Solved

php session does not carry across subdomains

Posted on 2009-05-07
6
400 Views
Last Modified: 2013-11-10
I have an issue where I need a script to read the same session no matter what subdomain the person is using. Anotherwords, I need the person to stay logged in even if they jump subdomains. I tried setting the below at the top of every page but it still doesn't work. When I try to read the session on a new subdomain it just creates a brand new one.
ini_set("session.cookie_domain", ".domain.com");

Open in new window

0
Comment
Question by:MeridianManagement
6 Comments
 
LVL 49

Expert Comment

by:Ryan Chong
ID: 24332352
subdomains and domains don't share sessions.
0
 
LVL 4

Expert Comment

by:aconrad
ID: 24332366
0
 
LVL 7

Accepted Solution

by:
ycTIN earned 500 total points
ID: 24332388
1. ini_set need before the session.start()
2. should have same session name

ini_set("session.cookie_domain", ".domain.com");
session_name("myapp");
session_start();

http://www.php.net/manual/en/function.session-set-cookie-params.php

if still not work, you can try storage the session id into cookie with domain settings
http://www.php.net/manual/en/function.setcookie.php

session_id(<read from cookie>);
session_start();

0
Why You Should Analyze Threat Actor TTPs

After years of analyzing threat actor behavior, it’s become clear that at any given time there are specific tactics, techniques, and procedures (TTPs) that are particularly prevalent. By analyzing and understanding these TTPs, you can dramatically enhance your security program.

 
LVL 2

Author Closing Comment

by:MeridianManagement
ID: 31579279
I'm not sure exactly which one worked, but I also added php_value session.cookie_domain ".domain.com" to an .htaccess file and now it is working perfectly! I'm not going to break it to find out exactly which fix worked though, so I'll assume they all worked in concert =)
0
 
LVL 4

Expert Comment

by:aconrad
ID: 24332399
aw well...
<?php 
 

// ====  script to go on your http://domain.com/
 

session_set_cookie_params(time()+3600,null,'.tzaka.ro');

session_start();
 

$_SESSION['testing'] = 'one';
 

?>

$_SESSION['testing'] = 'one';<br>

<A href="http://sub.domain.com/script.php">visit subdomain</a>
 

// ====  script to go on your http://sub.domain.com/

<?

session_id($_COOKIE['PHPSESSID']);

session_start();
 

echo 'got $_SESSION[\'testing\'] ='.$_SESSION['testing'];

?>

Open in new window

0
 
LVL 2

Author Comment

by:MeridianManagement
ID: 24332410
thanks aconrad, I'm sorry I accepted answer a little too quickly
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

Deprecated and Headed for the Dustbin By now, you have probably heard that some PHP features, while convenient, can also cause PHP security problems.  This article discusses one of those, called register_globals.  It is a thing you do not want.  …
Hi, in this article I'm going to teach you how to run your own site, and how to let people in (without IP). I'll talk about and explain each step... :) By the way, everything in this Tutorial is completely free and legal. This article is for …
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to dynamically set the form action using jQuery.

757 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

22 Experts available now in Live!

Get 1:1 Help Now