php setcookie domain

Question

Some application, not written by me, and not in PHP, creates a cookie for the domain \"www.domain.com\".

I am trying to replace that cookie. So in php I did:

Answer 1

If you specify a domain, you should follow RFC 2109 and prefix the domain with a dot; otherwise the client will do that. But if you don’t specify a domain at all, the client will take the domain of the request.

Answer 2

Try to create several other cookie with same name, but a different domain. Example:

setcookie('mycookie','mydata1',time() + 2*7*24*60*60,'/','www.domain.com', false);
setcookie('mycookie','mydata2',time() + 2*7*24*60*60,'/','www.domain.com', false);
setcookie('mycookie_top','mydata1',time() + 2*7*24*60*60,'/','domain.com', false);
setcookie('mycookie_top','mydata2',time() + 2*7*24*60*60,'/','domain.com', false);

Then inspect the cookie created by these command in the Firebug. If you kept getting a double cookie, then this might be a bug in the PHP. Also, try to set the cookie in the javascript code, see if you still got the same problems.

Answer 3

The issue is also adressed here: https://www.php.net/manual/en/function.setcookie.php

See comment by jah:

If you want to restrict the cookie to a single host, supply the domain parameter as an empty string

You could also try .domain.com as the domain. The trailing dot will allow a cookie for all subdomains for domain.com and could overwrite the www.-cookie, but I'll go with the above solution first.

Answer 4

Isn't this like a bug ? What if I want my cookies to just be at www.example.com and not at something.www.example.com ? e.g for performance. I should be able to specify cookie domain and NOT wildcard of all [sub][sub]subdomains. Not to mention the amount of bugs it causes, for example setting cookie by php and trying to remove it by JavaScript (which doesn't add the stupid dot).