i have some questions about the PHP Sessions i couldnd figure out with the pages i found.
But first some general information, i want to create multiple subdomains on one server,
sub1.domain.com --> 10.10.10.10 (Sample IP of the Server)
sub2.domain.com --> 10.10.10.10 (Sample IP of the Server)
sub3.domain.com --> 10.10.10.10 (Sample IP of the Server)
all of this subdomains will work with the same files but they need to have their own sessions, for example if i am logged in on sub1 and i open sub2 i need to be logged out for this subdomain.
Can someone explain me how this may work?
How does this work with multiple servers (round robin dns for example), does all servers know the session of for example sub1?
By default, PHP uses the 'PHPSESSID' cookie to propagate session data across multiple pages, and by default it uses the current top-level domain and subdomain in the cookie declaration.
Example: www.domain.com
The downside to this is that the session data can't travel with you to other subdomains. So if you started a session on www.domain.com, the session data would become unavailable on forums.domain.com. The solution is to change the domain PHP uses when it sets the 'PHPSESSID' cookie.
Assuming you have an init file that you include at the top of every PHP page, you can use the ini_set() function. Just add this to the top of your init page:
ini_set('session.cookie_domain', substr($_SERVER['SERVER_NAME'], strpos($_SERVER['SERVER_NAME'],"."), 100));
This line of code takes the domain and lops off the subdomain.
Example: forums.domain.com -> .domain.com
Now, every time PHP sets the 'PHPSESSID' cookie, the cookie will be available to all subdomains!
you need to
ini_set("session.cookie_domain", ".mydomain.com");
add it before the session.start() function on any page which creates the session cookie.
Or, you can add:
session.cookie_domain = .mydomain.com
to php.ini
Make sure you've cleared your cookies before you try that.
Related
I want to make a session on a subdomain, and then access it from my main domain. I have read many threads regarding the same problem but none of the answers work for me.
I have a VPS from Dreamhost, and I have sat the following line into phprc on both domains (phprc is added to php.ini, dreamhost way of editing php.ini) session.cookie_domain = ".MAINDOMAIN.com" where .MAINDOMAIN.com is referring to my domain name. This was the working solution here: Sharing SESSION Variables Between Multiple Subdomains
I have then made a php file I call test.php on both login.DOMAIN.com and DOMAIN.com
On login.DOMAIN.com/test.php I have the following code:
session_start();
$_SESSION['test'] = "Works";
print_r($_SESSION);
The output when I navigate to the file:
Array ( [test] => Works )
After visiting that page I Then go to DOMAIN.com/test.php where the code is:
session_start();
print_r($_SESSION);
And the output is:
Array ( )
I have seen other threads like this: Allow PHP sessions to carry over to subdomains with 4 different options to set the php.ini line (Directly in php.ini, in .htaccess, in the script, and finally php-fpm pool configuration) and I have tried them all with the exception of the last one with php-fpm pool configuration
I have also tried to set this line on top of my php files, before session_start:
session_set_cookie_params(0,"/",".MAINDOMAIN.com",FALSE,FALSE);
And this on top of that:
session_name('mysession');
But nothing works
I have also checked with HTTP Header Live for FF which domain the cookie is set for as the answer here: Why can't I pass user sessions between subdomains? and the string of Set-Cookie is:
Set-Cookie: PHPSESSID=9Q%2Cfrhr747fferf4700; path=/
There is no mention of what domain? What am I doing wrong? Any ideas?
Maybe this is more of a work around but...
if you're not passing any private information you could pass the information from the sub domain to domain with $_GET's then use a page (getsession.php) on the domain to turn the $_GET's to $_SESSION's and redirect back to index of the domain to remove the $_GET's from url.
It is a limitation on Dremhost managed VPS, that don't allow sharing php sessions between virtual hosts (Subdomains). I have switched to another provider and everything works
I'm running into an issue where I can't set a cookie on an AWS EC2 instance running LAMP.
I have two simple pages, cookie.php and show_cookie.php:
cookie.php
<?php
setcookie('test', 'test', time()+36000, '/');
?>
show me the cookies!
show_cookie.php
<?php
print_r($_COOKIE);
?>
go back
When I navigate to cookie.php in Chrome and click on the link, the page echoes an empty array. Also, if I inspect Cookies, there's nothing there.
I'm running PHP 7.0.16 with Apache/2.4.25 (Amazon). This is such strange behavior. Has anyone run into something similar to point me in the right direction?
