Home/ Questions/Q 608523
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-05-13T17:28:13+00:00

I have a site that uses www.example.com for standard pages and secure.example.com for HTTPS.

  • 0

I have a site that uses http://www.example.com for standard pages and secure.example.com for HTTPS.
I am trying to set a cookie when user logs in that will be valid on both the HTTP & HTTPS versions of the site.

I am doing this by setting path to “/” and domain to “.example.com”. This works fine in Firefox and Internet Explorer, but in Chrome the cookie is only working on the version of the site where it was set (http://www.example.com or https://secure.example.com)

Is this a bug or am I doing something wrong? If it’s a bug is there a workaround?

The cookie is being set by PHP in headers.

setcookie("login",base64_encode($email."::".md5($password)),2840184012,"/",".example.com");
Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    You cannot set a cookie for both HTTP and HTTPS at the same time. You need to set two separate cookies, one for HTTP and one for HTTPS:

    setcookie("login", base64_encode($email."::".md5($password)), 2840184012, "/", ".example.com");
setcookie("login", base64_encode($email."::".md5($password)), 2840184012, "/", ".example.com", true);

    This does only work if you set the cookies in https://secure.example.com as you can only set secure cookies via HTTPS.

    Oh, and by the way: Do not store the authentication information in a cookie! Use a once valid authentication token instead.

    • 0