Cookies Are Only Set For Site With www. Prefix

Question

So I'm creating a site where users must login. If the user wishes that the site remember his login, I set a cookie to remember this data. However, the cookie seems to be set for the site www.mysite.com. This seems to mean that if I visit my site with the address mysite.com (without the www.), the cookie can no longer be accessed. How do I make so that a cookie set on either site can be accessed by both sites?

Answer 1

Brian Scott already properly answered the question, but I thought I would add this:

In my opinion if you are allowing a user to "remember" their login, then you'll want to maintain specific control over how/where/why/when and that includes maintaining a secure connection.

For my projects that involved any kind of login I always make sure I have the appropriate SSL certificate and secure connection, then I check the URL they are using to access the site and redirect to make sure they stay within my secure domain. For example I check for a www. and https prefixes and always redirect to https://www.domain.com ... just my two cents.

EDIT: In response to comment. Just real rough, but something like this:

if (($_SERVER['SERVER_PORT'] != '443') || ($_SERVER['HTTPS'] != 'on') || (!strstr ($_SERVER['HTTP_HOST'], 'www'))) {
  header ("Location: https://www.mydomain.com");
  exit();
}

2nd EDIT: Two errors in my roughly typed code.

Answer 2

You don't want to use both. Choose one, it's better for SEO as well. I would personally just redirect through the htaccess to the www and keep it standard.

RewriteEngine On
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]

Answer 3

Set your cookie for .mysite.com instead of www.mysite.com. That way the cookie will recognize the common domain suffix and be compatible with both urls.