About cookie and session?

Anon

I heard that the value set by cookie only is valid for one domain. Is that true? How about session?

I want to protect multiple pages using session, but if a session value is valid for more than one domain, then anyone can simply register that value and visit the page I protected.

What is the best way to protect multiple pages?

Can anyone help me solve this problem?

Anon

I'm pretty sure the same is true for the session. I never looked into it, but I'm pretty sure that the PHP session functions simply use cookies anyway, and they're only valid for what you tell them to be valid for (ie: hotmail.com is valid for all of hotmail, but law5.hotmail.com is only valid for law5.hotmail.com; even law3.hotmail.com can't look at it)
I don't even bother with PHP's sessions, tho.. I have a couple of functions that keep a small MySQL table and cookies that are to just match each other up. That with a little MD5 action proves quite unbreakable, so long as the script is.

Anon

Dear
I want to know about session and security by example.Please send and inform me about that.
Thankx

smileyq

With all my experience with sessions and cookies you shouldn't have any security issues as from site to site unless you are speaking of just different directories in the site such as. www.net.com/one/index.php & www.net.com/two/index.php. This would result in a security issue because you are using the same domain name for this. If you use host names suchs as one.net.com/index.php for example that would be different than two.net.com so you would be fine. Just make sure you create a session and or cookie for each page and its host.domain. Remember www->is actually a host on the .net.com domain. Hope this helps out. Best of luck.