multiple SESSION cookies being set?

Question

My site is sending two different session id cookies (PHPSESSID), one under "www.sitename.com" and the other "sitename.com".

I read this answer here which says to specify the domain used in the 5th parameter, but what about SESSION cookies which are created automatically?

I think the issue is that the facebook login used the PHPSESSID with www. in the domain while the manual login doesn't. This results in two different PHPSESSID cookies which really messes things up.

Not sure why this is happening or how to force facebook to not use www.

What do you mean "created automatically"? Set the 'domain' parameter in setCookie call to `.example.com` to set it for example.com and all its subdomains. (Note the . before the domain name.) — marekful, Jun 16 '15 at 15:25
I mean I don't use the setcookie() to set it. I use session_start() which automatically creates the cookie. — thinkofacard, Jun 16 '15 at 15:29

score 1 · Accepted Answer · answered Jun 16 '15 at 15:31

1

Session cookie parameters can be set in two ways:

in php.ini file (http://php.net/manual/en/session.configuration.php#ini.session.cookie-domain);
via session_set_cookie_params function (http://php.net/manual/en/function.session-set-cookie-params.php).

Your current setup propably provides no cookie_domain setting which causes hostname usage.

If you choose to use the function, please remember to call it BEFORE session is started (eg. before session_start). If you have session autostart turned on, the php.ini way is your only choice.

answered Jun 16 '15 at 15:31

ptkoz

2,388
1
20
28

Excellent answer. Unfortunately, it seems like it's the facebook redirect from the share dialogue that is creating the www. cookie. I have it specified in the php.ini to use the domain without the www. – thinkofacard Jun 16 '15 at 15:41
Is it happening somewhere in public internet? Can you provide link? – ptkoz Jun 16 '15 at 16:44

multiple SESSION cookies being set?

1 Answers1