php cookies doesn't work without WWW or with subdomain

Question

I have a weird problem. I have a script that will add a number into an array for each visited page, then put it into cookies.

Then on another page, it will display the list of the numbers inside the cookies.

It is working perfectly on my domain (https) with the WWW : https://www.mydomain.com

Problem is that it won't work without the WWW (https://mydomain.com). There seems to be two different cookies: one for https://mydomain.com and another for https://www.mydomain.com

I also want to share the cookies for the subdomains WITHOUT https

So basically it should be the SAME cookie for:

https://www.domain.com
https://domain.com
http://subdomain.domain.com

How can i do that?

Currently, i use:

setcookie("viewed_articles", serialize($lastviewedarticles));

Answer 1

Set the domain in the cookie, and also the http-only value active to avoid possible xss

setcookie("viewed_articles", serialize($lastviewedarticles), time()+3600, '/', '.yourdomain.com',0,1);

Answer 2

See the php-docs for setcookie. You can add domain and path after the expired values.

Set path to / and domain to .mydomain.com to make the cookie global for your site.

Answer 3

That is correct behavior. When you set the cookie, you need to set it for .domain.com and it will apply for all domains contained within domain.com.

setcookie("viewed_articles", serialize($lastviewedarticles), time()+60*60*24*30, '/', '.domain.com');

The code here will set the cookie for 30 days, and for the entire domain.com