webarthur/setup.js

## setup.js
// ajax
var xhr = new XMLHttpRequest();
xhr.open(method, url, true);
xhr.withCredentials = true;
[...]

// htaccess
SetEnvIf Origin "http(s)?://(www\.)?(example.org)$" AccessControlAllowOrigin=$0
Header add Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin
Header add Access-Control-Allow-Methods "PUT, GET, POST, DELETE, OPTIONS"
Header set Access-Control-Allow-Credentials true

 // PHP
ini_set('session.cookie_domain', '.example.org' );
session_name("domain");
session_set_cookie_params(0, '/', '.example.org');
session_start();
	// ajax
	var xhr = new XMLHttpRequest();
	xhr.open(method, url, true);
	xhr.withCredentials = true;
	[...]

	// htaccess
	SetEnvIf Origin "http(s)?://(www\.)?(example.org)$" AccessControlAllowOrigin=$0
	Header add Access-Control-Allow-Origin %{AccessControlAllowOrigin}e env=AccessControlAllowOrigin
	Header add Access-Control-Allow-Methods "PUT, GET, POST, DELETE, OPTIONS"
	Header set Access-Control-Allow-Credentials true

	// PHP
	ini_set('session.cookie_domain', '.example.org' );
	session_name("domain");
	session_set_cookie_params(0, '/', '.example.org');
	session_start();