Same URL without www different session

Question

I have the following issue (that i know many of you probably have or had) but still i haven't found an explanation anywhere that satisfies me, or at least a proper solution.

In the session script of any of the sites that i make, if the user goes through the domain using www.domain.com and logs in, but then in a different tab he goes to the same page without the www. (domain.com) The session hasn't been started in that one.

i have found this two questions on stackoverflow but none of them offers a real solution or at least an explanation of why this behavior.

different session with url's with-www and without-www

PHP session login different for url with www and without www?

Ok to go the point, This redirections and rules doesn't work in my case.

Why? because i'm working with a payment provider that uses cURL to retrieve some data i send to them, and when they send the response back to me, they use a default URL wich i have to give to them. currently they set up the address as www. but what if one of my users goes to an especific page of the site using the domain without the www.? When i get the response from the provider it goes to www.site.com and the user there is not logged. and no actions can be applied.

Any help in this please?

Thanks Cheers.

Actually [this](http://stackoverflow.com/a/6784709/508666) does answer it — PeeHaa, Oct 29 '13 at 20:00
Yes, i skiped one important line from the post, thank you for noticing, i managed to solve it now. — DJ22T, Oct 30 '13 at 19:15

score 1 · Accepted Answer · answered Oct 29 '13 at 20:03

1

As said there http://www.php.net/manual/en/function.setcookie.php

Cookies available to a lower domain, such as 'example.com' will be available to higher subdomains, such as 'www.example.com'

So just do

session_set_cookie_params(0, '/', 'yourdomain.com');

without www

answered Oct 29 '13 at 20:03

Thank you for your answer. And where shall i put the code i'm a little lost in there. And will it work for every url within the domain? – DJ22T Oct 30 '13 at 16:40
@DannyG, this function should be called right before `session_start()` in your script. Yes, it will works for every higher domain. Actually, you can easily verify this fact: go to any stackoveflow subdomain (e.g. meta.stackoveflow.com) and look at the cookie. You will see ones from `.meta.stackoverflow.com` but also from `.stackoverflow.com`. Yeah, you can try to put a dot at the beginning of domain name, don't know exactly, but it may be more compatible. – Oct 30 '13 at 17:25
Thanks @Arantir i tried the code and it's working properly now, thank you so much :) – DJ22T Oct 30 '13 at 19:14

Same URL without www different session

1 Answers1

Linked