Katherine Hall wrote:
I am trying to use a single cookie in two domains. One sets it (and uses
it), the other uses it. I am trying to use setcookie and set the second
domain name as the valid domain, but it doesn't seem to be working:
That's correct and it's designed not to work this way. Look at RFC2965:
-------------------------------------8<-------------------------------------
3.3.2 Rejecting Cookies To prevent possible security or privacy
violations, a user agent rejects a cookie according to rules below.
The goal of the rules is to try to limit the set of servers for which
a cookie is valid, based on the values of the Path, Domain, and Port
attributes and the request-URI, request-host and request-port.
A user agent rejects (SHALL NOT store its information) if the Version
attribute is missing. Moreover, a user agent rejects (SHALL NOT
store its information) if any of the following is true of the
attributes explicitly present in the Set-Cookie2 response header:
* The value for the Path attribute is not a prefix of the
request-URI.
* The value for the Domain attribute contains no embedded dots,
and the value is not .local.
* The effective host name that derives from the request-host does
not domain-match the Domain attribute.
[...]
-------------------------------------8<-------------------------------------
Have a look at
http://www.faqs.org/rfcs/rfc2965.html and the examples
for 3.3.2.
Regards,
Matthias