session.cookie_domain (question/problem)

**Zaggs** · Dec 1, 2008, 07:20

Hi Guys,

I am trying to register my PHP session site-wide (all dirs and subdomains), but it does not seem to be working. Here is the scenario:

1) The session is being registered from https://secure.mydomain.com/clients
2) I also want the session to work in http://mydomain.com/domains

I am using the following ini_set at the top of my file (before session_start()):

PHP Code:


ini_set('session.cookie_domain', '.mydomain.com');

I have also tried:

PHP Code:


ini_set('session.cookie_domain', 'mydomain.com');

(without the .)

Is this possible? Does it have anything to do with SSL?

**maneetpuri** · Dec 2, 2008, 02:36

Hi,

Yes it’s because of SSL, session and cookies created on https can not be access through http and visa versa.

Cheers,

**Daniel0** · Dec 2, 2008, 06:12

Try to set session.cookie_secure to false. By the way, there is a function for this.

Originally Posted by maneetpuri

Yes it’s because of SSL, session and cookies created on https can not be access through http and visa versa.

Not entirely true. You cannot read cookies where secure=true on unencrypted connections, but you can read cookies where secure=false on both encrypted and unencrypted connections.

The SitePoint Forums have moved.

User Tag List

Thread: session.cookie_domain (question/problem)

Thread Tools

Display

session.cookie_domain (question/problem)

Bookmarks

Bookmarks

Posting Permissions