14

I create a bunch of cookies for authentication purposes and a part of the website allows the users to navigate to the UK part of the site. This is enabled by having a uk prefix in the domain. (e.g uk.domain.com).

I basically have a small script that checks to see if the subdomain is called UK then I deliver the UK content.

How can I make it so all the cookies on domain.com transfer to uk.domain.com?

I've tried ...

... setting the cookie to the just root domain

 setcookie("auth", "blahblah", time() + 123, "/", "localhost")

... adding a dot to the beginning of the domain

 setcookie("auth", "blahblah", time() + 123, "/", ".localhost")

... creating the cookie on both domains

 setcookie("auth", "blahblah", time() + 123, "/", "localhost")
 setcookie("auth", "blahblah", time() + 123, "/", "uk.localhost")

... creating cookies without any domain or path.

 setcookie("auth", "blahblah", time() + 123, "/")
 setcookie("auth", "blahblah", time() + 123)

I just can't seem to get it to work.

GalahadXVI
  • 759
  • 1
  • 8
  • 19
  • Possible duplicate of [Share cookie between subdomain and domain](http://stackoverflow.com/questions/18492576/share-cookie-between-subdomain-and-domain) – Ragen Dazs Jul 30 '16 at 00:12

3 Answers3

17

Found out that you cannot set localhost as a cookie on chrome. It needs to be a registry controlled domain and not an IP or intranet hostname.

I found a workaround by basically turning localhost into a domain.

I added this to the host file (c:\windows\system32\drivers\etc\hosts) -

127.0.0.1    localhost.com    
127.0.0.1    uk.localhost.com

then created the cookies with the localhost domain

setcookie("auth", "blahblah", time() + 123, "/", "localhost.com")

This allowed me to access the auth cookie from http://uk.localhost.com (or pretty much any subdomain).

GalahadXVI
  • 759
  • 1
  • 8
  • 19
2

I want to expand the answer of @slothinspace: https://stackoverflow.com/a/38669116/10712525

I can't put this as a comment because it too long.

I spent hours looking for this solution.

In short, you can't set the domain in a cookie for .localhost and expect it to work correctly (expecting it to work for a subdomain and the main domain). You can also experiment some problems if you try to do it more explicitly, eg: subdomain.localhost.

Just to clarify: the Domain attribute allows the cookies to be shared between the main domain and subdomains.

If you set the localhost URL in /etc/hosts like in the selected answer, you can put .localhost.com or subdomain.localhost.com as the cookie domain and it will work fine.

I have tested it in Chrome, Brave and Firefox.

Final request: Don't forget to upvote this question and the correct answer, to make it easier to find.

And another thing, thanks for reading this and I apologize for my English.

Lucas Vazquez
  • 1,456
  • 16
  • 20
1

I found a trick that doesn't need editing the 'hosts' file and will let you keep using localhost.

In my case, I needed to set a cookie on localhost and let service.localhost see that cookie. When inspecting the cookie on localhost, the domain property didn't have a leading dot. When I tried setting a leading dot manually, even localhost couldn't see it.

So my fix was to move everything one subdomain level down. localhost became apps.localhost and service.localhost became service.apps.localhost

Robert Trad
  • 11
  • 2