• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Can a cookie be valid for more than one domain?

#1
[eluser]europe72[/eluser]
Technically no, but...

My question is because my site is hosted in a shared environment, my non secure and secure sections of my site are on different domains. Specifically my non secure section is at http://www.domain.tld while my secure is at https://hosting-provider.domain.tld.

I set my cookie in the non secure section, but need it to be valid in the secure section as well...any ideas?

Thanks

#2
[eluser]tonanbarbarian[/eluser]
Technically what you are wanting the cookie to be valid across mutliple hostnames on the same domain
This is certainly possible

From http://ellislab.com/codeigniter/user-gui...elper.html
Code:
$cookie = array(
                   'name'   => 'The Cookie Name',
                   'value'  => 'The Value',
                   'expire' => '86500',
                   'domain' => '.some-domain.com',
                   'path'   => '/',
                   'prefix' => 'myprefix_',
               );

set_cookie($cookie);

so if you set the domain parameter to '.domain.tld' it should work in both www and hosting-provider

#3
[eluser]ejangi[/eluser]
There are known issues with sessions/cookies across HTTP and HTTPS. I'm not sure if/how CI manages this and I couldn't even find a decent PHP snippet for you, but there is a thread here that may be of help.

#4
[eluser]europe72[/eluser]
Actually my example was incorrect. Sorry about that. I didn't realize that I used the same domain for both.

Consider the same issue with domain.tld vs hosting-provider.provider.tld

Thanks

#5
[eluser]tonanbarbarian[/eluser]
You could probably do the following but it is a MAJOR security risk
Code:
$cookie = array(
                   'name'   => 'The Cookie Name',
                   'value'  => 'The Value',
                   'expire' => '86500',
                   'domain' => '.tld',
                   'path'   => '/',
                   'prefix' => 'myprefix_',
               );

set_cookie($cookie);

This would be the same as saying that the cookie is valid for all .com domains. As you can imagine not a good idea.
You probably need to create 2 cookies in this case 1 for each domain.


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2021 MyBB Group.