https://github.com/appleboy/CodeIgniter-Native-Session/blob/master/libraries/Session.php
If you run multiple applications on the same site, please modify your_application/config/session.php file line:
// Session namespace
$config['sess_namespace'] = 'your_application_name';
In my setup I run the same application across different sub domains. Does this apply to me? Or is this for multiple applications running on same domain?
It depends on what you have in $config['cookie_domain'].
By default (if you don't specify), php will set the domain to the domain of the current request meaning that the session cookie created for domain.com will be sent to the www.domain.com and every other higher level subdomains too (see the $domain parameter).
If you are using the "main" domain (one segment + tld, ie.: domain.com) you might need to redirect the traffic to a subdomain (like www) before you set any cookies, or you can of course use the sess_namespace setting.
Related
I have a WordPress site on a root domain, using the WordPress API I am pulling in data from a subdomain of the root domain - do I need to add an Access-Control-Allow-Origin-Header matching this subdomain? If so - is there a way to add multiple Access-Control-Allow-Origin-Header's for each subdomain.
Example:
WordPress site: https://www.example.com
Other site https://test.example.com
Do I need to set Access-Control-Allow-Origin-Header of https://test.example.com on https://www.example.com even though it's on the same main domain?
I have obviously tried with and without, and 90% of the time without the request does succeed, but intermittently it fails, so I'd like to understand if it is required or not.
do I need to add an Access-Control-Allow-Origin-Header matching this subdomain?
Yes. A different subdomain is a different hostname so it is a different origin.
is there a way to add multiple Access-Control-Allow-Origin-Header's for each subdomain.
Not as such.
Either:
use * to allow everything or
read the Origin header from the request, check it against a whitelist, then generate the Access-Control-Allow-Origin using the value from the Origin header
I want to automate a process so that my clients can sign up on their own to my application, insert them own domain name and i can map the domain name to their subdomain.
For example, they have a subdomain called mappable.example.com and they have a domain name called mappable.com
I have two questions:
1. How do you create a subdomain for them in php and/or nodejs called mappable.example.com
2. How do you map the domain name to mappable.com
I'm using nginx as a web server. Do I have to use php or nodejs to manually edit the nginx config files?
I'm assuming you own example.com, they own mappable.com, and you want to allow them to use their domain mappable.com to access your subdomain mappable.example.com hosted on your server.
There are a few steps you'll need to do for this.
Set up wildcard DNS with your domain registrar so that all sub-domains will come to your one server.
Set up wildcard domain handling in nginx's conf on your one server so that all requests are sent to your code. You can do this using an underscore as the server name to make it the default server.
In your PHP code, you can check the headers to determine what domain the request is coming in through. Do a dump of $_SERVER to see what's in there. You will then know if the request came to mappable.com, mappable.example.com, etc...
Once you are in PHP with the domain or subdomain that was requested, you can act accordingly. You'll want to store the mapping of domain to subdomain in a database most likely. Additionally, you'll have to tell your users that they need to set up a cname, for example a cname of "mappable.com" to "mappable.example.com".
I think that should do what you need.
I have a website with n number of sub-domains, and one reserved for static content. I need to set up a cookie across all sub-domains except the static sub-domain. My home-page is on a sub-domain-less (domain.lk) manner. It is possible to route it to www.domain.com if necessory
It is more important to keep the static sub-domain cookie free.
I have tried the following line of code before reading cookies
ini_set('session.cookie_domain', 'domain.lk');
and
ini_set('session.cookie_domain', 'www.domain.lk');
That line was present only on dynamic sub-domains. But it didn't work. Cookie was not accessible from different sub-domains.
My static sub-domain is hard coded in to many contents (database records), therefor changing that is not a good option.
There's no means of setting a domain level cookie and making it not visible on given sub-domain. (You will however need to prefix the domain with a period as such...)
ini_set('session.cookie_domain', '.domain.lk');
However, if the static domain doesn't require cookies (or indeed presumably the existence of PHP at all), the fact that this cookie doesn't exist shouldn't be an issue.
That said, you should be able to overcome this using the mod_headers Apache module on the given sub-domain (so that it's not transmitted to the browser client) via...
RequestHeader unset Set-Cookie
I am having a problem over and over where a member is logged into my site using www. and if he accesses a link without www., the session variables don't carry over.
What's the way to make them both access the same place?
Ideal
Your site should reside on one canonical domain. So you should pick either www. or the top level domain and change all your links so that they point to one web address. It would be wise to switch to setting the domain in a configuration and using that to create web addresses across your application - this way you can easily change the URL later if you wish.
If you are running Apache you can also easily redirect traffic from one domain to the other by adding the following to the .htaccess file of your site:
#enforce the use of the www. subdomain on the sites URL
RewriteCond %{HTTP_HOST} !^(www.).*$ [NC]
RewriteRule ^(.*)$ http://www.%{HTTP_HOST}/$1 [R=301,L]
I should also mention that there is a growing movement away from using the www. subdomain as the main "URL" for a site. See: http://no-www.org/index.php
Less ideal
You change the cookie configuration when you set it so that it will work across domains. This is described on the setcookie() manual page with the domain parameter:
The domain that the cookie is available to. Setting the domain to
'www.example.com' will make the cookie available in the www subdomain
and higher subdomains. Cookies available to a lower domain, such as
'example.com' will be available to higher subdomains, such as
'www.example.com'. Older browsers still implementing the deprecated ยป
RFC 2109 may require a leading . to match all subdomains.
The only issue with this is that your site will still be accessible via two URLs.
Solution 1: Set the cookie's domain to the domain name without the www prefix (this way both requests should be sent with the cookie data).
Solution 2: Redirect everyone using the variant without the prefix to the one with the prefix (e.g. using mod_rewrite).
Modify your server configuration to 301 redirect traffic from 'yourdomain.com' to 'www.yourdomain.com'
when some user access the www.* site, redirect then to the other site automatically
Thanks in advance.
I have a local installation of Xampp. My sites are setup as follows. I have my main domain i.e. 'domain' installatiopn directory: C:\xampp\htdocs\domain
Within this i have a subdomain setup i.e. 'subdomain.domain' installation directory: C:\xampp\htdocs\domain\subdomain
The goal of this is to have a single sign on on the main domain site and be able to access the same session data when the user accesses the subdomain site (and thus not have to re-authenticate the user once they have logged into the domain portal site).
I create the session in my domain index.php as follows:
session_set_cookie_params(0, '/', '.3pccap');
session_name('mysessionname');
session_start();
Subdomain index.php
session_name('mysessionname');
session_start();
I've added a var_dump($_SESSION); on each index.php page to confirm what session data is available. Once I log into my main domain, the session if populated with the users data. I then navigate to my subdomain site which also runs a var_dump of the session variable. The variable is displaying as an empty array.
I have attempted setting the session cookie domain within my php.ini file, no change in behaviour.
Any assistance is most appreciated.
You need to make the Session cookie visible for your subdomain (thus, calling the session_set_cookie on both, your domain and your subdomain):
session_set_cookie_params (0, '/', '.domain.com');
session_name('mysessionname');
session_start();
EDIT (From comments, which solved the issue)
A domain hostname should consist of two parts (even for local development), e.g. domain.local instead of domain
When COOKIES are set, there is a parameter that allows you to specify the PATH and DOMAIN, if you set the DOMAIN to "domain.com" and the PATH to "/" this will make the COOKIE available accross all subdomains, some old browsers require the DOMAIN to use a leading dot(.) ".domain.com"...
Checkout the params on this page, session_set_cookie_params also has the DOMAIN and PATH arguments