From phpBB Development Wiki
This page explains the cookie domain setting and provides guidance on how to choose it.
Board Only, Single Domain
This is the most simple case. You have nothing but a phpBB board on your site, and you only have one domain (such as myforums.com).
In this case the simplest and most reliable thing to do is to make cookie domain empty.
An empty cookie domain means "send the cookie to the exact domain that it came from, and nowhere else". Since you only have one domain this is exactly what you want.
The following variations fall into the single domain, board only configuration:
- You have multiple domains but they are redirected to one domain by your web server. For example, you have myforums.com and www.myforums.com with one redirecting to the other.
- You have non-phpBB content on your site, possibly in another domain or subdomain, but you don't integrate sessions between phpBB and other software.
Board Only, Multiple Domains
In this case you have something like myforums.com and www.myforums.com and you do not have a redirect from one domain to another.
The simplest thing in this case actually is to set up a redirect and then follow the previous section. Having a single domain is better for search engine indexing, it makes links to your board more consistent and you can use the simpler cookie domain configuration described above.
If you cannot or do not want to set up a redirect, follow the next section.
Board Integrated With Other Software, Multiple Domains
In this case you have something like mysite.com and forums.mysite.com, or perhaps forums.mysite.com and blog.mysite.com.
To determine the proper cookie domain, follow these steps:
- Remove subdomains until you find the common domain. In the example just above, for both "mysite.com" and "forums.mysite.com" as well as "forums.mysite.com" and "blog.mysite.com" the common domain is mysite.com.
- Add a dot in front of the common domain. In both examples, this would come out to .mysite.com.
Technical note: cookie domain, if not empty, must always have at least two dots. This is why even if you only have two parts to it, like "mysite.com", you have to specify it as ".mysite.com". As a special case, cookies set on ".mysite.com" are sent to "mysite.com" even though it is not a superset of the cookie domain.
Board Integrated With Other Software, One Domain
In this case you have something like mysite.com/forums and mysite.com/blog. The cookie domain in this case should be empty just like in the first section.
This is another special case of a single domain rule. Since localhost has only one name when you are installing on localhost you should use an empty cookie domain.
You may have noticed that the recommended configuration calls for using a single domain and redirecting to it from other domains, if possible, and then using an empty cookie domain. As a bonus, if you do set up your live board in this way transferring it to localhost requires no changes in cookie domain - empty cookie domain continues to work correctly.
What if your settings are wrong and you can't log in?
The simplest solution is to temporarily disable cookies in your web browser, log in, make the necessary changes to cookie settings and enable the cookies back. See the next section for an important caveat.
Cookie settings have a field for cookie name. This setting is necessary because sometimes browsers would continue sending old cookies after you change cookie settings. The actual name is meaningless but phpBB will only look for cookies named according to the specified name. Therefore,
Whenever you change any cookie settings also change the cookie name.
Again, you can change the name to anything you like.
- Fixing incorrect cookie settings, phpBB.com