Browsers send all "matching" cookies to a server when they connect.  

A cookie consists of:

Name: the name of the cookie

Data: the stuff in the cookie

Domain: the domain name of the website to send the cookie to

Path: the path to match on the server[typically /]

 

Ignore path for the moment, domain matches are the domain of the host being connected to and anything up the chain.

 

So for http://gary.users.sherodesigns.com

Any cookie for gary.users.sherodesigns.com; users.sherodesigns.com; sherodesigns.com; and .com would be sent.   Browsers don't allow cookies to be set for top level domains[.com] because of this.  If multiple cookies with the same name match, then they are all sent.  So for magento you have a your logon cookie as follows:

adminhtml=blahblahblah

 

The staging server will receive:

adminhtml=12345mainsite

adminhtml=2468staging

 

PHP grabs one of the 2 cookies at what might as well be random, so things work, then they break, then they work, then they break..

 

A common host setup for us is:

www.client.com --> client.com

client.com --- main website

dev.client.com -- dev site

staging.client.com -- staging site

 

So if you are doing anything on both the main site and dev or staging, cookies being set by the main site can interfere.

 

I do not have a GOOD answer to this problem.  A quick hack is to copy:

app/code/core/Mage/Adminhtml/Controller/Action.php

To local and edit line 44 and make it unique for dev, staging, and live:

const SESSION_NAMESPACE = 'adminhtml';


In PHP 5.3 it is not possible to use an expression when setting a constant. so

const SESSION_NAMESPACE = $_SERVER['SERVER_NAME'].'adminhtml';

Won't work.  It should work for PHP 5.6 but I don't recall at what point this was changed.