My host (one) is not allowing me to change the php.ini file and nor can I find it (I probably don't have read access to it even). When I am trying to make session variables go across subdomains I can't since the session cookie is set for the main domain only (example.com). I would like it to be set for .example.com
I have tried to set the php ini file to allow this.
ini_set('session.cookie_domain', '.example.com');
That did not work because I am not allowed to run the ini_set() function. I also tried finding the php.ini file but could not find it in my FTP client. Using phpinfo() wields me it is in /etc/php but I don't have access to that directory.
I expect this to work but clearly it does not. Checking the developer console in Firefox the domain path for the PHPSESSID cookie is still example.com and not .example.com
Is there any workaround other than setting the session variables on the correct subdomain from the start?
Session cookie params can also be set with session_set_cookie_params(). The domain is the third argument.
This is not the best solution !
Regarding your situation and if you cannot set it using .htaccess, you can make a redirect to your subdomain(s), create the session and redirect back to the URL where you want to be,
EX :
example.com -> any action -> go to sub1.example.com -> create session -> go to sub2.example.com -> create session -> ... -> go to example.com
Or :
You can also create pixel image with links to your subdomains if you don't want to use redirect
For this two solutions to work, you need to set sessions separately for each subdomain.
You can set ini variable like this before session_start()
ini_set('session.cookie_domain', '.example.com' );
or for that question you can set in htaccess file like this:
php_value session.cookie_domain .example.com
and from this answer:
if(isset($_COOKIE['session_id']))
session_id($_COOKIE['session_id']);
Zend_Session::start(); //or session_start();
if(!isset($_COOKIE['session_id']))
setcookie('session_id', session_id(), 0, '/', '.yourdomain.com');
at the end if any of this ways doesn't work, you can change the session_name
session_name('example_name');
then use the following code into the php page
session_set_cookie_params(0,"/",".example.com",FALSE,FALSE);
setcookie(session_name(), session_id(),0,"/","example.com");
session_start();
for more information see this question
Related
i have some questions about the PHP Sessions i couldnd figure out with the pages i found.
But first some general information, i want to create multiple subdomains on one server,
sub1.domain.com --> 10.10.10.10 (Sample IP of the Server)
sub2.domain.com --> 10.10.10.10 (Sample IP of the Server)
sub3.domain.com --> 10.10.10.10 (Sample IP of the Server)
all of this subdomains will work with the same files but they need to have their own sessions, for example if i am logged in on sub1 and i open sub2 i need to be logged out for this subdomain.
Can someone explain me how this may work?
How does this work with multiple servers (round robin dns for example), does all servers know the session of for example sub1?
By default, PHP uses the 'PHPSESSID' cookie to propagate session data across multiple pages, and by default it uses the current top-level domain and subdomain in the cookie declaration.
Example: www.domain.com
The downside to this is that the session data can't travel with you to other subdomains. So if you started a session on www.domain.com, the session data would become unavailable on forums.domain.com. The solution is to change the domain PHP uses when it sets the 'PHPSESSID' cookie.
Assuming you have an init file that you include at the top of every PHP page, you can use the ini_set() function. Just add this to the top of your init page:
ini_set('session.cookie_domain', substr($_SERVER['SERVER_NAME'], strpos($_SERVER['SERVER_NAME'],"."), 100));
This line of code takes the domain and lops off the subdomain.
Example: forums.domain.com -> .domain.com
Now, every time PHP sets the 'PHPSESSID' cookie, the cookie will be available to all subdomains!
you need to
ini_set("session.cookie_domain", ".mydomain.com");
add it before the session.start() function on any page which creates the session cookie.
Or, you can add:
session.cookie_domain = .mydomain.com
to php.ini
Make sure you've cleared your cookies before you try that.
I have a php application in the domain "subdomain.example.com" and I need to set a cookie that is also readable by "subdomain2.example.com".
So I tried making a cookie using the setcookie() function using the domain ".example.com", but it refuses to make the cookie. There are no error messages or anything, but when I try to print out the $_COOKIE global, the cookie I'm trying to generate is not there nor can I find it when I search through the cookies in the browser.
I have already modified the php.ini file to contain the line
session.cookie_domain = ".example.com"
If it helps, I am running this off an Apache 2 web server.
I have a problem sharing the session between two subdomains, and I've read a lot of threads here and other places.
I have www.xx.com and sub.xx.com and I've set
session_name("PHPSESSXX");
session_set_cookie_params(0, '/', '.xx.com');
and the session.save_path is the same on both domains.
I get a cookie called PHPSESSXX on both domains, and it has the same value.
