I use subdomain routing in my app, there are set dynamic routes and every subdomain has its own login page, in users table are restrictions for users & subdomains and the validation works without problems, every user can login in his subdomain but not in others, this is as needed.
I'm a little confused, is this by default set different session per subdomain? I want to make possible for a user with more accounts to stay logged in more subdomains at the same moment, of course with separate data...
Example:
time.example.com -> time#example.com
finance.example.com -> finance#example.com
Session configuration is in my app by default, nothing I changed nothing.
This are 2 different subdomains and 2 different accounts, I want to be sure that this are also 2 different sessions...
Try updating your config/session.php
Change from:
'domain' => null,
to (The first period is important!):
'domain' => '.example.com',
The default value will instruct the user's browser that their session cookie should only be accessible on the domain that it was created (time.example.com, etc.)
By putting a . in front of the domain name, you are instructing the browser that the cookie should be accessible on any subdomain.
Note that all of your users will be forced to log in again.
Related
I tried to set cookies for embedded shopify app in php.
setcookie("user", 'test#domain.com', time()+3600, "/", "example.com", 1);
It works properly but if we are logged in with 2 shopify sites and if both opens the apps together in same browser, cookie value gets updated and same cookie gets set for both which causes same data to show in both places.
Cookie/Session works based on domain and will be unique.
suppose your app domain is example.com and you save logged in domain in session as
$_SESSION['logged_in_store'] = 'store1.myshopify.com'
when the second store login to your app this variable will simply updated as single session will work on this domain.
As a solution you can make use of wildcard subdomain
enable wildcard subdomain from your DNS.and when store login to your store redirect them to unique subdomain..... like store 1 will run on below subdomain
store1.your-app-domain.com
store 2 will run on
store2.your-app-domain.com
so on.. each store will run on different wildcard subdomain. and this will resolve your session / cookie conflicts.
Hope this will help.
I have the following 4 sub-domains for my project:
www.mysite.com - public site, published pages etc.
my.mysite.com - normal users log in to this domain to create pages and other stuff
company.mysite.com - Company hasMany Employees that log in to this sub-domain to manage their pages and other stuff
admin.mysite.com - Admins of the site log in here to manage everything
--
Typically, I want to keep all 4 sub-domains separate. So a user logged in to my. should not be able to view company. unless they login their as well. I have managed to do this by creating the following middlewares:
auth:my
auth:company
auth:admin
Using the above I have different login views/routes etc. for the different types of users working correctly.
--
I needed a way to share sessions across the subdomains because when a user creates a Page on the my., they can publish it and it shows on the public www. (www.mysite.com/my-page)
What I needed is that when the User who owns the Page and is logged in to my., visits their own page on the www. sub-domain, an Edit button to show.
I managed to do this by sharing sessions across my subdomains by making the following change:
config/session.php
domain => env('SESSION_DOMAIN', '.mysite.com')
--
However, this messes up the logins for company. and admin., because when a User logs in to my., the session is shared across the sub-domains.
How do I share the sessions across the sub-domains but group them so something like:
domain => [
['www.mysite.com', 'my.mysite.com'],
['www.mysite.com', 'company.mysite.com'],
['www.mysite.com', 'admin.mysite.com'],
]
The sessions are shared because it's essentially the same application and you're presumably using driver = file or database.
To fix this, you can have multiple session tables per sub-domain.
Change your config/session.php file and make sure you're using database driver.
Create multiple copies of the sessions table, calling them company_sessions, admin_sessions etc.
Update your code (i.e. config/session.php file) so that the sessions table is based on the subdomain. E.g. create an if-else statement looking for the $_SERVER['HTTP_HOST'] and check it's a particular subdomain.
if ( $_SERVER['HTTP_HOST'] == 'admin.mysite.com' ) {
$config['table'] = 'admin_sessions';
}
The layout of your config/session.php may need to be changed to accomodate overriding the table and returning the correct value.
See if it works!
There are other ways you can achieve this, but this may be the simplest.
