Works all right in 5.2

I'd check first that the cookie is actually set and with what data.
I had some problems with this when I changed the domain to be something different what it originally was, and as there already existed a cookie with same name, but just set with domain 'www.example.com' it wasn't reset. (tested using Firefox)

Try change the session name (ie. cookie name) too.

Thanks, I'll try it. 5.2.4 works OK, too. My 5.2.5 was from dotdeb and not the official sources.

If you're not using the sources we provide, then we can't help you. But if you can reproduce this using fresh sources from http://php.net/ then we can talk more.. I have NO problems with sessions in subdomains.

Now I'm closer to see what's causing this... It only happens with a vhost serving a wildcard subdomain. When all *.mysite.net requests go to a single /var/www/index.php file. When I serve subdomains from /var/www/subdomain/ it works ok. I'm using lighttpd with fastcgi. I'l try to see if the problem is with lighttpd or php, but if you can test it with Apache... Thanks.

Sounds like a lighttpd problem to me. I only use lighttpd but I don't have any wildcard dns names set. Perhaps lighttpd doesn't set the host properly that is passed to PHP (or actually any other fastcgi..)

Try check what the domain actually is in that /var/www/index.php file.

So on subdomains it does work all right. What clears the $_SESSION variable is the root domain. Session is passed fine between a.mysite.com and b.mysite.com, but if I open a session at mysite.com, it will not see the subdomain's session variables, and it will also erase them. The session cookie passes along fine. I call: 

ini_set('session.cookie_domain', '.mysite.com');
session_start();

I thought it does not work because the dot befor thee site's name (since the root does not have that dot), but removing it does not help either. Can you test this?

Host names pass along fine to the script handling the subdomains. Actually I used the subdfomain name to set test session variables, like "a_test2 and "b_test".

Try using this instead of ini_set():

http://php.net/session_set_cookie_params

Calling this with proper values prior to calling session_start(); works just fine for me.

Did you try getting the session variable set on a subdomain at the root? Like apple.mydomain.com/echo.php sets $_SESSION['apple'] = 'fruit', but mydomain.com/echo.php will not see it. Or does it in your tests? BTW, session_set_cookie_params lack parameter docs, but I guess lifetime is in seconds.

It seems to work on another server. I'll try to find out what was wrong with the first one.  Sorry..

I found it! The problem only occours if you serve the base domain and the subdomains from different sections of lighttpd config file, like this:

$HTTP["host"] =~ "^mysite\.com" {
  server.document-root = "/var/www/mysite/"
}

$HTTP["host"] =~ "(.+)\.mysite\.com$" {
  server.document-root = "/var/www/mysubdomains/"
}

I don't see how this is PHP bug at all. More like lighttpd bug if a bug at all. Check these: What host PHP script gets from ligttpd ($_SERVER['SERVER_NAME'] and what is tried to be set for the cookie. 

No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".

Actually Suhosin's suhosin.session.cryptdocroot option was the problem. If the session encryption key is based on the DocRoot it causes the problem described here (if the base domain and the subdomains are served from different directories).

To "k dot andris at gmail dot com"
You're right. Had exactly the same problem.

Solution. Just add these 2 lines in your php.ini file:

suhosin.session.cryptdocroot=Off
suhosin.cookie.cryptdocroot=Off

or, if you don't have access to it, these 2 in some of your general config.php file:

ini_set("suhosin.session.cryptdocroot", "Off");
ini_set("suhosin.cookie.cryptdocroot", "Off");