You'll need to use session_set_cookie() and set the 3rd argument to ".mywebsite.com" (note leading dot). See https://www.php.net/manual/en/session.configuration.php#ini.session.cookie-domain for more info.

What you really need to do is pick a URL scheme and then use mod rewrite to enforce it. Choose either one, it doesn't matter. Do not allow both.

It might help to review some of the basics of cookies. One of the fundamental concepts with cookies is that they are associated with a specific domain. Note that mywebsite.com and www.mywebsite.com are not identical domains -- the latter is a subdomain of the former. There are security considerations for cookies. For example, you wouldn't want one website to have access to cookies from another website. If that were allowed, a bad guy, e.g., badwebsite.com, might see cookies for gmail.com, thereby gaining access to your email.

benanamen pick a URL scheme ...

Yes, very much so. Although there's occasionally a need to use a different subdomain; it's still done occasionally for mobile, for example.

NogDog use an alias in your web server.