I'm running into an issue where I can't set a cookie on an AWS EC2 instance running LAMP.
I have two simple pages, cookie.php and show_cookie.php:
cookie.php
<?php
setcookie('test', 'test', time()+36000, '/');
?>
show me the cookies!
show_cookie.php
<?php
print_r($_COOKIE);
?>
go back
When I navigate to cookie.php in Chrome and click on the link, the page echoes an empty array. Also, if I inspect Cookies, there's nothing there.
I'm running PHP 7.0.16 with Apache/2.4.25 (Amazon). This is such strange behavior. Has anyone run into something similar to point me in the right direction?
In all my experience with cookies I've always included $_SERVER['SERVER_NAME'] as a fifth argument. I don't believe you have to define $_Server. I believe it's defined during execution. If not you may have to define it as your domain or IP address.
setcookie("userid",$global['user-id'],time()+3600*2,'/',$_SERVER['SERVER_NAME']);
This is a link to the PHP guide for $_Cookies.
http://php.net/manual/en/function.setcookie.php
This is a link to the PHP guide for $_Server. http://php.net/manual/en/reserved.variables.server.php
Domain:
The (sub)domain that the cookie is available to. Setting this to a
subdomain (such as 'www.example.com') will make the cookie available
to that subdomain and all other sub-domains of it (i.e.
w2.www.example.com). To make the cookie available to the whole domain
(including all subdomains of it), simply set the value to the domain
name ('example.com', in this case).
Related
I want to make a session on a subdomain, and then access it from my main domain. I have read many threads regarding the same problem but none of the answers work for me.
I have a VPS from Dreamhost, and I have sat the following line into phprc on both domains (phprc is added to php.ini, dreamhost way of editing php.ini) session.cookie_domain = ".MAINDOMAIN.com" where .MAINDOMAIN.com is referring to my domain name. This was the working solution here: Sharing SESSION Variables Between Multiple Subdomains
I have then made a php file I call test.php on both login.DOMAIN.com and DOMAIN.com
On login.DOMAIN.com/test.php I have the following code:
session_start();
$_SESSION['test'] = "Works";
print_r($_SESSION);
The output when I navigate to the file:
Array ( [test] => Works )
After visiting that page I Then go to DOMAIN.com/test.php where the code is:
session_start();
print_r($_SESSION);
And the output is:
Array ( )
I have seen other threads like this: Allow PHP sessions to carry over to subdomains with 4 different options to set the php.ini line (Directly in php.ini, in .htaccess, in the script, and finally php-fpm pool configuration) and I have tried them all with the exception of the last one with php-fpm pool configuration
I have also tried to set this line on top of my php files, before session_start:
session_set_cookie_params(0,"/",".MAINDOMAIN.com",FALSE,FALSE);
And this on top of that:
session_name('mysession');
But nothing works
I have also checked with HTTP Header Live for FF which domain the cookie is set for as the answer here: Why can't I pass user sessions between subdomains? and the string of Set-Cookie is:
Set-Cookie: PHPSESSID=9Q%2Cfrhr747fferf4700; path=/
There is no mention of what domain? What am I doing wrong? Any ideas?
Maybe this is more of a work around but...
if you're not passing any private information you could pass the information from the sub domain to domain with $_GET's then use a page (getsession.php) on the domain to turn the $_GET's to $_SESSION's and redirect back to index of the domain to remove the $_GET's from url.
It is a limitation on Dremhost managed VPS, that don't allow sharing php sessions between virtual hosts (Subdomains). I have switched to another provider and everything works
i have some questions about the PHP Sessions i couldnd figure out with the pages i found.
But first some general information, i want to create multiple subdomains on one server,
sub1.domain.com --> 10.10.10.10 (Sample IP of the Server)
sub2.domain.com --> 10.10.10.10 (Sample IP of the Server)
sub3.domain.com --> 10.10.10.10 (Sample IP of the Server)
all of this subdomains will work with the same files but they need to have their own sessions, for example if i am logged in on sub1 and i open sub2 i need to be logged out for this subdomain.
Can someone explain me how this may work?
How does this work with multiple servers (round robin dns for example), does all servers know the session of for example sub1?
By default, PHP uses the 'PHPSESSID' cookie to propagate session data across multiple pages, and by default it uses the current top-level domain and subdomain in the cookie declaration.
Example: www.domain.com
The downside to this is that the session data can't travel with you to other subdomains. So if you started a session on www.domain.com, the session data would become unavailable on forums.domain.com. The solution is to change the domain PHP uses when it sets the 'PHPSESSID' cookie.
Assuming you have an init file that you include at the top of every PHP page, you can use the ini_set() function. Just add this to the top of your init page:
ini_set('session.cookie_domain', substr($_SERVER['SERVER_NAME'], strpos($_SERVER['SERVER_NAME'],"."), 100));
This line of code takes the domain and lops off the subdomain.
Example: forums.domain.com -> .domain.com
Now, every time PHP sets the 'PHPSESSID' cookie, the cookie will be available to all subdomains!
you need to
ini_set("session.cookie_domain", ".mydomain.com");
add it before the session.start() function on any page which creates the session cookie.
Or, you can add:
session.cookie_domain = .mydomain.com
to php.ini
Make sure you've cleared your cookies before you try that.
We are having some issues with PHP Session Cookies not allowing us to log into our *SugarCRM** application which is open source PHP application.
The problem is we have the same application installed on 2 sub-domains like below...
