Building a php session based authentication system for a custom web app.
The app has a central code base and CMS to display content based on the domain header (ie: domain content has the same document root.
If you go to www.domain.com
you get db driven content for that domain. If you go to subdomain1.domain.com you get content for subdomain1.domain.com. There could be thousands of subdomains.
Authentication is based on sessions. Understanding the basis of sessions, it's geared for that specific domain, however I need a session to carry over into subdomains (and possibly otherdomains).
I've added the following code to my .htaccess in the document root and it seems to work, but has been flaky. If I monitor the session vars, I'll get a different session for different domains on different browsers (sometimes). It seems to generate new sessions for subdomains and it doesnt solve the secondary unique domain problem.
I'm open to just about any solution... even if it means a different fundamental authentication logic change...
Is this possible? What do others do?
php_value session.cookie_domain .domain.com