CloudSex13 Posted June 16, 2009 Share Posted June 16, 2009 Hi, thanks for reading. I have a website, let's call it www.example.com. When www.example.com is accessed, a user can log in to the site and it will set a PHPSESSID session cookie. My session cookie code is: session_start(); session_regenerate_id(); $_SESSION['username'] = $username; $_SESSION['accountid'] = $accountid; $_SESSION['loggedin'] = true; header("Location: main.php"); die(); When the cookie is set, the host parameter of the cookie is: www.example.com When a user goes to example.com and logs in, a session cookie is set, but the host parameter of the cookie is: example.com A user can log into www.example.com and example.com with two separate sessions, and this screams insecure. Could anyone suggest a way to only have the session cookie be set for www.example.com? Thanks if so. Link to comment https://forums.phpfreaks.com/topic/162310-solved-wwwexamplecom-examplecom-difference-session-cookie-woes/ Share on other sites More sharing options...
haku Posted June 16, 2009 Share Posted June 16, 2009 I personally set all my sites up using my .htaccess to redirect example.com to www.example.com. This will solve your problems. Some people go the other way as well (removing the www by default). Link to comment https://forums.phpfreaks.com/topic/162310-solved-wwwexamplecom-examplecom-difference-session-cookie-woes/#findComment-856767 Share on other sites More sharing options...
CloudSex13 Posted June 16, 2009 Author Share Posted June 16, 2009 Thanks, dawg. Here's the code I found online if you're using a Linux machine: Options +FollowSymLinks RewriteEngine on RewriteCond %{HTTP_HOST} ^example.(.*) RewriteRule ^(.*)$ http://www.example.com/$1 [R=301,L] Link to comment https://forums.phpfreaks.com/topic/162310-solved-wwwexamplecom-examplecom-difference-session-cookie-woes/#findComment-857403 Share on other sites More sharing options...
Recommended Posts
Archived
This topic is now archived and is closed to further replies.