php setcookie domain

If you specify a domain, you should follow RFC 2109 and prefix the domain with a dot; otherwise the client will do that. But if you don’t specify a domain at all, the client will take the domain of the request.

Isn't this like a bug ? What if I want my cookies to just be at www.example.com and not at something.www.example.com ? e.g for performance. I should be able to specify cookie domain and NOT wildcard of all [sub][sub]subdomains. Not to mention the amount of bugs it causes, for example setting cookie by php and trying to remove it by JavaScript (which doesn't add the stupid dot).

The issue is also adressed here: https://www.php.net/manual/en/function.setcookie.php

See comment by jah:

If you want to restrict the cookie to a single host, supply the domain parameter as an empty string

You could also try .example.com as the domain. The trailing dot will allow a cookie for all subdomains for example.com and could overwrite the www.-cookie, but I'll go with the above solution first.