If a script sets a cookie for a particular domain, is there anyway to make it automatically apply to mirror versions of the same domain? Specifically I'm thinking of what happens when a cookie is set at http://www.example.com, and then the visitor later returns but fails to use the www prefix - just visits http://example.com. In my experience, the latter fails to recognize cookies set at the former. But maybe I'm doing something wrong? Any advice? Many thanks.

---

Fractured Atlas :: Liberate the Artist
Services: Healthcare, Fiscal Sponsorship, Marketing, Education, The Emerging Artists Fund

You can add:

-domain => '.example.com'

to have the cookie valid for any subdomain of example.com.

Cheers,

Alex
--
Gossamer Threads Inc.

Thanks!

---

Fractured Atlas :: Liberate the Artist
Services: Healthcare, Fiscal Sponsorship, Marketing, Education, The Emerging Artists Fund

I've been happily using this technique for months now, but I just noticed that it seems to not work properly with Netscape 4.7. (Oh how I hate Netscape 4.7...) My testing indicates that '.example.com' only works when there is a subdomain. If there is no subdomain (i.e. the url accessed is just http://example.com) NS4.7 won't accept the cookie.

Is this something you've experienced? Any idea how to work around this?

Thanks.

---

Fractured Atlas :: Liberate the Artist
Services: Healthcare, Fiscal Sponsorship, Marketing, Education, The Emerging Artists Fund

After doing a little more research, I've concluded that there's no good solution to this - it's just part of the way NS 4.xx handles cookies.

However, I solved the problem (for my purposes at least) with a little mod_rewrite action:

RewriteCond %{HTTP_HOST} !^www.example.com$ [NC]
RewriteRule ^(.*)$ http://www.example.com/$1 [L,R]

This redirects any requests for urls not beginning with the subdomain www to the same url under the www subdomain. I think my rewrite rule syntax could probably be improved, but that does appear to work consistently.

---

Fractured Atlas :: Liberate the Artist
Services: Healthcare, Fiscal Sponsorship, Marketing, Education, The Emerging Artists Fund

Ugh - I spoke a bit too soon. The mod_rewrite solution works, except for when the redirect is going to an htaccess protected directory. Then, for who knows what reason, it redirects, but then neglects to pop-up an authentication request. It just redirects again to the 401 unauthorized error page. Anyone have any ideas why this is happening or how to fix it? Thanks.

---

Fractured Atlas :: Liberate the Artist
Services: Healthcare, Fiscal Sponsorship, Marketing, Education, The Emerging Artists Fund

Yup, it's a major pain. You need to set two cookies, set the first one with no domain attribute, and the second one with domain set to '.domain.com'. This will make sure it works on all (including broken) browsers.

Cheers,

Alex
--
Gossamer Threads Inc.