I have been reading as much as possible about the php.ini file and i have found nothing about whether or not its bad/dangerous to not set the session.cookie_domain in the php.ini.
We are in a production environment and this is not set.
Are there security issues with not setting this. Cookies appear to be working well, no real issues.
The php.ini file looks like this:
session.cookie_domain =
This configuration directive allow you to restrict subdomains, from which your session cookie will be valid. Since it is empty, you're accepting session cookies from all domains - so, it's normal behavior that all is working well from any subdomain.
This could also be useful.