I use php sessions (not cookies, except for session id cookie) for all user data, and when a user goes to their profile user.mydomain.com they are immediately "logged out" untill then remove the subdomain.
Is there a way to accept sessions from all domains as long as its *.mydomain.com
Here are 4 options.
Place this in your php.ini:
session.cookie_domain = ".example.com"
Or in your .htaccess:
php_value session.cookie_domain .example.com
Or as the first thing in your script:
ini_set('session.cookie_domain', '.example.com' );
Or in your php-fpm pool configuration for your site:
php_value[session.cookie_domain] = .example.com