Manual:$wgCookieDomain/de-formal

Details
Set to an explicit domain on the login cookies, e.g.  or   for all your subdomains.

By default this isn't set, so php's  function will just set a cookie on the current domain. This is a bad thing if e.g. your site is available from both  and , since users that log into the former will be logged out as soon as they visit the latter.