Php cookie with the same name in different subdomains

Source: Internet
Author: User
Tags php script rfc setcookie subdomain

PHP's hyper-global variable $ _ COOKIE brings a lot of convenience and may also cause confusion in some cases. For example, if a cookie with the same name exists in the root domain and subdomain, $ _ can only save one COOKIE. Which one should it be?

We recommend that you use the longest RFC, which has the highest precision, but different browsers have different processing methods. I only tested Chrome. In Chrome, cookies with the same name in the root domain and subdomain are sent. In this way, PHP only receives the cookie with the same name in the front and is ignored in the back, in this way, it is easy to receive error values. It is said that Safari follows the RFC recommendations and does not test it in person or in other browsers.


First, use SwitchHosts to set the virtual domain name www.111cn.net and configure the Web server. Of course, you can set the Hosts file manually. I meant to introduce several more tools.

Then write the PHP script for setting the Cookie, first set the subdomain, and then set the root domain:

The code is as follows: Copy code

<? Php
Setcookie ("bar", "www", time () + 10, "/", "www.111cn.net ");
Setcookie ("bar", "foo", time () + 10, "/", ".111cn.net ");
?>

Then write the Cookie browsing script:

The code is as follows: Copy code

<? Php
Var_dump ($ _ COOKIE );
?>

BTW: When I first wrote the script, I actually used var_dump before setcookie, that is, before sending the request header, it was a sin to make such a beginner error, what's even more surprising is that there is no error in the script. It turns out that it was because of php. output_buffering = 4096 by default in ini.

You can see the result after setting and browsing. The result shows that the Cookie under the subdomain is valid.

Reopen a browser window and use WebDeveloper to delete the Cookie, or manually delete the Cookie to avoid impact on the result.

Then, change the order in which the setcookie is called twice, that is, set the root domain first, and then set the subdomain:

The code is as follows: Copy code

<? Php
Setcookie ("bar", "foo", time () + 10, "/", ".111cn.net ");
Setcookie ("bar", "www", time () + 10, "/", "www.111cn.net ");
?>

You can see the result after setting and browsing. The result shows that the Cookie in the root domain is valid.

Repeat the two tests and use Firebug to record the difference in the request header:

Set the subdomain for the first time, and then set the root domain: the Cookie value in the request header is bar = www; bar = foo. The result is valid: bar = www.
For the second time, set the root domain first, and then set the subdomain: the Cookie value in the request header is bar = foo; bar = www, and the result is bar = foo.

That is to say, for the server PHP, in the request header Cookie, which of the following takes effect will be ignored.

If you are not using Firefox, you cannot use Firebug. You can use PHP code to check the Cookie header:

The code is as follows: Copy code

If (isset ($ _ SERVER ['http _ cookier']) var_dump ($ _ SERVER ['http _ cookier']);

The above experiment is based on Firefox. Because different browsers may have different Cookie sending policies, the results may be different in other browsers, for example, in Safari, the sub-domain is always valid, and other browsers such as Opera and Chrome are not carefully tested. In view of this chaotic conclusion, we recommend that you do not use cookies of the same name in the subdomain and root domain!

Conclusion: it is unwise to use COOKIE of the same name in the root domain and subdomain.

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.