php cross domain cookie - except static subdomain

0
votes

I have a website with n number of sub-domains, and one reserved for static content. I need to set up a cookie across all sub-domains except the static sub-domain. My home-page is on a sub-domain-less (domain.lk) manner. It is possible to route it to www.domain.com if necessory

It is more important to keep the static sub-domain cookie free.

I have tried the following line of code before reading cookies

ini_set('session.cookie_domain', 'domain.lk');

and

ini_set('session.cookie_domain', 'www.domain.lk');

That line was present only on dynamic sub-domains. But it didn't work. Cookie was not accessible from different sub-domains.

My static sub-domain is hard coded in to many contents (database records), therefor changing that is not a good option.

1
phpcookiessetcookiesubdomain
domain.lk restricts it to literally just the one domain.lk address. .domain.lk (with leading .) allows the cookie to be used across sub-domains. There is no way to say "allow subdomains EXCEPT this certain one".Marc B

1 Answers

1
votes

There's no means of setting a domain level cookie and making it not visible on given sub-domain. (You will however need to prefix the domain with a period as such...)

ini_set('session.cookie_domain', '.domain.lk');

However, if the static domain doesn't require cookies (or indeed presumably the existence of PHP at all), the fact that this cookie doesn't exist shouldn't be an issue.

That said, you should be able to overcome this using the mod_headers Apache module on the given sub-domain (so that it's not transmitted to the browser client) via...

RequestHeader unset Set-Cookie