PHP: Cookie domain / subdomain control
PHP's cookie functions automatically prefix the $domain with a dot. If you don't want this behavior you could use the header function. For example:
header("Set-Cookie: cookiename=cookievalue; expires=Tue, 06-Jan-2009 23:39:49 GMT; path=/; domain=subdomain.example.net");
Share cookie between subdomain and domain
If you set a cookie like this:
Set-Cookie: name=value
then the cookie will only apply to the request domain, and will only be sent for requests to the exact same domain, not any other subdomains. (See What is a host only cookie?)
Two different domains (e.g. example.com
and subdomain.example.com
, or sub1.example.com
and sub2.example.com
) can only share cookies if the domain
attribute is present in the header:
Set-Cookie: name=value; domain=example.com
The domain attribute must "domain-match" the request URL for it to be valid, which basically means it must be the request domain or a super-domain. So this applies for both examples in the question, as well as sharing between two separate subdomains.
This cookie would then be sent for any subdomain of example.com
, including nested subdomains like subsub.subdomain.example.com
. (Bear in mind there are other attributes that could restrict the scope of the cookie and when it gets sent by the browser, like path
or Secure
).
Because of the way the domain-matching works, if you want sub1.example.com
and sub2.example.com
to share cookies, then you'll also share them with sub3.example.com
.
See also:
- www vs no-www and cookies
- cookies test script to try it out
A note on leading dots in domain
attributes: In the early RFC 2109, only domains with a leading dot (domain=.example.com
) could be used across subdomains. But this could not be shared with the top-level domain, so what you ask was not possible in the older spec.
However, the newer specification RFC 6265 ignores any leading dot, meaning you can use the cookie on subdomains as well as the top-level domain.
Set cookie from main domain for subdomain
There are a couple of things that are required when using credentials:
withCredentials
flag
The AJAX request needs to have xhr.withCredentials = true;
set.
Access-Control-Allow-Credentials
The server must also respond with header('Access-Control-Allow-Credentials: true');
.
- Wildcard origin not allowed
When specifying withCredentials
, the server cannot allow an origin of *
. Therefore, you must respond with a list of valid domains:
header('Access-Control-Allow-Origin: http://sub1.domain.com,http://sub2.domain.com');
If you still want to have an arbitrary list of subdomains, you could do something like the following:
if (substr($_SERVER['HTTP_ORIGIN'], -11) === '.domain.com') {
header('Access-Control-Allow-Origin: ' . $_SERVER['HTTP_ORIGIN']);
}
This sets the allowed origin to the value of the Origin
request header, but only if it's on your domain.
Issues setting session cookies in other subdomain
Same answer as here. The keypoint is the usage of withCredentials
property. Not sure though, why do I have to send them even if the cookies are originated on subdomain A and set on subdomain B.
setcookie from subdomain to domain
I used Klaus Hartl's jquery cookie plugin in order to use my problem since I haven't been able to set up a global cookie from the ajax backend.
Delete cookie not working if cookie is set to all subdomains on same domain
Try this:
Cookie::queue('cookie_name', null, -1);
return Redirect::route('your_route');
Setting cookies on domain/subdomain
There are 3 ways you can separate the English and German cookies
1) Domain:
You could use a separate www. and de. subdomain as you mentioned. To me this would be the easiest
2) Path:
You can use the path, but if your English cookie is set for "/" it will still be accessible under "/de/". So if you want to go this route you'd need to make a "/en/" path as Kerrek suggested.
3) Name:
Give the German cookie a different name
You will need to do one of those 3 to have separate English and German cookies. I'd think that having a separate subdomain would be the best, because not just your cookie paths but all your asset paths will be the same regardless of language.
Related Topics
Codeigniter - How to Catch Db Errors
Cakephp 2.0 - How to Make Custom Error Pages
Laravel Model with Two Primary Keys Update
How to Do Error Logging in Codeigniter (Php)
.Htaccess Issues: No Input File Specified
Php7.1 JSON_Encode() Float Issue
How to Build a JSON Array from MySQL Database
PHP MySQL Update If Exist or Insert If Not
Any Decent PHP Parser Written in PHP
How to Write a Stored Procedure Using PHPmyadmin and How to Use It Through PHP
Best Way to Determine If a Url Is an Image in PHP
How to Retrieve Utf-8 Accented Characters from Access via Pdo_Odbc
How to Access an Object Attribute That Starts with a Number
Execute Commands on Remote MAChine via PHP