identify user in a different folder then the forum

[kh99]

To be honest I don't know a lot about it. But my understanding is that cookies are only sent back to the domain/path that set them (so that you're not letting every site see all your cookies). I believe the script that sets the cookie can modify the cookie to allow it to be sent to other scripts. Here's a paragraph from the Wikipedia article on http cookies:

Quote:

Domain and Path

The cookie domain and path define the scope of the cookie—they tell the browser that cookies should only be sent back to the server for the given domain and path. If not specified, they default to the domain and path of the object that was requested. An example of Set-Cookie directives from a website after a user logged in:


Set-Cookie: LSID=DQAAAK…Eaem_vYg; Domain=docs.foo.com; Path=/accounts; Expires=Wed, 13-Jan-2021 22:23:01 GMT; Secure; HttpOnly
Set-Cookie: HSID=AYQEVn….DKrdst; Domain=.foo.com; Path=/; Expires=Wed, 13-Jan-2021 22:23:01 GMT; HttpOnly
Set-Cookie: SSID=Ap4P….GTEq; Domain=.foo.com; Path=/; Expires=Wed, 13-Jan-2021 22:23:01 GMT; Secure; HttpOnly
......

The first cookie LSID has default domain docs.foo.com and Path /accounts, which tells the browser to use the cookie only when requesting pages contained in docs.foo.com/accounts. The other 2 cookies HSID and SSID would be sent back by the browser while requesting any subdomain in .foo.com on any path, for example www.foo.com/.

Cookies can only be set on the top domain and its sub domains. Setting cookies on www.foo.com from www.bar.com will not work for security reasons.

that brings up another question - are your two sites on the same (top-level) domain? I believe leaving the "cookie domain" setting blank (which seems to be the default) will allow it to be sent to all related subdomains, but if you have an entirely different domain name for your other site, that might be the issue.