Originally Posted by tangoforce
I still think there is something else here that is playing up.
Yep, there sure is. If its actually going across domains, the only way to pass the sid is via the querystring. So if you check the HTML links you may find that the sid is being passed across domains which should be fixed immediately.
Given the one post here though, I question if we are actually looking at separate domains. There is indication that its simply under /abc/ and /zzz/, in which case session cookies can be modified to only adhere to the directory level in which they were set. That can be done via an ini set as well with the session.cookie_path and changing it to /specificdir prior to calling session_start(). That should work.