For two subdomains of, let's say, "website.com" to share the same session (mainly so you don't have to login again for each site).
In each, I have .htaccess start with the following first line:
php_value session.cookie_domain .website.com
Checking the cookie in Chrome's devtools, the domain is still being set to the full subdomain URL, e.g. "siteone.website.com" and "sitetwo.website.com" not ".website.com".
Given the VM is hosting other sites, changing the "php.ini" is not desirable, and neither is programmatically setting it in the PHP scripts (if I can avoid it).
No error being thrown or logged. The .htaccess's other rules are working. Tried clearing all my browsing data/cookies. Oddly the dev setup (on another VM) is working as intended. Could it have something to do with SSL setup on prod? Running out of troubleshooting ideas.
For some reason, someone set prod VM to user an older version of PHP than the main version installed. It did this by specifying in the Apache site config to use another version of PHP via FCGI. php_value in .htaccess only works with PHP running via Apache module.
Used .user.ini file to set custom php.ini values for each subdomain, setting session.cookie_domain = .website.com in there.
Meanwhile, dev VM was not touched, so was still using PHP as Apache module, hence .htaccess working in there.