 or the other domains, meaning that the user can have 2 cookies named PHPSESSID.

AskApache Htaccess
  • 1,110
  • 10
  • 9
  • Similar code is already in place. // In the event the site is accessed absent of the www directory shortcut. // Attempt to set the cookie domain. if (($cnt = substr_count($host = Http::getRequest()->getHost(), '.')) == 1) { $this->_config['session']['option']['cookie_domain'] = $host; } elseif ($cnt == 2 && preg_match('/^www[1-4]?\.(.*)$/', $host, $matches)) { $this->_config['session']['option']['cookie_domain'] = $matches[1]; } – Andre Feb 26 '13 at 15:55