I'm using a domain like www.example.com and a sub-domain like sub.example.com.
I'm trying to call the Login function of sub.example.com.
In the end I cant set the session of sub.example.com for future functions to be called.
I'm using CodeIgniter in my sub-domain and my root domain just has an HTML page with native JavaScript. I wanted to use sub.example.com as my endpoint for all my sub-websites.
I tried changing the config of my subdomain(CI) to
$config['cookie_prefix'] = "";
$config['cookie_domain'] = ".example.com";
$config['cookie_path'] = "/";
$config['cookie_secure'] = FALSE;
and also the index.php file of my www.example.com to:
session_set_cookie_params(0, '/', '.example.com');
session_start();
I solved my problem by setting header("Access-Control-Allow-Credentials: true");[SERVER-SIDE] and $http.defaults.withCredentials = true;[CLIENT-SIDE] using Angular $httpProvider upon request
And also don't forget to set the header("Access-Control-Allow-Origin: www.example.com");[SERVER-SIDE] my root domain to have an access to my sub-domain.
but if you have multiple domains/sub-domains to allow you can use below code
$http_origin = $_SERVER['HTTP_ORIGIN'];
if ($http_origin == "http://www.domain1.com" || $http_origin == "http://www.domain2.com" || $http_origin == "http://www.domain3.info")
{
header("Access-Control-Allow-Origin: $http_origin");
}
for more info Access-control-allow-credentials