Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 11 of 11
  1. #1
    Regular Coder
    Join Date
    Dec 2006
    Posts
    417
    Thanks
    168
    Thanked 1 Time in 1 Post

    sessions and subdomains

    I have a session_start() on my domain

    foo.com

    user logs in, session starts, all is good

    when that session is open and the user clicks to another subdomain, say

    bar.foo.com

    I notice that the session is no longer open

    when I return to foo.com the session reopens

    session_start() is at the beginning of each script.

  • #2
    Regular Coder
    Join Date
    Dec 2006
    Posts
    417
    Thanks
    168
    Thanked 1 Time in 1 Post
    and, no, I dont want to use php.net/session_set_cookie_params

    what's the point of using sessions if you are reverting to cookies?


    If this is true (cant use a session across a subdomain) then this is the first I have heard ofit!

  • #3
    New Coder
    Join Date
    Mar 2008
    Location
    Lakeland, FL
    Posts
    39
    Thanks
    1
    Thanked 3 Times in 3 Posts
    sessions are domain specific and the reason for using sessions is a lot more then just cookies it is also for security reasons. Users cant fiddle with session variables as easily as they can cookie files. Even sessions set a cookie for the session id and if it cant php rewrite every url with the session id in the url. So I suggest using the line below in your .htaccess probably on both subdomains so the session id will be passed across subdomains.

    Code:
    php_value session.cookie_domain .hostname.com

  • Users who have thanked digitalfiz for this post:

    Bobafart (03-02-2008)

  • #4
    eak
    eak is offline
    Regular Coder eak's Avatar
    Join Date
    Jun 2002
    Location
    Nashville, TN
    Posts
    354
    Thanks
    0
    Thanked 26 Times in 26 Posts
    I have had some shared hosting servers choke on "php_value" in the htaccess file.
    If that happens to you, try something like this:

    put in .htaccess file
    Code:
    SetEnvIfNoCase Host "^([a-zA-Z0-9_]+)\.yourdomain\.com(:[\d]+)?$" SUBDOMAIN=$1

    put in global php inc file that all your subdomains use.
    Code:
    session_set_cookie_params ( 0 ,"/", preg_replace( "/^".( isset( $_SERVER["SUBDOMAIN"] ) ? $_SERVER["SUBDOMAIN"]:"www" )."\./","", $_SERVER["HTTP_HOST"] ) );
    session_start();
    eak | "Doing a good deed is like wetting your pants; every one can see the results, but only you can feel the warmth."

  • #5
    Senior Coder CFMaBiSmAd's Avatar
    Join Date
    Oct 2006
    Location
    Denver, Colorado USA
    Posts
    3,026
    Thanks
    2
    Thanked 315 Times in 307 Posts
    FYI - you can only set php settings in a .htaccess file when php is running as a server module and the host permits it. When php is running as a CGI wrapper, you should be able to do the same in a local php.ini (again if the host permits it.)

    Setting the session.cookie_domain like .hostname.com (with the leading dot) as digitalfiz posted is all that is needed. By explicitly setting it to www.hostname.com or subdomain.hostname.com will restrict it to work in just the www. or subdomain. address.

    Setting the session.cookie_domain in php.ini (when available), a .htaccess file (when available), a local php.ini (when available), or in the script using an ini_set() statement or session_set_cookie_params() statement all accomplish the same thing, they set the value before the session_start() sends the session cookie to the browser.
    If you are learning PHP, developing PHP code, or debugging PHP code, do yourself a favor and check your web server log for errors and/or turn on full PHP error reporting in php.ini or in a .htaccess file to get PHP to help you.

  • #6
    New Coder
    Join Date
    Dec 2010
    Posts
    12
    Thanks
    0
    Thanked 0 Times in 0 Posts
    I have problems too.
    i want to retrieve login info at subdomain call as my.domain.com/index.php
    i logged in at domain.com/login.php

    I using session to remember my login information and can easily pass to other subdomains. But sub domains can't get the login information.
    I have google for few hrs and tried a lot of methods but can't work.
    Assume that sucessfully login BUT session not being pass over.

    domain.com/login.php
    Code:
    session_name("PHPSESS");
    session_set_cookie_params(0, '/', '.domain.com'); 
    session_start();
    $_SESSION['login'] = $u;
    header('Location: http://my.domain.com/index.php');
    my.domain.com/index.php
    Code:
    session_name("PHPSESS");
    session_set_cookie_params(0, '/', '.domain.com'); 
    session_start();
    $u = $_SESSION['login'];
    but i got error at index.php saying that Undefined index: login

    1) I doesn't know whether there is a need to put in both index.php and login.php or just one of them?
    Code:
    session_name("PHPSESS");
    session_set_cookie_params(0, '/', '.domain.com');
    2) avoid using .htaccess or other configuration files

    Please help me!!
    Thanks.

  • #7
    New to the CF scene
    Join Date
    Nov 2011
    Posts
    1
    Thanks
    0
    Thanked 0 Times in 0 Posts
    HI xporiten,

    My problem is the same as your scenario. Have you been able to find a fix?

  • #8
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,313
    Thanks
    58
    Thanked 525 Times in 512 Posts
    Blog Entries
    5
    Try looking above. There are two replies with information.
    See my new CodingForums Blog: http://www.codingforums.com/blogs/tangoforce/

    Many useful explanations and tips including: Cannot modify headers - already sent, The IE if (isset($_POST['submit'])) bug explained, unexpected T_CONSTANT_ENCAPSED_STRING, debugging tips and much more!

  • #9
    New Coder
    Join Date
    Apr 2010
    Posts
    55
    Thanks
    0
    Thanked 4 Times in 4 Posts
    Quote Originally Posted by 808coder View Post
    HI xporiten,

    My problem is the same as your scenario. Have you been able to find a fix?
    session_set_cookie_params is all that you need to use. Check the manual for setting the domain parameter.
    Hosting Reviews and Discounts: Bluehost Coupon and Hostmonster Coupon

  • #10
    Regular Coder
    Join Date
    Dec 2010
    Location
    Kent, UK
    Posts
    573
    Thanks
    23
    Thanked 10 Times in 10 Posts
    i know this is slightly off topic, but still related, is there a way to change the session max time length in htaccess, the reason i ask is, i changed the session max length in my phpinfo file, however the sessions only last 5 minutes if the user is inactive from changing the page.
    http://360-tactics.co.uk/forum/index.php

    Crime-Wave

    please post your code wrapped in tags
    please post your PHP wrapped in tags

  • #11
    Senior Coder
    Join Date
    Feb 2011
    Location
    Your Monitor
    Posts
    4,313
    Thanks
    58
    Thanked 525 Times in 512 Posts
    Blog Entries
    5
    The problem with sessions is that they do timeout and all hosts are different. IF you move to another host then you may run into more problems.

    Ideally, you should use a session table in your database which naturally has an unlimited lifetime. You can then put a number in your links/postfields that refers to that session (just be sure to use other means to check the user too otherwise you could find someone wipes all the stored sessions in your db).

    You can serialize() and unserialize() arrays for storing them as strings.

    It's slightly more work but it will save hassle in the long run.
    See my new CodingForums Blog: http://www.codingforums.com/blogs/tangoforce/

    Many useful explanations and tips including: Cannot modify headers - already sent, The IE if (isset($_POST['submit'])) bug explained, unexpected T_CONSTANT_ENCAPSED_STRING, debugging tips and much more!


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •