PHP / Apache how to set session.cookie_domain from outside php.ini

Question

Hi There,

I need to restrict cookies to my www subdomain, this works by me adding the line session.cookie_domain = www.example.com in the php.ini file. However I have a number of virtual hosts on my server so I need this domain to be different for each one. After a bit of a web-seach, I have tried using:

'SetEnv session.cookie_domain www.example.com' - in my httpd.conf
'php_flag session.cookie_domain www.example.com' in .htaccess

However both seem to stop cookies working all together!

Any help much appreciated!

Stu

Answer 1

The easiest way to achieve this is to use session_set_cookie_params() instead of setting it via .htaccess (the .htaccess method only works if PHP is used as a module). You can use it in the following way:

session_set_cookie_params(0, '/', 'www.example.com');
session_start();

Answer 2

Another option is to use ini_set :

ini_set("session.cookie_domain", "www.example.com");