Ready for this one, everyone?
I'm having a problem accessing a PHP session across subdomains.
I have a Linux/Apache server running PHP 4.3.2 with one domain on it. Let's call it foo.com. The domain has the usual 'www' subdomain plus another subdomain, 'secure'. I have set up the httpd.conf file so that the documentRoot for secure.foo.com is /home/foo/secure and the documentRoot for www.foo.com
is /home/foo/www. The two subdomains also have unique IP addresses.
Here's the applicable section of the httpd.conf file (the IP addresses and paths have been changed to protect the ignorant):
The DNS for the domain (foo.com) is set up as follows:
<SOA and other stuff...>
IN A 184.108.40.206
mail IN A 220.127.116.11 ;mail on another server
www IN A 18.104.22.168
secure IN A 22.214.171.124
With this setup, www.foo.com
only accepts http traffic and secure.foo.com only accepts SSL (https) traffic.
If I start a PHP session on http://www.foo.com/page.php
I can access all of the values I toss into the session from any page on the site. However, as soon as I pull up a page on https://secure.foo.com
(and call session_start), the session variables are not there (print_r ($_SESSION) outputs 'array ()').
I have session.cookie_domain in php.ini set to 'foo.com' (I also tried '.foo.com').
It's my understanding that cookies -- including session cookies -- are supposed to be available across subdomains. Does the fact that the subdomains are using different transfer protocols (http v. https) make a difference?
I've looked everywhere for an answer to my problem. Please put me out of my misery and tell me it's something stupid I've overlooked!!!