Sharing session between wildcard subdomain

'.localhost' is the only value that should work on all three.

I'm saying "should" because some browsers will prepend that dot even if you didn't provide it.

'en.localhost' will only send the cookie to en.localhost
'fr.localhost' will only send the cookie to fr.localhost


Port numbers are not allowed - not just by CI, the cookie protocol simply doesn't recognize them. Thus, if you include a port in the domain name it will be invalid (and probably the currently used hostname will be assumed by PHP and/or the browser).

---

If it doesn't work with '.localhost', it's most likely due to a collision - your previous attempts have resulted in separate cookies created for each of the three domains, but all sharing the same name. Browsers will give precedence to exact matches, and therefore your cookies for en.localhost and fr.localhost won't be overwritten by the one for '.localhost'
To start clean - clear all of your cookies for these domains, or change the cookie name. It should work then.

---

Also, CI3 doesn't use your $config['encryption_key'] for sessions - that's irrelevant.