Browsers send all “matching” cookies to a server when they connect.
A cookie consists of:
Name: the name of the cookie
Data: the stuff in the cookie
Domain: the domain name of the website to send the cookie to
Path: the path to match on the server [typically /]
Domain matches are the domain of the host being connected to and anything up the chain.
So, for instance, http://gary.users.sherocommerce.com
Any cookie for gary.users.sherocommerce.com; users.sherocommerce.com; sherocommerce.com; and .com would be sent.
Browsers don’t allow cookies to be set for top level domains [.com] because of this. If multiple cookies with the same name match, then they are all sent. So for Magento you have a your logon cookie as follows:
adminhtml=blahblahblah
The staging server will receive:
adminhtml=12345mainsite
adminhtml=2468staging
PHP grabs one of the 2 cookies at what might as well be random, so things work, then they break, then they work, then they break..
A common host setup for us is:
www.client.com –> client.com
client.com — main website
dev.client.com — dev site
staging.client.com — staging site
So if you are doing anything on both the main site and dev or staging, cookies being set by the main site can interfere.
I do not have a GOOD answer to this problem. A quick hack is to copy:
app/code/core/Mage/Adminhtml/Controller/Action.php
To local and edit line 44 and make it unique for dev, staging, and live:
const SESSION_NAMESPACE = 'adminhtml';
In PHP 5.3 it is not possible to use an expression when setting a constant. so
const SESSION_NAMESPACE = $_SERVER['SERVER_NAME'].'adminhtml';
won’t work. It should work for PHP 5.6.