[RESOLVED] cookies and domains

sneakyimp

i've been working on a site that controls user access and uses cookies to keep track of whether a user is logged in or logged out.

the problem i'm having is that when a user logs in at mydomain.com and then for some reason types in www.mydomain.com/some_restricted_page.php then they get logged out! apparently the cookies consider www.domain.com a SEPARATE DOMAIN from domain.com.

does anyone know how to solve this problem?

jara06

yes, drop cookies and use sessions. its what they are there for.
I remember I once had your problem too and descided to drop cookies, because browsers simply just handles cookies 'incorrect'/differently.

sneakyimp

Unfortunately, i cannot. I am adapting an existing open source project that uses them as the core of its sessioning functionality.

Also, you may not be aware of this, but in order for sessions to work, the session ID must be propagated from page to page. I believe this must be done either via cookies or via page URLs. given that, i think you cannot completely drop cookies or your session functionality will fail? someone correct me if i'm wrong.

jara06

Ok, I thought you were only using cookies, like
if ($_COOKIE['logged_in'] == true)

From php.ini:

; Whether to use cookies.
session.use_cookies = 1

From php.net/setcookie:

"To make the cookie available on all subdomains of example.com then you'd set it to '.example.com'. The . is not required but makes it compatible with more browsers. Setting it to www.example.com will make the cookie only available in the www subdomain."

sneakyimp

yes i'm using the . now and it does seem to work better and seems to be available to both domains.

THAnks.

jara06

good. 🙂

just remember to set thread to resolved too 😉