Php cookie with the same name in different subdomains

$ _ COOKIE is a very useful thing in php, but sometimes we encounter different subdomains under the same domain name, so there will be a problem that only one cookie can be retained.

$ _ COOKIE is a very useful thing in php, but sometimes we encounter different subdomains under the same domain name, so there will be a problem that only one cookie can be retained.

PHP's hyper-global variable $ _ COOKIE brings a lot of convenience and may also cause confusion in some cases. For example, if a cookie with the same name exists in the root domain and subdomain, $ _ can only save one COOKIE. which one should it be?

We recommend that you use the longest RFC, which has the highest precision, but different browsers have different processing methods. I only tested Chrome. in Chrome, cookies with the same name in the root domain and subdomain are sent. in this way, PHP only receives the cookie with the same name in the front and is ignored in the back, in this way, it is easy to receive error values. It is said that Safari follows the RFC recommendations and does not test it in person or in other browsers.

First, use SwitchHosts to set the virtual domain name www.phpfensi.com and configure the Web server. of course, you can set the Hosts file manually. I meant to introduce several more tools, then write the PHP script for setting the Cookie, first set the subdomain, and then set the root domain. the code is as follows:

2. Setcookie ("bar", "www", time () + 10, "/", "www.phpfensi.com ");
3. Setcookie ("bar", "foo", time () + 10, "/", ".phpfensi.com ");
4. ?>

Write the Cookie browsing script. the code is as follows:

2. Var_dump ($ _ COOKIE );
3. ?>

BTW: When I first wrote the script, I actually used var_dump before setcookie, that is, before sending the request header, it was a sin to make such a beginner error, what's even more surprising is that there is no error in the script. it turns out that it was because of php. output_buffering = 4096 by default in ini.

You can see the result after setting and browsing. The result shows the Cookie under the subdomain. open a browser window and use WebDeveloper to delete the Cookie or manually delete it, avoid impact on the result, and then change the sequence of calling the setcookie twice, that is, set the root domain first and then set the subdomain. the code is as follows:

2. Setcookie ("bar", "foo", time () + 10, "/", ".phpfensi.com ");
3. Setcookie ("bar", "www", time () + 10, "/", "www.phpfensi.com ");
4. ?>

You can see the result after setting and browsing. The result shows that the Cookie in the root domain is valid. repeat the two test processes and record the difference in the request header with Firebug:

Set the subdomain for the first time, and then set the root domain: the Cookie value in the request header is bar = www; bar = foo. The result is valid: bar = www.

For the second time, set the root domain first, and then set the subdomain: the Cookie value in the request header is bar = foo; bar = www, and the result is bar = foo.

That is to say, for the server PHP, in the request header Cookie, which of the following takes effect will be ignored.

If you are not using Firefox, you cannot use Firebug. you can use PHP code to check the Cookie header: if (isset ($ _ SERVER ['http _ cookier']). var_dump ($ _ SERVER ['http _ cooker']);

The above experiment is based on Firefox. because different browsers may have different Cookie sending policies, the results may be different in other browsers, for example, in Safari, the sub-domain is always valid, and other browsers such as Opera and Chrome are not carefully tested. In view of this chaotic conclusion, we recommend that you do not use cookies of the same name in the subdomain and root domain!

Conclusion: it is unwise to use COOKIE of the same name in the root domain and subdomain.