If I login through website.com and then type www.website.com, it doesn't show that I am login in and I have to do that again. What's the problem?
Asked
Active
Viewed 127 times
2
-
Problem is that website.com and www.website.com are not the same domains, therefore you need to set your session_id cookie to be allowed at www.website.com too. – N.B. May 24 '11 at 19:12
-
1Check the session cookie established when you visit `website.com`. If there's no leading `.`, then it applies ONLY to website.com and not any 'sub' version, such as the `www.` one. – Marc B May 24 '11 at 19:12
2 Answers
3
This is normal. Session cookies apply to the exact domain they were issued by default. www.website.com is a different domain from website.com.
You can expand the scope of the cookie to sub-domains, but the much better way is to actually have only either www.website.com or website.com, and to redirect one to the other.
For redirecting www to non-www, see
-
-
1This answer would be even better if you demonstrated. – Lightness Races in Orbit May 24 '11 at 19:20
-
@hey which way do you want it? I edited a good answer for one way into the question – Pekka May 24 '11 at 19:26
3
This should fix it:
session_set_cookie_params(
60 * 24, // 24 minutes lifetime
'/', // path
'.website.com', // any subdomain of website.com
false, // SSL not required
true // not accessible by JavaScript
);
session_start();
Matthew
- 47,584
- 11
- 86
- 98
-
This answer would be even better if you explained it. – Lightness Races in Orbit May 24 '11 at 19:19
-
@Tomalak, I don't disagree. But I'm lazy and two people already had responded with a "why" as comments to the original question. :) – Matthew May 24 '11 at 19:24