I want to make a session on a subdomain, and then access it from my main domain. I have read many threads regarding the same problem but none of the answers work for me.
I have a VPS from Dreamhost, and I have sat the following line into phprc on both domains (phprc is added to php.ini, dreamhost way of editing php.ini) session.cookie_domain = ".MAINDOMAIN.com" where .MAINDOMAIN.com is referring to my domain name. This was the working solution here: Sharing SESSION Variables Between Multiple Subdomains
I have then made a php file I call test.php on both login.DOMAIN.com and DOMAIN.com
On login.DOMAIN.com/test.php I have the following code:
session_start();
$_SESSION['test'] = "Works";
print_r($_SESSION);
The output when I navigate to the file:
Array ( [test] => Works )
After visiting that page I Then go to DOMAIN.com/test.php where the code is:
session_start();
print_r($_SESSION);
And the output is:
Array ( )
I have seen other threads like this: Allow PHP sessions to carry over to subdomains with 4 different options to set the php.ini line (Directly in php.ini, in .htaccess, in the script, and finally php-fpm pool configuration) and I have tried them all with the exception of the last one with php-fpm pool configuration
I have also tried to set this line on top of my php files, before session_start:
session_set_cookie_params(0,"/",".MAINDOMAIN.com",FALSE,FALSE);
And this on top of that:
session_name('mysession');
But nothing works
I have also checked with HTTP Header Live for FF which domain the cookie is set for as the answer here: Why can't I pass user sessions between subdomains? and the string of Set-Cookie is:
Set-Cookie: PHPSESSID=9Q%2Cfrhr747fferf4700; path=/
There is no mention of what domain? What am I doing wrong? Any ideas?
Maybe this is more of a work around but...
if you're not passing any private information you could pass the information from the sub domain to domain with $_GET's then use a page (getsession.php) on the domain to turn the $_GET's to $_SESSION's and redirect back to index of the domain to remove the $_GET's from url.
It is a limitation on Dremhost managed VPS, that don't allow sharing php sessions between virtual hosts (Subdomains). I have switched to another provider and everything works
Related
I'm running into an issue where I can't set a cookie on an AWS EC2 instance running LAMP.
I have two simple pages, cookie.php and show_cookie.php:
cookie.php
<?php
setcookie('test', 'test', time()+36000, '/');
?>
show me the cookies!
show_cookie.php
<?php
print_r($_COOKIE);
?>
go back
When I navigate to cookie.php in Chrome and click on the link, the page echoes an empty array. Also, if I inspect Cookies, there's nothing there.
I'm running PHP 7.0.16 with Apache/2.4.25 (Amazon). This is such strange behavior. Has anyone run into something similar to point me in the right direction?
In all my experience with cookies I've always included $_SERVER['SERVER_NAME'] as a fifth argument. I don't believe you have to define $_Server. I believe it's defined during execution. If not you may have to define it as your domain or IP address.
setcookie("userid",$global['user-id'],time()+3600*2,'/',$_SERVER['SERVER_NAME']);
This is a link to the PHP guide for $_Cookies.
http://php.net/manual/en/function.setcookie.php
This is a link to the PHP guide for $_Server. http://php.net/manual/en/reserved.variables.server.php
Domain:
The (sub)domain that the cookie is available to. Setting this to a
subdomain (such as 'www.example.com') will make the cookie available
to that subdomain and all other sub-domains of it (i.e.
w2.www.example.com). To make the cookie available to the whole domain
(including all subdomains of it), simply set the value to the domain
name ('example.com', in this case).
i have some questions about the PHP Sessions i couldnd figure out with the pages i found.
But first some general information, i want to create multiple subdomains on one server,
sub1.domain.com --> 10.10.10.10 (Sample IP of the Server)
sub2.domain.com --> 10.10.10.10 (Sample IP of the Server)
sub3.domain.com --> 10.10.10.10 (Sample IP of the Server)
all of this subdomains will work with the same files but they need to have their own sessions, for example if i am logged in on sub1 and i open sub2 i need to be logged out for this subdomain.
