Why can I not set cross-subdomain cookies via javascript or php?

Question

I am trying both in javascript and in php to set cookies that will work cross-domain.

In PHP:

ini_set('session.cookie_domain', '.example.com' );
session_set_cookie_params(60*60,"/",".example.com",false,false);

In JavaScript:

document.cookie = 'coo=21c4o2fnb2et aqj256; expires=Sun Feb 01 2015 23:40:16 GMT-0500 (EST); path=/;Domain=.example.com;'

In .htaccess:

php_value session.cookie_domain .example.com

In php.ini:

session.cookie_domain = ".example.com"

In the PHP response, I get:

PHPSESSID=togp8kh3ehst2iuf4t3egll7p0; expires=Sun, 02-Nov-2014 04:43:25 GMT; path=/; domain=.example.com

So, the php response looks good to me, but the browser stores no cookies, for both the javascript and the php. Cookies do work on a single subdomain, but this site is now requesting cookie-required data from a different subdomain, so I'd like to get the cookies to work for the entire domain.

score 0 · Answer 1 · edited May 23 '17 at 12:20

0

I think this answer your (duplicated) question:

Share cookie between subdomain and domain

The trick is on the setting the cookie with the higher domain possible, which would be example.com, not .example.com (which is not even valid)

edited May 23 '17 at 12:20

Community

1
1

answered Nov 02 '14 at 03:58

Caio Vianna Lima Netto

131
6

`document.cookie = 'coo=21c4o2fnb2et aqj256; expires=Sun Feb 01 2015 23:40:16 GMT-0500 (EST); path=/;domain=example.com;'` doesn't work either. I've looked at a few answers, hence why I have several methods listed. I think `.example.com` is correct, actually, although the newer standard allows `example.com`. – JVE999 Nov 02 '14 at 04:20

Why can I not set cross-subdomain cookies via javascript or php?

1 Answers1