This topic is locked

How to set cookie so it can be used in both www and non www domain

8/22/2011 3:50:35 PM
PHPRunner Tips and Tricks
F
FunkDaddy author

I created an application that located in www.mydomain.com'>www.mydomain.com/desktop/login.php'>www.mydomain.com'>www.mydomain.com/desktop/login.php (herein I'll call this the "Desktop" app) which serves a specific purpose; and within that application I've included an iFrame that actually points to another application I have located on www.mydomain.com'>www.mydomain.com/backoffice/login.php'>www.mydomain.com'>www.mydomain.com/backoffice/login.php (herein referred to as the "BackOffice" app where certain records that belong to the user that logged into the Desktop app should be pulled from the BackOffice app.
By using a cookie of the same domain (www.mydomain.com'>www.mydomain.com) it allows my iFrame to use the same login credentials, thereby bypassing the need for the user to login again to the BAckOffice once he/she has already logged into the Desktop app. So far, so good... everything working as planned. Except.... that if a user decides to login to the Desktop app by entering the URL http://mydomain.com/desktop/login.php the iFrame WILL FAIL!!!
This happends because the iFrame is hardcoded to point to http://www.mydomain.com'>www.mydomain.com/desktop/user_records_list.php, and therefore, when someone logs into the Desktop app without explicitly declaring the WWW in the domain URL the cookie is only set for www.mydomain.com'>www.mydomain.com
After reading this: http://php.net/manual/en/function.session-set-cookie-params.php'>http://php.net/manual/en/function.session-set-cookie-params.php I realized that I would need to set additional cookie parameters to ensure the mydomain.com cookie was usable by the iFrame regardless of the WWW declaration.
Here's how you set those parameters in PHPR:
Step 1:

Edit your dbcommon.php file (found in your output folder under "web_folder_name/include/") as follows:



//Find the following line that is usually commented out by default:

// @session_set_cookie_params(0,$dirname."/");
//Directly underneath it add these two lines:

$domain = str_replace('www.';, '', $_SERVER['HTTP_HOST']); //string replace www if present.

@session_set_cookie_params(0,"/",'.'.$domain); //per http://php.net/manual/en/function.session-set-cookie-params.php'>http://php.net/manual/en/function.session-set-cookie-params.php


Step 2:

That's it. You are done!
I realize the use of iFrames that pull from the same domain may seem unusual, however, it can be very helpful in recycling some existing projects interface that would otherwise have to be rebuild into a deparate app which contains certain elements that overlap. Rather than rebuilding the same functionality from one app, I simply reused the existing one from a higher level security app and made it available to my lower level users. The beauty is that the security schema still applies evenly to both apps because I am using the same user group levels to control the security.
Cheers,