Session on subdomains still not working

A few hours ago, I've created a thread here regarding a session which doesn't exist anymore when switching to www.. This should have fixed this:

session_set_cookie_params(0, '/', '.'.$_SERVER['HTTP_HOST']);

According to several examples on php.net and other websites, this should be correct. When going to the websi开发者_如何学JAVAte without using www. and then switching to www., the session still works (I'm still logged it), but for some very strange reason, it's not possible to create the session (so to log in) on the website when using www. now.

So I can login when not using www., I can switch to www. so the session still exists, but I can't login when using www.

Can anyone please explain this behaviour and how I can fix this? Also, is using that server variabele safe?

Thank you!

---

If you request some resource from www.example.com, the cookie will be set with .www.example.com, so it will only be valid for www.example.com and all its subdomains but not example.com.

Just remove the leading www. before prepending the ., for example:

$domain = '.' . preg_replace('/^www\./', '', strtolower($_SERVER['HTTP_HOST']));

---

It's likely that $_SERVER['HTTP_HOST'] is www.example.com, and not example.com. If you want to test it, you could always hardcode by replacing $_SERVER... with the actual '.example.com'.