I tried a couple different things in my hosts file.
I tried just using ‘localhost’, ‘subdomain.localhost’, ‘test.localhost’ and had no luck. Then thinking that perhaps it was an issue of lacking a tld I tried ‘localhost.host’, ‘subdomain.localhost.host’ and ‘test.localhost.host’.
I’m not sure where things get off in this configuration, but none of those variations ended up working.
When I changed things around to use ‘domain.dev’, ‘subdomain.domain.dev’ and ‘test.domain.dev’ things worked properly. I suppose you might or might not need to flush your dns cache if you are making a lot of changes to this stuff, but it shouldn’t need it when you first define them.
Hope that clears it up.
1) I haven’t done anything with multiple fully customized domains. You can use the session_domain setting still, but it will make the same cookie be in effect across all the domains. Just depends what you want it to act like whether or not you should do this.
2) I believe he just means its a bad idea to let somebody register to use ‘domain.domain.com’, like letting somebody use ‘google.google.com’ or something. It doesn’t break anything, but it could be confusing for users as they would likely think that this was an ‘official’ page, rather than that of a particular user.
3) I think you are on the right track there. Have the ssl for your main domain and make them login through this, but have all the subdomains reference the same cookie to see if you are logged in. I’m not using ssl, but I am expecting users to sign in through the main domain rather than a subdomain.