Is there any way to tell if a cookie is set for .domain.com rather than www.domain.com? A solution in either client-side JS or server-side PHP would be OK.
What I would like to do is delete any cookies set for .domain.com, because I have recently set up static.domain.com for static content, and I don't want cookies being sent to the static subdomain. I've converted all cookies set by the site to use www.domain.com, but existing users will have old cookies set for .domain.com.
You could change the cookie name(s) -- if the old cookie name was detected, delete that, and reset it as the new name for the full domain.
It seems like neither Javascript nor PHP has access to domain information about cookies. I would suggest deleting all old cookies. Perhaps a scheme where everyone who has the new cookies get an extra attribute set and if that is not found all cookies are erased.
What you need to do is, for some period of time, deliberately delete the cookie from .domain.com and add it to www.domain.com by sending a combination of Set-Cookie headers like this:
Set-Cookie: cookieName=; expires=Wed, 1-Sep-2010 12:34:56 GMT; path=/; domain=.domain.com
Set-Cookie: cookieName=CookieValue; expires=Tue, 1-Sep-2020 12:34:56 GMT; path=/; domain=www.domain.com
Note that the first date is in the past. The second date is ten years into the future. This will get rid of the .domain.com version of the cookie, (if its there) and add it (if necessary) to www.domain.com.
At some point, you can stop doing this if you're sure that every one of your users (or close enough for your uses) has visited your site at least once and had this pair of headers sent to them.
Note that you don't need the second Set-Cookie line isn't necessary if your cookies are being set in JavaScript (such as by Google Analytics)