Jump to content

[SOLVED] www.example.com & example.com Difference Session Cookie Woes


CloudSex13

Recommended Posts

Hi, thanks for reading.

 

I have a website, let's call it www.example.com.

 

When www.example.com is accessed, a user can log in to the site and it will set a PHPSESSID session cookie. My session cookie code is:

 

session_start();
session_regenerate_id();
$_SESSION['username'] = $username;
$_SESSION['accountid'] = $accountid;
$_SESSION['loggedin'] = true;
header("Location: main.php");
die();

 

When the cookie is set, the host parameter of the cookie is: www.example.com

 

When a user goes to example.com and logs in, a session cookie is set, but the host parameter of the cookie is: example.com

 

A user can log into www.example.com and example.com with two separate sessions, and this screams insecure.

 

Could anyone suggest a way to only have the session cookie be set for www.example.com?

 

Thanks if so. :)

Archived

This topic is now archived and is closed to further replies.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.