Cookies not working with subdomains

  1. On the Admin menu, select System > Configuration. Then in the panel on the left, under General, click Web.
  2. Expand the Session Cookie Management section

In the example.com shop, set the following:

  1. Set the Cookie Domain to example.com (usually this setting would be .example.com with a dot in front, you might try it without in this case).

In the test.example.com shop, set the following:

  1. Set the Cookie domain to .test.example.com on the test-environment. (the "." in front of the domain should be fine here)

Anna makes some good points and her answer will work for a lot of people, but not for me, so I'm posting my own answer. Perhaps my problem was much more fundamental than the one she addresses.

My solution was to change my site's domain from example.com to www.example.com. In fact, my research on the internet suggests that the reason sites like Amazon, Google, Ebay, and every other major web destination use the www prefix may be in large part due to the way cookies work. Maybe not.

The default way that a cookie works is that it applies to all subdomains. So if example.com sends you a cookie, then you visit mail.example.com, smile.example.com, or devsite.example.com, then your browser will send that cookie to those sites and those sites will try to use the cookie. But they won't be able to find your session unless they all use a common session folder. And even then, you'd likely have problems because of different database configurations, different application structures, etc.

Making the change involved creating 301 redirects in my root htaccess file, changing the secure/insecure urls in the magento core_config_data database table, changing the site's ServerName in Apache VirtualHosts, and updating DNS / nameserver settings. But it was well worth it.

By making my main site www.example.com, its cookies now would only apply to subdomains thereof, such as mail.www.example.com (and we don't have any such subdomains). Client browsers that get the www.example.com cookie do not send it to devsite.example.com, and the issue is solved. Plus it's really nice to have a www in front of our domain name.


You can simply change adminhtml cookie name for subdomains.

Two changes in file app/code/core/Mage/Core/Controller/Varien/Action.php.

In function preDispatch change lines

/** @var $session Mage_Core_Model_Session */
$session = Mage::getSingleton('core/session', array('name' => $this->_sessionNamespace))->start();

to 

$namespace = $this->_sessionNamespace.($_SERVER['SERVER_NAME']=='subdomain.example.com'?'_subdomain':'');
/** @var $session Mage_Core_Model_Session */
$session = Mage::getSingleton('core/session', array('name' => $namespace))->start();

In function setRedirectWithCookieCheck change

/** @var $session Mage_Core_Model_Session */
session = Mage::getSingleton('core/session', array('name' => $this->_sessionNamespace));

to

$namespace = $this->_sessionNamespace.($_SERVER['SERVER_NAME']=='subdomain.example.com'?'_subdomain':'');
/** @var $session Mage_Core_Model_Session */
$session = Mage::getSingleton('core/session', array('name' => $namespace));

And after that search for text

Mage::getSingleton('core/session', array('name' => 'adminhtml'));

in all files and replace it with

Mage::getSingleton('core/session', array('name' => 'adminhtml'.($_SERVER['SERVER_NAME']=='subdomain.example.com'?'_subdomain':'')));

if any occurances would be found.

Tags:

Login

Admin

Magento 1.9

Cookie

Recent Posts