I am having issues with cross-domain cookies. The main site is http://domain.com (without the www). The forums is forums.domain.com. I can't seem to set or destroy cookies for forums.domain.com from http://domain.com. My guess is because even though the cookie URL is .domain.com, that the main site is treated like a completely different domain because it is not on .domain.com. Any ideas?
Right... you can't manage cookies unless it's within the domain you are on (or a global cookie for the domain). You could do all sorts of nasty stuff otherwise... like view someone's cookies for blogger.com when visit your site at yourblog.blogger.com
Thanks. Is there any solution to this? We're bridging two systems forums.domain.com and domain.com and need to have people logout on both through one link.
URL based session strings are possible. Have them really long, and use more than the string of characters to identify them for added security (such as IP and user agent). Not sure if session strings are the correct term - probably a geographical colloquialism, but it's something like &SESS=08923JKLKkl238K3LK3kjf3poiwe8289QWCZNCoppQcZks Apparently I didn't read the question completely. To logout from both you could put a redirect at the end of each segment of logout code (session and cookie destruction), then redirect back to the previous page. Might look messy though.