Dealing with two PHP session cookies?

0
votes

I'm trying to deal with two PHPSESSID cocokies. One uses the www subdirectory - so www.mydomain.com - while the other uses .mydomain.com.

As it stands now the script is able to set the cookie domain, but if another script is ran at the www subdomain before I access mydomain.com, then the cookie is set for www.mydomain.com. Then if I visit mydomain.com a cookie for .mydomain.com is set. This means that I can end up with two PHPSESSID cookies.

Is there a way to be sure of which cookie I'm dealing with in a scenario like this?

I've looked at another post but didn't come away with anything conclusive.

How to handle multiple cookies with the same name?

3
phpsessioncookiesmultiple-instances

3 Answers

0
votes

Why not just change the session cookie name in the php.ini?

session.name = WHATEVER_YOU_LIKE
0
votes

You should instead redirect all of your traffic to one of the two. This will take care of your issue you are having and take care of duplicate search results. Use either www or no www. Check line 362:

https://github.com/h5bp/html5-boilerplate/blob/master/.htaccess

Unless you have a reason to use both www. and .

0
votes

Put this at the top of the first php file that runs, like index.php or a config.php file.. before the session starts.

<?php

if(stripos($_SERVER['HTTP_HOST'],'www')===false) {
   ini_set('session.cookie_domain', 'site.com');
} else {
   ini_set('session.cookie_domain', 'www.site.com');
}

?>

This will cause the cookie to only be associated with 1 or the other domains, meaning that the user can have 2 cookies named PHPSESSID.