My client is about to by an SSL cert. Apparently this must be either for 'mydomain.com' or 'www.mydomain.com'.
I have no idea why I would have to pay 4 times as much for a so-called 'wildcard cert' which would permit any subdomain. Seems to me that if I buy one for adfotos.com it should apply to all subdomains.
At any rate, I have experienced issues before on other projects with users being logged out when they switch from 'mydomain.com' to 'www.mydomain.com'. I am guessing this is because the session cookie somehow was no longer valid.
question 1:
Is there any way to make sure that cookies set on www.mydomain.com will still be visible if the user somehow gets to mydomain.com and vice versa?
Since i'm relying on PHP's built-in session handling rather than manually setting session cookies, I'm guessing I might need to set parameters in PHP regarding session cookies.
question 2:
What should be specified for things like session.cookie_domain or session.cookie_path? Are there any other things I might need to set?
Obviously, if it's not possible, then I would need to redirect users as soon as they arrive to either mydomain.com or www.mydomain.com depending on what my cert specifies so that if they sign in then there's no weird sudden logout problem when they get to checkout and I must link to the secure subdomain.
question 3:
What's the easiest way to force all visits to either mydomain.com or www.mydomain.com? I have an init file that gets included by every page, but am wondering of maybe httpd.conf or .htaccess might offer an easier solution.
Any help would be much appreciated.