When I log on to www.xx.com I get a session with some details in it, and it stays that way until I go to sub.xx.com. Then the session on sub.xx.com is empty, and if I refresh www.xx.com, the session there is gone as well. So it does something, but it seems to be overwriting the session data each time I visit a different subdomain.
Any ideas anyone? - Can i debug this somehow?
Btw: I'm using ssl on both domains.
cheers
PHP session ids are saved in Cookies. To make a cookie available in all the sub-domains you need to assign it to the root domain. Then all the sub-domains will get the session id from cookie and PHP can find the session using passed session id.
As it turns out, You just need to set the session.cookie_domain to the root domain in php.ini file
session.cookie_domain = ".example.com"
Also check manual for different approaches used to set an ini entry.
Your question is answered here
Sharing SESSION Variables Between Multiple Subdomains
My solution was to set a flag in .htaccess like this:
php_flag "suhosin.session.cryptdocroot" 0
And it now works perfectly ;o)
The problem was that Suhosin was installed on the system, and the ini variable
suhosin.session.cryptdocroot = On
encrypted the session files in such a way, that when a different subdomain tried to change the session, it deleted everything for security reasons.
It didn't work for me to set the variable to Off or [nothing] in the ini-file, though maybe I didn't find the right file.
I also tried setting it in PHP without any luck. Like this:
ini_set('suhosin.session.cryptdocroot', 0)
cheers
We are having some issues with PHP Session Cookies not allowing us to log into our *SugarCRM** application which is open source PHP application.
The problem is we have the same application installed on 2 sub-domains like below...
Main site
www.domain.com
Dev site
dev.www.domain.com
Now after logging into one, it will not allow you to login to the other!
Please view the image below to see the Cookie problem...
In the image above you can see that there is 2 PHPSESSID Cookies competing for the Session!
If I now delete one of them, it allows me to login as normal without an issue!
Because this is SugarCRM, I am hoping I can resolve this issue without making really any core file modifications to the application. But if I have to, then we will.
So does anyone have any ideas on a good solution?
Right now my idea for a "Nasty Dirty Hack" which I really do NOT want to have to do. It is to make a button on the login form, this button will use JavaScript to clear/delete the PHPSESSID Cookies but again I would really like to find a proper solution.
If anyone has any ideas, please share? Thank you
UPDATE
Thanks for the answers so far. Please do take into acocunt that this is not a simple PHP application that I built where I can easily do code changes. THis is SugarCRM which is a massive large application with thousands of files
Try to setup in .htaccess parameter on subdomain
php_value session.cookie_domain .domain.com
or use in php code, but before "session_start()"
ini_set('session.cookie_domain', '.domain.com' );
Use
session_set_cookie_params
to set the session from the subdomain, on the principal domain.
Try to use function (http://php.net/manual/en/function.session-set-cookie-params.php):
session_set_cookie_params ( $lifetime, $path, $domain, $secure, $httponly)
And set one $domain = '.domain.com'
Or if you setting session cookie manually by setcookie, then setting the same domain too
Its actually not the domain you need to change, but the "session name" (name of the cookie parameter). Both apps seem to be using the default "phpsessid" and need to be made to differ, otherwise the apps will see eachother sessions, see the wrong session, or try to unserialize classes only defined in the other project.
You need to change the cookie parameter its storing the session ID in. It can be controlled from an environment variable (php.ini, .htaccess, etc.): http://us1.php.net/manual/en/session.configuration.php#ini.session.name
This way you can have multiple PHP sessions on the same domain. For example if you had example.com/sugarcrm and example.com/foo You could have sugarCRM store it's session ID in a cookie param called "sugarsession" (instead of the default phpsessid)
It has been a while since I had this issue but I think all you have to do is write each instances session file to a different directory by editing the config.php in each SugarCRM's file system and change the line
'session_dir' => '',
to point at a different directory.
I have a website written in PHP which uses session through cookies. It works perfectly when the app is in a subdirectory, because the cookie path is set to /sub/.
When I try to set up my website in the root directory of my domain (http://domain.tld/index.php), I set the cookie path to "/". According to the PHP documentation, this should not be an issue :
session_set_cookie_params
Path on the domain where the cookie will
work. Use a single slash ('/') for all paths on the domain.
http://php.net/manual/en/function.session-set-cookie-params.php
Unfortunatly, in this case the sessionID seems to change after each page reload. It happens in Chrome and Opera, but for whatever reason, it works with Firefox.
By the way, if the session is not persistent, I can't login or do anything...
Does anyone have already experienced something like this ? Or have an idea ?
EDIT : It happens with Apache on Fedora and CentOS.