Is there any update on this request?
I can see quite a few security concerns that could be mitigated if we
could enable and disable certain functions at the virtual host level.
nginx paired with php-fpm appears to already work this way. For
consistency purposes, shouldn't this be implemented in
According to the PHP docs
(http://php.net/manual/en/session.configuration.php#ini.session.cookie-domain),
session.cookie_domain's default value is set to the domain that
generated the cookie.
Default is none at all meaning the host name of the server which
generated the cookie according to cookies
