PHP / Apache how to set session.cookie_domain from outside php.ini

Question

I need to restrict cookies to my www subdomain, this works by me adding the line session.cookie_domain = www.example.com in the php.ini file. However I have a number of virtual hosts on my server so I need this domain to be different for each one. After a bit of a web-seach, I have tried using:

'SetEnv session.cookie_domain www.example.com' - in my httpd.conf
'php_flag session.cookie_domain www.example.com' in .htaccess

However both seem to stop cookies working all together!

Any help much appreciated!

Stu

Answer 1

This code 100% work, set this code in file .htaccess

php_value session.cookie_path "/"
php_value session.cookie_domain ".localhost"

Or code for file JavaScript

function my_cookie($name, $value, $expires = 0) {
    return setcookie($name, $value, $expires, '/', 'example.com', ...);
}

Answer 2

The problem is that php_flag is actually meant only for Boolean values. So when using the php_flag command, you're actually setting cookie_domain to 0, which is why it stops working.

For text values, you need to use php_value in the .htaccess or apache config. Also quoting the value is recommended:

php_value session.cookie_domain ".domain.com"

see: http://www.php.net/manual/en/configuration.changes.php

Answer 3

In my case this one worked for me:

setcookie("name", $Value4Name, time()+$3600 , "/", ".domain.com");

But this is for you to record a cookie for the root of the domain.

cheers PC

Answer 4

Another option is to use ini_set :

ini_set("session.cookie_domain", "www.example.com");

Answer 5

The easiest way to achieve this is to use session_set_cookie_params() instead of setting it via .htaccess (the .htaccess method only works if PHP is used as a module). You can use it in the following way:

session_set_cookie_params(0, '/', 'www.example.com');
session_start();