hackalive Posted May 5, 2012 Share Posted May 5, 2012 Hi guys, I want a PHP Cookie & Session to apply to both the domain and all its subdomains, except one specific subdomain which I never want the same cookies/sessions to apply to. I have the apply too all sorted, just not the exception. Any help is much appreciated. Quote Link to comment https://forums.phpfreaks.com/topic/262115-php-cookies-sessions/ Share on other sites More sharing options...
PFMaBiSmAd Posted May 5, 2012 Share Posted May 5, 2012 I assume you are referring to setting the session.cookie_domain setting and the setcookie() domain parameter to be: .yourdomain.com to get it to match all variations of yourdomain.com You would need to use a different session_name for that one sub-domain (let all the others use the default session_name.) This would cause a different session id cookie name to be used for that one sub-domain. As far as regular cookies, to cause that one sub-domain to ignore the other cookies and only use the ones intended for it, the only thing that comes to mind would be to create unique cookie names (similar to what using a different session name does.) Setup a defined constant that you prepend to the cookie name. You would set this defined constant to a unique value (perhaps the sub-domain name itself) that would create a unique set of cookie names just for that sub-domain. All the setcookie() and $_COOKIE references would use that defined constant when forming the name of the cookie to set or reference. Quote Link to comment https://forums.phpfreaks.com/topic/262115-php-cookies-sessions/#findComment-1343294 Share on other sites More sharing options...
hackalive Posted May 6, 2012 Author Share Posted May 6, 2012 I have the cookie/session setting to ".mydomain.com" which is great, but I need it to be ".mydomain.com" except "exception.mydomain.com" but it would still apply to mydomain.com and all its other subdomains. Quote Link to comment https://forums.phpfreaks.com/topic/262115-php-cookies-sessions/#findComment-1343432 Share on other sites More sharing options...
xyph Posted May 6, 2012 Share Posted May 6, 2012 It's not possible using cookies alone. There is no blacklist clause in the domain parameter. PFMaBiSmAd provided a good solution. Quote Link to comment https://forums.phpfreaks.com/topic/262115-php-cookies-sessions/#findComment-1343443 Share on other sites More sharing options...
hackalive Posted May 6, 2012 Author Share Posted May 6, 2012 For my application his solution is no good. Quote Link to comment https://forums.phpfreaks.com/topic/262115-php-cookies-sessions/#findComment-1343444 Share on other sites More sharing options...
requinix Posted May 6, 2012 Share Posted May 6, 2012 For my application his solution is no good. Actually it's quite good. I guess you mean to say that it won't work in your case. So why not? Quote Link to comment https://forums.phpfreaks.com/topic/262115-php-cookies-sessions/#findComment-1343445 Share on other sites More sharing options...
hackalive Posted May 6, 2012 Author Share Posted May 6, 2012 security A third party develops on the subdomain in question. Quote Link to comment https://forums.phpfreaks.com/topic/262115-php-cookies-sessions/#findComment-1343446 Share on other sites More sharing options...
hackalive Posted May 6, 2012 Author Share Posted May 6, 2012 Solution - Host on another domain. Quote Link to comment https://forums.phpfreaks.com/topic/262115-php-cookies-sessions/#findComment-1343450 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.