Main site
www.domain.com
Dev site
dev.www.domain.com
Now after logging into one, it will not allow you to login to the other!
Please view the image below to see the Cookie problem...
In the image above you can see that there is 2 PHPSESSID Cookies competing for the Session!
If I now delete one of them, it allows me to login as normal without an issue!
Because this is SugarCRM, I am hoping I can resolve this issue without making really any core file modifications to the application. But if I have to, then we will.
So does anyone have any ideas on a good solution?
Right now my idea for a "Nasty Dirty Hack" which I really do NOT want to have to do. It is to make a button on the login form, this button will use JavaScript to clear/delete the PHPSESSID Cookies but again I would really like to find a proper solution.
If anyone has any ideas, please share? Thank you
UPDATE
Thanks for the answers so far. Please do take into acocunt that this is not a simple PHP application that I built where I can easily do code changes. THis is SugarCRM which is a massive large application with thousands of files
Try to setup in .htaccess parameter on subdomain
php_value session.cookie_domain .domain.com
or use in php code, but before "session_start()"
ini_set('session.cookie_domain', '.domain.com' );
Use
session_set_cookie_params
to set the session from the subdomain, on the principal domain.
Try to use function (http://php.net/manual/en/function.session-set-cookie-params.php):
session_set_cookie_params ( $lifetime, $path, $domain, $secure, $httponly)
And set one $domain = '.domain.com'
Or if you setting session cookie manually by setcookie, then setting the same domain too
Its actually not the domain you need to change, but the "session name" (name of the cookie parameter). Both apps seem to be using the default "phpsessid" and need to be made to differ, otherwise the apps will see eachother sessions, see the wrong session, or try to unserialize classes only defined in the other project.
You need to change the cookie parameter its storing the session ID in. It can be controlled from an environment variable (php.ini, .htaccess, etc.): http://us1.php.net/manual/en/session.configuration.php#ini.session.name
This way you can have multiple PHP sessions on the same domain. For example if you had example.com/sugarcrm and example.com/foo You could have sugarCRM store it's session ID in a cookie param called "sugarsession" (instead of the default phpsessid)
It has been a while since I had this issue but I think all you have to do is write each instances session file to a different directory by editing the config.php in each SugarCRM's file system and change the line
'session_dir' => '',
to point at a different directory.
I am facing a strange scenario. basically on my every web page i am doing
session_start();
if(!isset($_SESSION['login']))
header("Location: login.php");
to ensure every user has logged in first. I am working in chrome and what happens is if I login to my web application and open any page it works fine. At the same time if, in another tab, I login to my hosting server, I am logged out of my web application. If I login to my application again, I am logged out of my hosting server!!
What am I doing wrong? is there a problem the way I am checking or setting the session variable?
I am setting the session as follows:
//if authentication successful
session_start();
$_SESSION['login'] = "1";
I have a very similar problem, and I think this happens just because two sessions with the same name, in the same place of the same domain can't coexist.
Maybe a solution should be to use session cookies. You can set a cookie just for a folder and not for the whole domain. This way I think you can manage 2 sessions at the same time, but I'm not sure.
Try this:
session_start();
setcookie(session_name(), session_id(), 0, '/public/');
Where /public/ might be the specific folder where your site is located, or the application path (thanks Paul for pointing out this).
Then you will check if session is set:
$session_cookie =
isset($_COOKIE[ini_get('session.name')]) ?
$_COOKIE[ini_get('session.name')] :
null;
Probably this won't work, since the other session might be "stored" in the root folder of your web application. But if you are able to do the thing above also for your hosting server, you should resolve your problem.
You can also try to set a different name for the session in your web application.
Hope this helps.
I think you'll find the cause is that both hosts have the same network name e.g. test.www.example.com and www.example.com
Just use a different network name for the test machine and it should work or make sure you explicitly use non-overlapping values for session.cookie_domain
I am developing a site on my localhost, where everything works fine, but now that the site is uploaded to the HTTPS side of our inserted ONLINE /inserted server, the $_SESSION variables don't get carried over from the login.php to the index.php page. Both are located on HTTPS, the process never goes out of HTTPS. As I said, everything worked fine on my localhost.
My localhost's PHP is version 5.3.2 and the HTTPS server is 5.2.6. The only difference in settings I can identify regarding sessions is session.use_only_cookies is On on my localhost and Off on the HTTPS server.
Can anyone please shed some light as to why the session variables are not transferred? PS. I do have session_start(); in both login.php and index.php.
Thanks in advance.
Have you checked that the session cookie is carried over between the HTTP and HTTPS requests? And that the same session token is present on both sides?
If the cookie established via the HTTPS page is marked as "secure only", it will not be transmitted to non-SSL pages, so you'd get a brand new empty session on the non-secure pages, which would give you the symptoms of "missing" session variables. They're not really missing, just in some other session which isn't active now.
There are a few things that can go wrong.
Make sure both login.php and index.php are accessed through https. session.cookie_secure defaults to off, but you never know.
Also make sure they are they both on the same domain. Cookies are set per-domain.
Maybe there is some oddball cookie setting? You can view the current session cookie settings with: session_get_cookie_params()
You can also verify how the cookie is being set in your browser (if at all), for Opera you can right-click in the page, select "edit site preferences", and use the "Cookie" tab. Don't know about other browsers from the top of my head ...
Another possibility is a borked session.save_path, run session_save_path() without any arguments to get the current session_save_path, make sure the user running PHP (typically but not necessarily the same user running the webserver) can write to this directory.