Reputation: 23
session_set_cookie_params() points to the wrong domain
I'm having some pretty weird error when I want to set my session cookie.
If I use the following rule:
session_set_cookie_params(0, '/', $_SERVER['HTTP_HOST'], false, true);
//$_SERVER['HTTP_HOST'] resolves into "jscripting.nl"
It will always put a "." in front of the url and it will always make it so that my session_id will become accessable on all my subdomains, which is a problem since I develop on one of my subdomains and the session_id's might be interfering with each other.
Is there something I'm doing wrong or is something wrong with my server setup?
Upvotes: 0
Views: 1654
Answers (1)
Reputation: 53462
$_SERVER['HTTP_HOST'] does not relate to server setup, it is coming from Host header of the request that a client makes.
If you want to use a server name that is configured on the server side, the way to do it is normally to use $_SERVER['SERVER_NAME'], though in some cases that is affected by host header, too.
Edit: apparently, any value for the domain will be default append a dot, so it will include any subdomains, and the only valid way to have it apply to current domain only is to not set the param or using raw headers to set the cookie. See more on this on subject this thread.
You can make the cookie httponly and still have it work in your case by setting null on the domain name parameter.
Upvotes: 3
Related Questions
- php session_set_cookie_params() for two domains
- session-set-cookie-params path non working
- session_get_cookie_params() doesn't work
- session_set_cookie_params seems to work but cookies are not affected
- Properly using session_set_cookie_params
- session_set_cookie_params() setting two cookies after redirect
- PHP session_set_cookie_params() issue
- session.cookie_domain in php.ini - issues with POSTing forms
- PHP cookie writes on incorrect domain
- session_set_cookie_params on multi-domain sites