I am working on a project in which i want to share the session values among subdomains. for example i set the session values in abc.com and now i want to access those values in following subdomains first.abc.com and second.abc.com. These domains are handled using same code on a server. I have tried following method but it does not work for me.
In app/config/session.php i changed the domain value to following.
'domain' => '.abc.com'
Then cleared all the browser cookies and the session from laravel storage directory but it does not work.
Please suggest something where i am doing mistake.
Related
In production environment, Session domain is set into .env file like this:
SESSION_DOMAIN='example.com'
Now, I need to deploy the same codebase into different subdomain, i.e: staging.example.com
If I remove the SESSION_DOMAIN='example.com' from .env file, all user wont be able to login anymore, because of session cookies from browser.
What is the solution now, if I dont want any interruption in the real user?
I use a test domain in laravel and one subdomain is in use. Everything works fine,
test.com and user.test.com
but, Login function does not work on test domain
I have verified that the session file is generated at stoage / sessions
when I done login, it does not cognize my session. The login function works well on localhost url. how i can fix that?
i'm done config like this below
config / session.php
domain => ".test.com"
And if I set up like above, can I share login information between two domains?
Clear the cookies for the site and then try to log in again. Or If the issue still persists then try to change Session Cookie Name in config/session.php
I'm developping this website where each subdomain is a service, I wanted the user accounts to work on ever subdomains and users not having to relog everytime they switch from a subdomain to another so I'm using this code:
session_name("login");
session_set_cookie_params(0, '/', '.my_domain.com');
session_start();
It works very well, now my problem is with the keep alive, since some subdomains host single page applications, I have to do ajax calls to keep the PHP session alive, instead of putting a keep_alive.php file per subdomains (which would be the exact same file) I'm trying to use a single keep_alive.php file on one subdomain and do all the ajax calls on this file.
The problem is it doesn't work when the call is made from a different subdomain.
Example:
My keep_alive.php file is hosted on static.my_domain.com
If I try to call it from pics.my_domain.com it says $_SESSION isn't set, but if I call it from static.my_domain.com it works.
My .htaccess file already accepts Access-Control-Allow-Origin from other subdomains.
I'm kind of stuck.
It it possible or my only solution is to copy the keep_alive.php file for each subdomain / create a symlink?
I have a problem sharing the session between two subdomains, and I've read a lot of threads here and other places.
I have www.xx.com and sub.xx.com and I've set
session_name("PHPSESSXX");
session_set_cookie_params(0, '/', '.xx.com');
and the session.save_path is the same on both domains.
I get a cookie called PHPSESSXX on both domains, and it has the same value.
When I log on to www.xx.com I get a session with some details in it, and it stays that way until I go to sub.xx.com. Then the session on sub.xx.com is empty, and if I refresh www.xx.com, the session there is gone as well. So it does something, but it seems to be overwriting the session data each time I visit a different subdomain.
Any ideas anyone? - Can i debug this somehow?
Btw: I'm using ssl on both domains.
cheers
PHP session ids are saved in Cookies. To make a cookie available in all the sub-domains you need to assign it to the root domain. Then all the sub-domains will get the session id from cookie and PHP can find the session using passed session id.
As it turns out, You just need to set the session.cookie_domain to the root domain in php.ini file
session.cookie_domain = ".example.com"
Also check manual for different approaches used to set an ini entry.
Your question is answered here
Sharing SESSION Variables Between Multiple Subdomains
My solution was to set a flag in .htaccess like this:
php_flag "suhosin.session.cryptdocroot" 0
And it now works perfectly ;o)
The problem was that Suhosin was installed on the system, and the ini variable
suhosin.session.cryptdocroot = On
encrypted the session files in such a way, that when a different subdomain tried to change the session, it deleted everything for security reasons.
It didn't work for me to set the variable to Off or [nothing] in the ini-file, though maybe I didn't find the right file.
I also tried setting it in PHP without any luck. Like this:
ini_set('suhosin.session.cryptdocroot', 0)
cheers
We are having some issues with PHP Session Cookies not allowing us to log into our *SugarCRM** application which is open source PHP application.
The problem is we have the same application installed on 2 sub-domains like below...
Main site
www.domain.com
Dev site
dev.www.domain.com
Now after logging into one, it will not allow you to login to the other!
Please view the image below to see the Cookie problem...
In the image above you can see that there is 2 PHPSESSID Cookies competing for the Session!
If I now delete one of them, it allows me to login as normal without an issue!
Because this is SugarCRM, I am hoping I can resolve this issue without making really any core file modifications to the application. But if I have to, then we will.
So does anyone have any ideas on a good solution?
Right now my idea for a "Nasty Dirty Hack" which I really do NOT want to have to do. It is to make a button on the login form, this button will use JavaScript to clear/delete the PHPSESSID Cookies but again I would really like to find a proper solution.
If anyone has any ideas, please share? Thank you
UPDATE
Thanks for the answers so far. Please do take into acocunt that this is not a simple PHP application that I built where I can easily do code changes. THis is SugarCRM which is a massive large application with thousands of files
Try to setup in .htaccess parameter on subdomain
php_value session.cookie_domain .domain.com
or use in php code, but before "session_start()"
ini_set('session.cookie_domain', '.domain.com' );
Use
session_set_cookie_params
to set the session from the subdomain, on the principal domain.
Try to use function (http://php.net/manual/en/function.session-set-cookie-params.php):
session_set_cookie_params ( $lifetime, $path, $domain, $secure, $httponly)
And set one $domain = '.domain.com'
Or if you setting session cookie manually by setcookie, then setting the same domain too
Its actually not the domain you need to change, but the "session name" (name of the cookie parameter). Both apps seem to be using the default "phpsessid" and need to be made to differ, otherwise the apps will see eachother sessions, see the wrong session, or try to unserialize classes only defined in the other project.
You need to change the cookie parameter its storing the session ID in. It can be controlled from an environment variable (php.ini, .htaccess, etc.): http://us1.php.net/manual/en/session.configuration.php#ini.session.name
This way you can have multiple PHP sessions on the same domain. For example if you had example.com/sugarcrm and example.com/foo You could have sugarCRM store it's session ID in a cookie param called "sugarsession" (instead of the default phpsessid)
It has been a while since I had this issue but I think all you have to do is write each instances session file to a different directory by editing the config.php in each SugarCRM's file system and change the line
'session_dir' => '',
to point at a different directory.