CodeIgniter Forums
Can a cookie be valid for more than one domain? - Printable Version

+- CodeIgniter Forums (https://forum.codeigniter.com)
+-- Forum: Archived Discussions (https://forum.codeigniter.com/forum-20.html)
+--- Forum: Archived Development & Programming (https://forum.codeigniter.com/forum-23.html)
+--- Thread: Can a cookie be valid for more than one domain? (/thread-4628.html)



Can a cookie be valid for more than one domain? - El Forum - 12-06-2007

[eluser]europe72[/eluser]
Technically no, but...

My question is because my site is hosted in a shared environment, my non secure and secure sections of my site are on different domains. Specifically my non secure section is at http://www.domain.tld while my secure is at https://hosting-provider.domain.tld.

I set my cookie in the non secure section, but need it to be valid in the secure section as well...any ideas?

Thanks


Can a cookie be valid for more than one domain? - El Forum - 12-06-2007

[eluser]tonanbarbarian[/eluser]
Technically what you are wanting the cookie to be valid across mutliple hostnames on the same domain
This is certainly possible

From http://ellislab.com/codeigniter/user-guide/helpers/cookie_helper.html
Code:
$cookie = array(
                   'name'   => 'The Cookie Name',
                   'value'  => 'The Value',
                   'expire' => '86500',
                   'domain' => '.some-domain.com',
                   'path'   => '/',
                   'prefix' => 'myprefix_',
               );

set_cookie($cookie);

so if you set the domain parameter to '.domain.tld' it should work in both www and hosting-provider


Can a cookie be valid for more than one domain? - El Forum - 12-06-2007

[eluser]ejangi[/eluser]
There are known issues with sessions/cookies across HTTP and HTTPS. I'm not sure if/how CI manages this and I couldn't even find a decent PHP snippet for you, but there is a thread here that may be of help.


Can a cookie be valid for more than one domain? - El Forum - 12-06-2007

[eluser]europe72[/eluser]
Actually my example was incorrect. Sorry about that. I didn't realize that I used the same domain for both.

Consider the same issue with domain.tld vs hosting-provider.provider.tld

Thanks


Can a cookie be valid for more than one domain? - El Forum - 12-06-2007

[eluser]tonanbarbarian[/eluser]
You could probably do the following but it is a MAJOR security risk
Code:
$cookie = array(
                   'name'   => 'The Cookie Name',
                   'value'  => 'The Value',
                   'expire' => '86500',
                   'domain' => '.tld',
                   'path'   => '/',
                   'prefix' => 'myprefix_',
               );

set_cookie($cookie);

This would be the same as saying that the cookie is valid for all .com domains. As you can imagine not a good idea.
You probably need to create 2 cookies in this case 1 for each domain.