Bobafart 03-02-2008, 11:47 AM I have a session_start() on my domain
foo.com
user logs in, session starts, all is good
when that session is open and the user clicks to another subdomain, say
bar.foo.com
I notice that the session is no longer open
when I return to foo.com the session reopens
session_start() is at the beginning of each script.
Bobafart 03-02-2008, 11:52 AM and, no, I dont want to use php.net/session_set_cookie_params
what's the point of using sessions if you are reverting to cookies?
If this is true (cant use a session across a subdomain) then this is the first I have heard ofit!
digitalfiz 03-02-2008, 12:56 PM sessions are domain specific and the reason for using sessions is a lot more then just cookies it is also for security reasons. Users cant fiddle with session variables as easily as they can cookie files. Even sessions set a cookie for the session id and if it cant php rewrite every url with the session id in the url. So I suggest using the line below in your .htaccess probably on both subdomains so the session id will be passed across subdomains.
php_value session.cookie_domain .hostname.com
I have had some shared hosting servers choke on "php_value" in the htaccess file.
If that happens to you, try something like this:
put in .htaccess file
SetEnvIfNoCase Host "^([a-zA-Z0-9_]+)\.yourdomain\.com(:[\d]+)?$" SUBDOMAIN=$1
put in global php inc file that all your subdomains use.
session_set_cookie_params ( 0 ,"/", preg_replace( "/^".( isset( $_SERVER["SUBDOMAIN"] ) ? $_SERVER["SUBDOMAIN"]:"www" )."\./","", $_SERVER["HTTP_HOST"] ) );
session_start();
CFMaBiSmAd 03-02-2008, 05:19 PM FYI - you can only set php settings in a .htaccess file when php is running as a server module and the host permits it. When php is running as a CGI wrapper, you should be able to do the same in a local php.ini (again if the host permits it.)
Setting the session.cookie_domain like .hostname.com (with the leading dot) as digitalfiz posted is all that is needed. By explicitly setting it to www.hostname.com or subdomain.hostname.com will restrict it to work in just the www. or subdomain. address.
Setting the session.cookie_domain in php.ini (when available), a .htaccess file (when available), a local php.ini (when available), or in the script using an ini_set() statement or session_set_cookie_params() statement all accomplish the same thing, they set the value before the session_start() sends the session cookie to the browser.
xporiten 07-11-2011, 09:32 AM I have problems too.
i want to retrieve login info at subdomain call as my.domain.com/index.php
i logged in at domain.com/login.php
I using session to remember my login information and can easily pass to other subdomains. But sub domains can't get the login information.
I have google for few hrs and tried a lot of methods but can't work.
Assume that sucessfully login BUT session not being pass over.
domain.com/login.php
session_name("PHPSESS");
session_set_cookie_params(0, '/', '.domain.com');
session_start();
$_SESSION['login'] = $u;
header('Location: http://my.domain.com/index.php');
my.domain.com/index.php
session_name("PHPSESS");
session_set_cookie_params(0, '/', '.domain.com');
session_start();
$u = $_SESSION['login'];
but i got error at index.php saying that Undefined index: login
1) I doesn't know whether there is a need to put in both index.php and login.php or just one of them?
session_name("PHPSESS");
session_set_cookie_params(0, '/', '.domain.com');
2) avoid using .htaccess or other configuration files
Please help me!!
Thanks.
808coder 11-11-2011, 07:21 AM HI xporiten,
My problem is the same as your scenario. Have you been able to find a fix?
tangoforce 11-11-2011, 02:33 PM Try looking above. There are two replies with information.
alemcherry 11-11-2011, 02:38 PM HI xporiten,
My problem is the same as your scenario. Have you been able to find a fix?
session_set_cookie_params is all that you need to use. Check the manual for setting the domain parameter.
Dan13071992 11-11-2011, 02:38 PM i know this is slightly off topic, but still related, is there a way to change the session max time length in htaccess, the reason i ask is, i changed the session max length in my phpinfo file, however the sessions only last 5 minutes if the user is inactive from changing the page.
tangoforce 11-11-2011, 02:57 PM The problem with sessions is that they do timeout and all hosts are different. IF you move to another host then you may run into more problems.
Ideally, you should use a session table in your database which naturally has an unlimited lifetime. You can then put a number in your links/postfields that refers to that session (just be sure to use other means to check the user too otherwise you could find someone wipes all the stored sessions in your db).
You can serialize() and unserialize() arrays for storing them as strings.
It's slightly more work but it will save hassle in the long run.
|
|