In all my experience with cookies I've always included $_SERVER['SERVER_NAME'] as a fifth argument. I don't believe you have to define $_Server. I believe it's defined during execution. If not you may have to define it as your domain or IP address.
setcookie("userid",$global['user-id'],time()+3600*2,'/',$_SERVER['SERVER_NAME']);
This is a link to the PHP guide for $_Cookies.
http://php.net/manual/en/function.setcookie.php
This is a link to the PHP guide for $_Server. http://php.net/manual/en/reserved.variables.server.php
Domain:
The (sub)domain that the cookie is available to. Setting this to a
subdomain (such as 'www.example.com') will make the cookie available
to that subdomain and all other sub-domains of it (i.e.
w2.www.example.com). To make the cookie available to the whole domain
(including all subdomains of it), simply set the value to the domain
name ('example.com', in this case).
I'm developping this website where each subdomain is a service, I wanted the user accounts to work on ever subdomains and users not having to relog everytime they switch from a subdomain to another so I'm using this code:
session_name("login");
session_set_cookie_params(0, '/', '.my_domain.com');
session_start();
It works very well, now my problem is with the keep alive, since some subdomains host single page applications, I have to do ajax calls to keep the PHP session alive, instead of putting a keep_alive.php file per subdomains (which would be the exact same file) I'm trying to use a single keep_alive.php file on one subdomain and do all the ajax calls on this file.
The problem is it doesn't work when the call is made from a different subdomain.
Example:
My keep_alive.php file is hosted on static.my_domain.com
If I try to call it from pics.my_domain.com it says $_SESSION isn't set, but if I call it from static.my_domain.com it works.
My .htaccess file already accepts Access-Control-Allow-Origin from other subdomains.
I'm kind of stuck.
It it possible or my only solution is to copy the keep_alive.php file for each subdomain / create a symlink?
I have a php application in the domain "subdomain.example.com" and I need to set a cookie that is also readable by "subdomain2.example.com".
So I tried making a cookie using the setcookie() function using the domain ".example.com", but it refuses to make the cookie. There are no error messages or anything, but when I try to print out the $_COOKIE global, the cookie I'm trying to generate is not there nor can I find it when I search through the cookies in the browser.
I have already modified the php.ini file to contain the line
session.cookie_domain = ".example.com"
If it helps, I am running this off an Apache 2 web server.
We are having some issues with PHP Session Cookies not allowing us to log into our *SugarCRM** application which is open source PHP application.
The problem is we have the same application installed on 2 sub-domains like below...
Main site
www.domain.com
Dev site
dev.www.domain.com
Now after logging into one, it will not allow you to login to the other!
Please view the image below to see the Cookie problem...
In the image above you can see that there is 2 PHPSESSID Cookies competing for the Session!
If I now delete one of them, it allows me to login as normal without an issue!
Because this is SugarCRM, I am hoping I can resolve this issue without making really any core file modifications to the application. But if I have to, then we will.
So does anyone have any ideas on a good solution?
Right now my idea for a "Nasty Dirty Hack" which I really do NOT want to have to do. It is to make a button on the login form, this button will use JavaScript to clear/delete the PHPSESSID Cookies but again I would really like to find a proper solution.
If anyone has any ideas, please share? Thank you
UPDATE
Thanks for the answers so far. Please do take into acocunt that this is not a simple PHP application that I built where I can easily do code changes. THis is SugarCRM which is a massive large application with thousands of files
Try to setup in .htaccess parameter on subdomain
php_value session.cookie_domain .domain.com
or use in php code, but before "session_start()"
ini_set('session.cookie_domain', '.domain.com' );
Use
session_set_cookie_params
to set the session from the subdomain, on the principal domain.
Try to use function (http://php.net/manual/en/function.session-set-cookie-params.php):
session_set_cookie_params ( $lifetime, $path, $domain, $secure, $httponly)
And set one $domain = '.domain.com'
Or if you setting session cookie manually by setcookie, then setting the same domain too
Its actually not the domain you need to change, but the "session name" (name of the cookie parameter). Both apps seem to be using the default "phpsessid" and need to be made to differ, otherwise the apps will see eachother sessions, see the wrong session, or try to unserialize classes only defined in the other project.
You need to change the cookie parameter its storing the session ID in. It can be controlled from an environment variable (php.ini, .htaccess, etc.): http://us1.php.net/manual/en/session.configuration.php#ini.session.name
This way you can have multiple PHP sessions on the same domain. For example if you had example.com/sugarcrm and example.com/foo You could have sugarCRM store it's session ID in a cookie param called "sugarsession" (instead of the default phpsessid)
It has been a while since I had this issue but I think all you have to do is write each instances session file to a different directory by editing the config.php in each SugarCRM's file system and change the line
'session_dir' => '',
to point at a different directory.