I've 1 domain and created 1 sub domain from main domian says www.example.com and dev.example.com. www.example.com is production domain and dev.example.com is development environment.
I've then clone 2 projects from a same repo but put them in different folder. In www.example.com folder .env file, i've set the domain session to example.com. It means in browser when i access from www.example.com or example.com it will be able to share the domain. In dev.example.com, the session_domain i've set is dev.example.com.
Now the problem i've faced is, when i visit www.example.com it will generates a laravel_session domain name of .example.com. with the dot infront it seems like it can be share to sub domain. When i visit to dev.example.com and login with facebook, it seems like it will looks for the .example.com domain session instead of the session created in dev.example.com.
if i delete the laravel_session in www.example.com im able to login with facebook in my dev.example.com or i clear all the cookies/sessions and i'm also able to login with facebook in my dev.example.com.
What i need to do to not make it share the session in sub domian ? And if i put not to share, can the domain be shared when user key in example.com and www.example.com in their browser?
And when it hit invalidstateException when login with facebook, it can be solved by clear all cookie/session. But i think it's not right to ask user to clear cookie browser by themselves. Is there any solution for this?
You just need to use a differently named session cookie in dev.example.com.
if ( $_SERVER['HTTP_HOST'] === 'dev.example.com' )
{
//The default session name is PHPSESSID,
//so if we use a different one, they don't collide.
session_name('DEVSESSIONID');
}
session_start();
Related
I am having a problem with SetCookie. I have two different PHP websites hosted on two subdomains, site1.myweb.com and site2.myweb.com. I want to set a cookie on the domain site2 from site1. And this cookie should only be able to access by site2 and not any other subdomains like site3 or site4.
But when I use setcookie function in PHP from site1 with domain set to site2.myweb.com, the cookie is not set on the browser (but the response contains the cookie). The browser gives an error saying This attempt to set a cookie via a set-cookie header was blocked because its domain attribute was invalid with regards to the current host url.
Can somebody please tell me if this is possible to do?
We have a website www.example.com that use some cookies.
And we have a copy of this website in a subfolder like these:
www.example.com:8000/test/
The copy of this subfolder is for testing.
We create the cookies like this (for example) in the domain and in the subfolder:
setcookie("name", "value", time() + 1800);
And when we navigate into domain and subfolder on different tabs into the same navigator we have conflict between cookies because we have the same cookies in both.
I think that we can do this in the subfolder:
setcookie("name", "value", time() + 1800, "test", "www.example.com:8000");
To my knowledge this creates only the cookies in the subfolder and one part of the problem would be solved.
But, to my knowledge, when we create a cookie in the root of the domain, this cookie is also available in the subfolders... then the problem will continue...
Anyone knows how can I define a cookie only for the root folder of the domain?
Thanks a lot.
You can't
Cookies are strongly connected with website. A domain to be specific. And that's why they are great and powerfull. Any cookie defined anywhere within www.example.com will be accessible in any page on this domain. But on the www.blog.example.com however, that cookie will not be accessible, as subdomains are technically separate domains/websites. Folders and subdirectiories are not.
Using subfolder allows you to set cookie to more deep parts of website. But you cannot limit cookie to root only.
How to help you
Use different names for your cookies.
I'm building an app on my localhost. When I login via one subdomain, (e.g. sub.localhost/) I need to access that logged-in user with Auth:: in all other subdomains of my application (e.g. sub2.localhost/, sub3.localhost/).
I made the change as this post suggests in config/session.php:
'domain' => '.localhost/',
No beans. In fact now I can't log in at all. Does this only work with a non-localhost domain? That would suck.
Did you try with only .localhost instead of .localhost/
if it is still doesn't work you can create an other host pointing to 127.0.0.1 : edit the /etc/hosts or Windows\System32\drivers\etc\hosts to set an other hostname for example : 127.0.0.1 host.loc
Thanks in advance.
I have a local installation of Xampp. My sites are setup as follows. I have my main domain i.e. 'domain' installatiopn directory: C:\xampp\htdocs\domain
Within this i have a subdomain setup i.e. 'subdomain.domain' installation directory: C:\xampp\htdocs\domain\subdomain
The goal of this is to have a single sign on on the main domain site and be able to access the same session data when the user accesses the subdomain site (and thus not have to re-authenticate the user once they have logged into the domain portal site).
I create the session in my domain index.php as follows:
session_set_cookie_params(0, '/', '.3pccap');
session_name('mysessionname');
session_start();
Subdomain index.php
session_name('mysessionname');
session_start();
I've added a var_dump($_SESSION); on each index.php page to confirm what session data is available. Once I log into my main domain, the session if populated with the users data. I then navigate to my subdomain site which also runs a var_dump of the session variable. The variable is displaying as an empty array.
I have attempted setting the session cookie domain within my php.ini file, no change in behaviour.
Any assistance is most appreciated.
You need to make the Session cookie visible for your subdomain (thus, calling the session_set_cookie on both, your domain and your subdomain):
session_set_cookie_params (0, '/', '.domain.com');
session_name('mysessionname');
session_start();
EDIT (From comments, which solved the issue)
A domain hostname should consist of two parts (even for local development), e.g. domain.local instead of domain
When COOKIES are set, there is a parameter that allows you to specify the PATH and DOMAIN, if you set the DOMAIN to "domain.com" and the PATH to "/" this will make the COOKIE available accross all subdomains, some old browsers require the DOMAIN to use a leading dot(.) ".domain.com"...
Checkout the params on this page, session_set_cookie_params also has the DOMAIN and PATH arguments
I have a website www.example.com
When a user logs in when he visits http://example.com and then when he browses http://www.example.com, he is shown as NOT logged in. I think the reason is that the cookies set when he visited http://example are not being sent to the server when the same user visits http://www.example.com
I want the user to be shown as logged in in both of the sites if he logs in any one of the sites. I have a mobile site also http://m.example.com. I want the user to be shown as logged in here also.
I am using PHP and Zend Framework for my web application.
Try setting the cookie domain (5th arg of set_cookie) to ".example.com".
http://php.net/set_cookie
The domain that the cookie is
available to. To make the cookie
available on all subdomains of
example.com (including example.com
itself) then you'd set it to
'.example.com'. Although some browsers
will accept cookies without the
initial ., ยป RFC 2109 requires it to
be included. Setting the domain to
'www.example.com' or
'.www.example.com' will make the
cookie only available in the www
subdomain.
Hope this helps!
set it in php.ini
session.cookie_domain = .example.com
OR
ini_set("session.cookie_domain", ".example.com");
This will alive session in sub domain also.