PHP setcookie domain

Some application, not written by me, and not in PHP, creates a cookie for the domain www.example.com.

I am trying to replace that cookie. So i开发者_StackOverflown PHP I did:

setcookie('mycookie','mydata',time() + 2*7*24*60*60,'/','www.example.com', false);

However the resulting cookie is created for domain: .www.example.com, note the dot "." ahead of the domain.

So it doesn't replace it, it creates another cookie. What can I do?

The issue is also adressed here: https://www.php.net/manual/en/function.setcookie.php

See comment by jah:

If you want to restrict the cookie to a single host, supply the domain parameter as an empty string

You could also try .example.com as the domain. The trailing dot will allow a cookie for all subdomains for example.com and could overwrite the www.-cookie, but I'll go with the above solution first.

If you specify a domain, you should follow RFC 2109 and prefix the domain with a dot; otherwise the client will do that. But if you don’t specify a domain at all, the client will take the domain of the request.

Isn't this like a bug ? What if I want my cookies to just be at www.example.com and not at something.www.example.com ? e.g for performance. I should be able to specify cookie domain and NOT wildcard of all [sub][sub]subdomains. Not to mention the amount of bugs it causes, for example setting cookie by php and trying to remove it by JavaScript (which doesn't add the stupid dot).

Try to create several other cookie with same name, but a different domain. Example:

setcookie('mycookie','mydata1',time() + 2*7*24*60*60,'/','www.example.com', false);
setcookie('mycookie','mydata2',time() + 2*7*24*60*60,'/','www.example.com', false);
setcookie('mycookie_top','mydata1',time() + 2*7*24*60*60,'/','example.com', false);
setcookie('mycookie_top','mydata2',time() + 2*7*24*60*60,'/','example.com', false);

Then inspect the cookie created by these command in the Firebug. If you kept getting a double cookie, then this might be a bug in the PHP. Also, try to set the cookie in the JavaScript code, see if you still got the same problems.