[Setting the domain correctly for cookies]

I'm not sure but I think that www.xyz.com is the same as xyz.com. Somehow. The 'true' subdomains tho are different. Either way if you begin in a specific domain name and set some cookies in the root folder they will be there for any users of said domain. What else could you want? In what world would you need cross-referencing of them between apps running in different domains?

 

I guess cookies being readable on the www. version is really a no issue, the main concern lies with cookies being readable on subdomains - which I don't want (due to security).

[Setting the domain correctly for cookies]

Yes I am. And I see now how confusing my answer was to you. IF I had bothered to check first I would have said that the \ in the 4th argument would ensure that your cookies would be in the correct place regardless of what domain name was in $site. The cookies will be in the domain root because of the \ although the absolute path of that location will be different depending upon the current $site/domain value.

 

Appreciate you clarifying, however if $site was set to domain.com, would cookies be readable on any other variation such as www.domain.com or somethingelse.domain.com or www.somethingelse.domain.com (which is what I don't want)?

[Setting the domain correctly for cookies]

Why don't you read the manual re: cookies? You do read the manual when you have questions first, don't you?

 

I have as mentioned in my initial post, my follow up question was to clarify your response, are you referring to the fourth parem of setcookie()?

[Setting the domain correctly for cookies]

I think that a simple \ should work. It will represent the root folder of whatever the domain is pointing to, no?

 

Hmm...If I understand you correctly - do you mean changing $site to '/' ? - did not know you could do that.

[Setting the domain correctly for cookies]

I have a script where $site (location of where it's hosted) will either be in the format of a subdomain e.g. 'something.domain.com' or a domain 'domain.com', and the cookies are handled like the following:

ini_set('session.cookie_domain', $site); //for sessions


setcookie($name, $value, $expiry, '/', $site, false, true); //for others

My question is the script's canonical url is non-www and I don't want other subdomains for various reasons (including security) being able to access/read the cookies (e.g. 'www.something.domain.com' or 'www.domain.com' or 'somethingelse.domain.com' or 'www.somethingelse.domain.com'), so would you say the above will work okay (providing $site does not proceed with www. or .)?

 

I have searched around (also referred to php.net) and believe the above will be okay from my understanding - but wanted reassurance as I had read many conflicting/confusing information!

 

Edit: If the above won't work - I thought about maybe setting $site to false (the .htaccess code would enforce access only via non-www)?

[PHPFreaks Tutorials Wishlist]

What I'd really like to learn, is how to manage (edit/delete/submit) data via php (form) to a database (table).

 

This would be a greate tutorial, and would really help me, I believe it would also benefit others who are looking to manage sql info via php.

 

So for example the tutorial would consist of:

 

A form which can submit names to a database  (Submit)

 

A form to delete names from the database. (Delete)

 

And a form which can edit the names in the database (Edit).

 

names = data

 

This just an example, i know their might better be ways. I've googled tutorials on this and their just for a specific function, ie. Delete. Theirs none that i know which teach how to do all in one.

 

Thanks