How to set Cookie's domain withOUT the period?

I am aware of cross domain issue an开发者_如何学运维d I don't want my cookie to be used by any subdomains.

In PHP, I know that I can do this: setcookie('mycookie', '12345'); and leave the domain empty or set session.cookie_domain = ''. Then I'm setting the cookie to a particular host (e.g. www.mysite.com instead of .www.mysite.com )

I aware that if I supply the domain name in the setcookie function, it will turn www.mysite.com into .www.mysite.com (according to RFC).

However, is there a way that I still supply the host name (www.mysite.com) and it will not end up having the period and setting the cookie to .www.mysite.com ?

Thanks. :)

no one has a clue? :(

You can't do that, its just not how cookies work. What you can do is set a domain like protected.www.mysite.com and then only users underneath that could access the cookie. You can also set a path, as you probably know, but that doesn't provide any actual subdomain protection since someone on another subdomain could presumably create the same path.

You could also consider using some encryption so that even if someone can get to your cookie there is really nothing they can do with it.