newbtophp Posted January 25, 2015 Share Posted January 25, 2015 (edited) I have a script where $site (location of where it's hosted) will either be in the format of a subdomain e.g. 'something.domain.com' or a domain 'domain.com', and the cookies are handled like the following: ini_set('session.cookie_domain', $site); //for sessions setcookie($name, $value, $expiry, '/', $site, false, true); //for others My question is the script's canonical url is non-www and I don't want other subdomains for various reasons (including security) being able to access/read the cookies (e.g. 'www.something.domain.com' or 'www.domain.com' or 'somethingelse.domain.com' or 'www.somethingelse.domain.com'), so would you say the above will work okay (providing $site does not proceed with www. or .)? I have searched around (also referred to php.net) and believe the above will be okay from my understanding - but wanted reassurance as I had read many conflicting/confusing information! Edit: If the above won't work - I thought about maybe setting $site to false (the .htaccess code would enforce access only via non-www)? Edited January 25, 2015 by newbtophp Quote Link to comment Share on other sites More sharing options...
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.