PHP Cookies Won't Set

Question

I'm on localhost. Much discussion has been done on cookies and sessions on localhost. However, my case appears to be exceptional. I have tried setting cookies in different ways but none seems to work, even $_SESSION array remains empty after setting session variables. I have tried the following combinations to set cookie on my local host:

• setcookie("name", "value")
• setcookie("name", "value", 0)
• setcookie("name", "value", 0, "/", false)
• setcookie("name", "value", time()+86000, "/", false)
• setcookie("name", "value", time()+86000)
• setcookie("name", "value", time()+86000, ".localhost.com")
• setcookie("name", "value", time()+86000, "localhost.com")
• setcookie("name", "value", time()+86000, "localhost")
• setcookie("name", "value", 0, "/", ".localhost.com")
• setcookie("name", "value", 0, "/", ".localhost.com", false, false)
• setcookie("name", "value", 0, "/", "localhost")
• setcookie("name", "value", 0, "/", "localhost.com", false, false)
• setcookie("name", "value", 0, "/", "localhost.com")

I also edited the session cookie values in PHP.ini file to reflect my futile trials with setcookie . I also tried changing the path from "/" to "/user" for all attempts.

I'm using PHP 7.1 on Apache 2.4.33 and configured a "localhost.com" to point to a directory "/app_support" on the document root of my server. I have also configured "app.localhost.com" to point to "/subdomains/app" directory, which is also on the root of the server. I'm accessing my site through "app.localhost.com", then using AJAX to access "localhost.com/user". On "localhost.com/user" directory, I have "user.php", a file with a class User that I use for logging in and setting the cookie.

I have verified in Firefox 60 that the cookie headers are being sent for my custom cookies as well as for the session cookies, so it is clear that it is the browser that rejects them for some reason. I get identical results in Chrome 68 and Chromium 66.

EDIT : Here's the parts where I'm setting the cookies.

session_regenerate_id();
$_SESSION['user']['id'] = $user['investor_id'];
$_SESSION['user']['surname'] = $user['surname'];
$_SESSION['user']['name'] = $user['given_name'];
$_SESSION['user']['email'] = $user['email'];
$selector = $this->generateCode(9);
$authenticator = $this->generateCode(33);
$expiry = time() + 2592000;

setcookie("logged_in", $selector.':'.$authenticator, $expiry, '/', '.localhost.com');

EDIT 2 : On Firefox, here are the cookie headers received:

logged_in   
    domain  .localhost.com
    expires 2018-09-15T08:35:07.000Z
    path    /
    value   F668B2928:417076134356498468FDA03D496336BDA
PHPSESSID   
    domain  localhost.com
    httpOnly    true
    path    /user
    value   77h432cjgu25mrnauktnc6s471

Answer 1

So, it turns out my problem was actually exceptional as it has nothing to do with PHP whatsoever. The problem with the cookies was because I was accessing the page setting the cookies via JQuery.ajax which causes the browser to automatically reject the cookies as discussed here due to CORS regulations. My request is considered cross-domain since I'm sending a request from a subdomain. The solution was not in the PHP, but on the client, as shown in this answer . However, if it is useful to you to have the 'x-requested-with' header retained by applying that solution, then you must manually set the header as shown in this answer .