Can someone explain me how this may work?
How does this work with multiple servers (round robin dns for example), does all servers know the session of for example sub1?
By default, PHP uses the 'PHPSESSID' cookie to propagate session data across multiple pages, and by default it uses the current top-level domain and subdomain in the cookie declaration.
Example: www.domain.com
The downside to this is that the session data can't travel with you to other subdomains. So if you started a session on www.domain.com, the session data would become unavailable on forums.domain.com. The solution is to change the domain PHP uses when it sets the 'PHPSESSID' cookie.
Assuming you have an init file that you include at the top of every PHP page, you can use the ini_set() function. Just add this to the top of your init page:
ini_set('session.cookie_domain', substr($_SERVER['SERVER_NAME'], strpos($_SERVER['SERVER_NAME'],"."), 100));
This line of code takes the domain and lops off the subdomain.
Example: forums.domain.com -> .domain.com
Now, every time PHP sets the 'PHPSESSID' cookie, the cookie will be available to all subdomains!
you need to
ini_set("session.cookie_domain", ".mydomain.com");
add it before the session.start() function on any page which creates the session cookie.
Or, you can add:
session.cookie_domain = .mydomain.com
to php.ini
Make sure you've cleared your cookies before you try that.
I have edited session.cookie_domain = ".mysite.in" in php.ini to share one single session for same user across all the sub domains of my site.
But it is not working weird. Now if I open a session at "www.mysite.in", it gets shared with "mysite.in"(no www), but not with "oth.mysite.in".
PS : The session did not get shared to "mysite.in" before. So edit definitely has some effect.
I have a problem sharing the session between two subdomains, and I've read a lot of threads here and other places.
I have www.xx.com and sub.xx.com and I've set
session_name("PHPSESSXX");
session_set_cookie_params(0, '/', '.xx.com');
and the session.save_path is the same on both domains.
I get a cookie called PHPSESSXX on both domains, and it has the same value.
When I log on to www.xx.com I get a session with some details in it, and it stays that way until I go to sub.xx.com. Then the session on sub.xx.com is empty, and if I refresh www.xx.com, the session there is gone as well. So it does something, but it seems to be overwriting the session data each time I visit a different subdomain.
Any ideas anyone? - Can i debug this somehow?
Btw: I'm using ssl on both domains.
cheers
PHP session ids are saved in Cookies. To make a cookie available in all the sub-domains you need to assign it to the root domain. Then all the sub-domains will get the session id from cookie and PHP can find the session using passed session id.
As it turns out, You just need to set the session.cookie_domain to the root domain in php.ini file
session.cookie_domain = ".example.com"
Also check manual for different approaches used to set an ini entry.
Your question is answered here
Sharing SESSION Variables Between Multiple Subdomains
My solution was to set a flag in .htaccess like this:
php_flag "suhosin.session.cryptdocroot" 0
And it now works perfectly ;o)
The problem was that Suhosin was installed on the system, and the ini variable
suhosin.session.cryptdocroot = On
encrypted the session files in such a way, that when a different subdomain tried to change the session, it deleted everything for security reasons.
It didn't work for me to set the variable to Off or [nothing] in the ini-file, though maybe I didn't find the right file.
I also tried setting it in PHP without any luck. Like this:
ini_set('suhosin.session.cryptdocroot', 0)
cheers
PHP sessions work as expected in root directory, and one directory deep. Directories that exist 2 deep end up with a new session id, and all session varaibles are lost.
I include a file config.inc.php (absolute path) into all pages which calls session_start() and initializes the SESSION variables. I found a PHP directive setting that seems to mention subdirectories, but it looks like it is referring to subdirectories of temporarily stored session files.
I've double checked using the HTTPFox firefox plugin, as soon as I visit any page 2 levels deep, the session is gone, and and a new session ID is issued. Very Strange...
Ah, it looks like I was writing my URLS to those particular directories using localhost instead of 127.0.0.1... The different domain caused the browser to think it was a different website, I guess. Changing this solved my problem.