I have a website with multiple subdomains, which share a unique PHP session cookie to identify each user. I did this by simply adding session.cookie_domain = '.mydomain.com', however I'm wondering if it's possible to specify more than one subdomain, so that cookies will only get sent to, for example, www.mydomain.com and user.mydomain.com but won't in images.mydomain.com.
Would this be possible?
Asked
Active
Viewed 1,712 times
8
Ruben
- 81
- 2
-
You might find [`$cookie->setDomain($domain)`](https://github.com/delight-im/PHP-Cookie/blob/004cde69ec840e65c15275e09b92ecb1da06f357/src/Cookie.php#L117) helpful, as found in [this standalone library](https://github.com/delight-im/PHP-Cookie). This lets you share the cookie with all subdomains or not at all. All other scenarios are not possible as per the HTTP specification. – caw Sep 21 '16 at 03:58
2 Answers
2
No, those would have to be 2 separate cookies.
You would have to create a sub-domain like sub.mydomain.com, have hosts like www.sub.mydomain.com etc., and set cookies for .sub.mydomain.com if you wanted to isolate cookies in that way...
e.dan
- 7,275
- 1
- 26
- 29
-1
for future users, actually you can just rename the cookie id and you can have specific cookie for that subdomain
Fareed Alnamrouti
- 30,771
- 4
- 85
- 76
-
Read question again, question is about one cookie shared by two subdomains, but not by third. – Markus Laire Aug 10 '16 at 07:07
-
but may do i ask this cookie is for authentication ? something like user login ? – Fareed Alnamrouti Aug 10 '16 at 08:15