It may not work as you're trying to share sessions and don't want all sessions to be shared at the same time. You my have to compromise on the functionality and just stick with shared sessions.
i have make a web application where only pre register user can login and use user dashboard and logout.
for example this application run on php-mysql(cpanel)
"www.example.com/system/index.php"
But i want
if their is two pre register user like 1. user1(subdomain : sys1.user1.com) 2. user2(subdomain : sys2.user2.com) pre register user with their pre register subdomain and this subdomain point to "www.example.com/system/index.php".
for both two user have different option in their dashboard some different page and also some similar option similar design same login logout page. user1 cannot access any things of user2 vice versa. under user1 and user2 their are also subuser a/c with some less option that upper user.
Okay, here is what i think you need.First session that are accessible from all the three domains.
Here is something for that
session_set_cookie_params(0, '/', '.your-domain.com');
session_start();
Now your session data would be shared across all your subdomains. Next, and i am simplifying this step because i noticed you wrote CPanel you need common session path for all subdomains. That is already done because by default session uses file to store session data. If you scale to multiple servers, make sure your session data is stored in some database server and accessible to all of the subdomains.
Now you need to differentiate between which subdomain did the user came from. For that it is simple add a flag variable in login system to both to write the subdomain in php session. Example
<?php
if (user.login($username,$password)) {
$_SESSION["authenticated"] = True;
$_SESSION["authSource"] = $_SERVER['HTTP_HOST'];
}
?>
the method user.login is only for representation and not any actual method. You can change it according to your codes.
So in conclusion the first part of the code segment will share session cookies across all subdomains of your domain. and the second part will set a flag on $_SESSION on which subdomain did the authentication occur from.
I would like to share a cookie across 2 domains as my mobile site runns on a subdomain.
production server:
www.server.com
m.server.com
development server:
rabbit.server
rabbit.m.server
My PHP-code to set the cookie looks like this:
if ($settings['development'] == true) // intranet does not work with subdomains :-(
setcookie($cookiename,$sessid, $expires,'/','',0);
else // production
setcookie($cookiename,$sessid, $expires,'/', $subdomain.'.'.$domain['name'],0);
How could I share this cookie across the 2 domains in order to have the client loged in on both sites?
Is this what you mean?
"To make the cookie available to the whole domain (including all subdomains of it), simply set the value to the domain name ('example.com', in this case)."
http://php.net/manual/en/function.setcookie.php
You dont have to explicitly define the sub-domain:
setcookie('cookiename','cookievalue',time()+(3600*24),'/');
Place cookie in root and it would be accessible every where.
So basically '/' defines that it can be accessed in all the folders.
Well, there's two ways of doing this.
You can either set the cookie on the whole domain, which will allow you to access it from any subdomain, or if you wish to only allow certain subdomains then you'll have to create two cookies, one for each.
You can't have one single cookie for two different subdomains only, you can enable it on the whole domain, or you can have multiple cookies, one for each subdomain.
Code-wise you have to change
setcookie($cookiename,$sessid, $expires,'/', $subdomain.'.'.$domain['name'],0);
to
setcookie($cookiename,$sessid, $expires,'/','.'.$domain['name'],0);
I own a lot of subdomains, but only the main domain have SSL. On each subdomain there is a different website, and all are using the same CMS system, the same files and hosting (basicly it is redirects to the main domain and using PHP I show the site they want to see). I have one SSL to my main domain only. It won't work on subdomains obviously. So I thought to submit the form to the main domain from the subdomain using AJAX, but I guess it isn't safe, so I decided that I should use:
<iframe src="https://main.com/login.php?webid=958325&pageid=83985&hash=hjWR23grvw$%F$W"></iframe>
but the problem is the cookies. How can I create a cookie that will work on all subdomains, the main domain, and if it is possible, to some specific urls (that works the same way, but domain and not subdomain).
http://php.net/setcookie
The fifth and sixth parameter might interest you, which are respectively:
(5th) domain
(6th) secure
For example:
// This cookie will only be set to domain.com/folder if a secure connection exists and will expire once the browser closes.
setcookie('cookie', $variable, 0, 'folder/', 'domain.com', true);
To have cookie working on all subdomains you need to set cookie to .example.com but it wont work on example.com, so you may need to set two cookies.