Allow php sessions to carry over to subdomains
PhpApacheSessionCookiesPhp Problem Overview
I use php sessions (not cookies, except for session id cookie) for all user data, and when a user goes to their profile user.mydomain.com they are immediately "logged out" untill then remove the subdomain.
Is there a way to accept sessions from all domains as long as its *.mydomain.com
Php Solutions
Solution 1 - Php
Here are 4 options.
Place this in your php.ini:
session.cookie_domain = ".example.com"
Or in your .htaccess:
php_value session.cookie_domain .example.com
Or as the first thing in your script:
ini_set('session.cookie_domain', '.example.com' );
Or in your php-fpm pool configuration for your site:
php_value[session.cookie_domain] = .example.com
Solution 2 - Php
if(isset($_COOKIE['session_id']))
session_id($_COOKIE['session_id']);
Zend_Session::start(); //or session_start();
if(!isset($_COOKIE['session_id']))
setcookie('session_id', session_id(), 0, '/', '.yourdomain.com');
security be damned, if you are as frustrated with incomplete or bad answers as I am, this is your savior. It just works.
Solution 3 - Php
change the session name at the top of the core functions file like
session_name('mysession');
then use the following code into the php page
session_set_cookie_params(0,"/",".example.com",FALSE,FALSE);
setcookie(session_name(), session_id(),0,"/","example.com");
session_start();
finally change the default session name of the subdomain and remove the default cookie in subdomain's core functions file like:
/*default session name*/
session_name("mysession");
/*remove the PHPSESSID and default session name from subdomain's cookie*/
setcookie( "mysession", "",1,"/" );
setcookie( "PHPSESSID", "",1,"/" );
if you continue with using your cookie name as PHPSESSID ,just remove all the functions with
"mysession" string like session_name('mysession'), setcookie( "mysession", "",1,"/" );
then check your browser's existing cookies, just remove all the cookies of domain and subdomain, and repeat the process.
Solution 4 - Php
I know this is quite old - but to further expand on @CTT's suggestion - I needed to add a php.ini file in each sub-directory (that will be executing php code and requires the session) of my subdomain with the following text:
suhosin.session.cryptdocroot=Off
suhosin.cookie.cryptdocroot=Off
I hope this helps (it took me ages to figure this out).
Solution 5 - Php
Another option that worked for me: is to force the name of the session:
session_name("myWebsite");
session_start();
Solution 6 - Php
yes. ini_set
is working. but remember to destroy all caches and cookies of the browser to see it works.
-
destroy all caches and cookies of your browser
-
in your
xxx.example.com
andyyy.example.com
, your php files should start like this.ini_set('session.cookie_domain', '.example.com' ); session_start();
Solution 7 - Php
I just had this problem and it turns out I was using different php.ini files for two different sub-domains. These ini files specified different session.save_path variables. For obvious reasons this needs to be the same for all sub-domains that need to share sessions.
Solution 8 - Php
Try This:
session_start();
$sessionId = session_id();
logged the user. When user will switch to other subdomain sent the session id in the URL like this user.mydomain.com/?id=$sessionId
$sessionId = $_GET['id'];
session_start($sessionId);
Now the user will get all the session values and stay logged in.
Solution 9 - Php
Before session_start()
use session_set_cookie_params()
replacing .domain.com with your domain like this example:
session_set_cookie_params(0, '/', '.domain.com');
session_start();
Solution 10 - Php
if(isset($_COOKIE['session_id']))
session_id($_COOKIE['session_id']);
Zend_Session::start(); //or session_start();
if(!isset($_COOKIE['session_id']))
setcookie('session_id', session_id(), 0, '/', '.yourdomain.com');
This is a good solution, but you cannot use it in all situations. For examples it will not work when you cannot rely on not-session cookies.
This actually MUST work if you use it correctly.
ini_set('session.cookie_domain', '.example.com' );
For example you need to put it before session_start()
and also in all files that call session_start()