I have a questions about cookies on different devices (smartphone and pc) in php...
This was the way i was setting the cookies (the same for both smartphone and pc) in my app.
setcookie('user_cookie', $user->user_cookie_hash, time() + $time, '/');
and this was the way i was unsetting them (at logout)
setcookie('user_cookie', null, -1, '/');
This is working fine if my domain is a hosted domain in the format: https://subdomain.domain.com.
However, for testing purposes i have another domain (ip) which doesn't have a subdomain, and my website is stored at http://ip/subdomain.
The problem is that on this machine (ip) where i am running the application without any hosted domain and subdomain, for whatever reason, the cookies are not working the same on pc and on mobile.
Keeping the same method of setting and unsetting cookies, for smartphones was working fine, i was able to login, i was able to logout and i was able to login via the cookie (if the cookie is set, i was setting the $_SESSION variables based on it), but for pc browsers I was not able to logout.
To make this work also on browsers, instead of '/' I needed to use another variable defined which is APP_DOMAIN, defined as this:
define ('APP_DOMAIN', 'http://ip/subdomain');
However, this does not work on smartphones browsers (for whatever reason)...
This works on PC, but on smartphone browser it doesn't (I am able to login, I am able to logout, but if i close the browser app on the smartphone completely, and open it again, I am requested to login again, even if i was already login before i closed the browser -- meaning the cookie login (as i mentioned i am setting the $_SESSION variables based on the cookie, if the $_SESSION is killed) is not working, is not set).
The same behavior happens also on my hosted domain, if instead of '/' I am using the APP_DOMAIN (which in this case is defined as define ('APP_DOMAIN', 'https://subdomain.domain.com');, it does not work on mobiles, but on PC is working fine, as expected (able to login/logout/set the $_SESSION based on cookie).
Now what i did to solve this was implementing a method in my Session class (where i am setting the cookies, sessions and everything else), to check if the client is on mobile.
And then, my cookies setting looks like this:
if($this->check_if_mobile_browser())
setcookie('user_cookie', null, -1, '/');
else setcookie('user_cookie', null, -1, APP_DOMAIN);
Basically if the client is on mobile, set the cookie for '/', and if not, set it for APP_DOMAIN.
Now the question is if this is an expected behavior, or not.
I understand that there is a difference between '/' and APP_DOMAIN when I am not using the hosted application (domain), because on the machine under http://ip/x, x can be any other application and '/' here is not the same as on subdomain.domain.com. However, I don't understand why (on both the hosted domain and on my machine IP domain) the APP_DOMAIN does not work for both the mobile and the PC, and to make it work, for mobile i have to use '/', but for PC I can use APP_DOMAIN.
Hope my explanations are clear...
BTW, in my case mobile = iphone, and i tried both safari and chrome. And on PC, i tried chrome, firefox and edge, all of them are the same.
Thank you very much!