New to aMember v4 and just getting started. Want to set up multiple domains. http://manual.amember.com/FAQ#One_site_-_Multiple_domains Not sure how much to rely on existing documentation. aMember is at secure.mysite.com Content at videos.mysite.com, blogs.mysite.com etc Brief experiments with new-rewrite are not happy for me, but I'm not sure that what I am attempting is designed/legal. Looks like logic depends on cookie domain taken from $_SERVER. But I want to specify cookie domain as "mysite.com" So it will work across sub-domains. Am I barking up a wrong tree?
aMember should be on your primary domain (mysite.com) and not on a subdomain. primary domain can set cookies for subdomains, but subdomains cannot set cookies for primary domains or peer subdomains.
By default, amember4 set cookie for .mysite.com (which will work for all subdomains as well) so there should not be any issues with protection.
alexander, this is true if they install amember on the primary domain (ie. mysite.com) but not if they install it on a subdomain (amember.mysite.com) as a subdomain can not set a cookie for the primary domain (ie. .mysite.com) only for the subdomain.
So in your test you set a cookie from sub1.mydomain.com and it was valid for both mydomain.com AND sub2.mydomain.com? It has been a while (July last year?) since I last looked at this, but at the time it violated the RFC which essentially is in place to prevent cross domain scripting exploits.
Cookie should have host set as .domain.com (with point) then yes it will work for all sub domains even if you set it from sub domain. For example the most common situation when you run server at www.domain.com(which is subdomain of domain.com) you can set cookie that will be available for support.domain.com