CI2.1.4 CRSF gives "The action you have requested is not allowed" for www subdomain

[eluser]rossj81[/eluser]
Hi all. I'm building a site with CRSF enabled, which sometimes works and sometimes doesn't work depending on whether 'www' was entered in the URL. For example, entering 'example.com/index.php/register' works as expected. Entering 'www.example.com/index.php/register' results in a "The action you have requested is not allowed" error when posting the form. I've checked my cookies, and see that I've got 2 PHPSESSID cookies and one crsf_token cookie. The PHPSESSID for www.example.com is different to the PHPSESSID for example.com.

So, I'm guessing that after getting www.example.com:
1. PHP assigns a session ID
2. CI configures a CRSF assigned to that session ID
3. Apache rewrites to example.com
4. PHP assigns a new session ID
On submitting a form, CI then says, "Sorry, your sessid doesn't validate against your crsf value"

Any ideas whether I'm on the right path, and if so, how I could get around this?

[eluser]rossj81[/eluser]
Fixed it. In '/application/config/config.php', line 269ish, I changed

Code:

$config['cookie_domain'] = '';

to

Code:

$config['cookie_domain'] = '.example.com';

[eluser]Tim Brownlaw[/eluser]
Good stuff - thanks for the update!

Cheers
Tim