I have a example.com/login.php file on root domain with this code
header('Access-Control-Allow-Origin: *');
session_set_cookie_params(0, '/', '.example.com');
session_name('lusession');
session_start();
$_SESSION['name'] = $_GET['name'];
$_SESSION['useremail'] = $_GET['useremail'];
$_SESSION['password'] = $_GET['password'];
This file is provided with credentials and it then creates login session. It is called from main domain and subdomains by AJAX.
The problem is it doesnot creat session when called through AJAX, but when opened directly in browser as querystring it creates cross domain session as expected.
Other pages which call it through AJAX have following code in them at start:
session_set_cookie_params(0, '/', '.example.com');
session_name('lusession');
session_start();
If I add following code in login.php it shows in AJAX response that session is created. But that session is not available on pages on same domain and on other subdomains.
echo 'session created for'.$_SESSION['name'];
Inspecting resource shows AJAX call creates session cookie with name 'lusession' as it should.
Access to the session cookie by scripting languages is controlled with the session.cookie_httponly configuration setting. Or you can use the 5th parameter of session_set_cookie_params() if you prefer this.
Well figured it out.
Actualy AJAX calls only send Cookies if the url you're calling is on the same domain as your calling script. Subdomains are considered seperate domains. Though this code creates cross subdomain sessions but AJAX involved is culprit.
As in this case I am trying to call a url from domain.com while my calling script is on sub.domain.com (In other words: I made a Cross Domain Call in which case the browser didn't sent any cookies to protect privacy).
The solution that worked for me is I put login.php file on every subdomain for calls from that subdomain. This way sessions were created, and once a session is created on one subdomain it is available on all subdomains as wanted.
Related
I've this little problem: PHP is not saving the cookie to my (cookie allowing) browser, other sites are fine but this one fails to save the session id in the cookie, ergo an inability to access necessary data.
The index page does a
require("includes/functions.php");
which successfully requires my functions file:
session_name('login');
// Starting the session
$expiretime = 60*60*24;
session_set_cookie_params($expiretime);
// Making the cookie live for 1 day
session_start();
However, the login cookie is not saving (checked via Firebug) and I've no reason why. Thanks for the help
Try displaying the session cookie parameters to make sure they are ok by running after session_start:
var_dump(session_get_cookie_params());
If path (or domain) doesn't match the prefix of your web app path, then you might have to set it explicitly:
session_set_cookie_params($expiretime, '/');
or
session_set_cookie_params($expiretime, '/myapp/');
I was wondering how I would pass something using a session between pages that are in two separate directories. For example, if I had the following code, what would I need to add to make it work?
Page 1: directory\directory1\directory2\Page1.php
session_start();
$_SESSION['example'] = '123';
Page 2: directory\dir1\dir2\Page2.php
session_start();
echo $_SESSION['example'];
Your code should work if these pages are served within the same domain.
You do not have to session_start() in each page. Just write that, in a single file and share that file between the pages you want to hold the session in.
So, if you have page1.php and page2.php and session.php You can create session either in page1.php and check it in page two like: echo var_dump($_SESSION) and vise-versa
First of all, check if session-cookies are properly set. Some problems (e.g. Headers already sent) may cause your session cookie to not be set.
If this is working properly, you may have to change the session cookie parameters via session_set_cookie_params
By setting the second parameter (path) to /, the session cookie is valid for the root of your website and all subdirectories.
Example
session_set_cookie_params(0, '/');
The same settings can also be set in your php.ini or via ini_set(). See Session configuration
Note:
I'm not sure if these settings have any effect if session.autostart is enabled, in which case the cookie-header may already be sent before the changes are made.
I have made a simple website in which user can log in.my problem is when a user enter the address http://www.mysite.com/signin.php and after a successful log in he manually enters the address as http://mysite.com but from that page session variable is not getting. How do I make same session to both www.mysite.com,mysite.com Are there any settings in the php ini file or how do I manage to make same session to both addresses?
if(verify($password,$pw['password']))
{
$uid=$pw['user_id'];
$_SESSION['login_status']=true;
$_SESSION['user']=$uid;
}
i have a page checksession.php
<?php
session_start();
var_dump($_SESSION);
?>
when i login from http://www.mysite.com/signin.php and checking http://www.mysite.com/checksession.php its showing session values but from http://mysite.com/checksession.php it showing nothing.(differance is in address one with www,another without www)
I usually force www. or no www. in my .htaccess file using redirects.
Your problem is probably your PHP_SESS_ID cookie domain not beginning with a "."
session_set_cookie_params ( 3600 , '/', '.example.com');
That should set it.
Add this line before your session_start();:
ini_set('session.cookie_domain', '.mysite.com' );
This should tell PHP to include all subdomains of mysite.com in the same session, including 'www'. Note the period before the domain name.
A different Approach is to use session_start(); inside config.php file and include that file on the top of the code of every page where sessions are required otherwise U will not be able to get the value of SESSION variable..!!
use https:// before the page address call..
i'm having a very weird session problem under php:
(works perfectly locally but not on my internet-server)
the problem:
i'm loading a page - i'm defining a php session via jQuery $.post in an external php script
i'm refreshing the page - session is still there
i'm loading a different page - the session is gone (empty)
there's no unset or anything which might reset/clear the session.
i'm using a global php include for the header which triggers session_start();
any ideas?
thanks
Try setting your cookie parameters to allow the domain to work across subdomains:
$params = session_get_cookie_params();
session_set_cookie_params($params['lifetime'], $params['path'], '.example.org');
Where example.org is your domain name.
Then before printing anything to screen start your session:
session_start();
On every page/resource you wish to be able access session data.
When a user arrives at my site, a session is started for them. There is a point where a child window is spawned using JavaScript on my sites home page.
This child window goes to Twitter site to authenticate the user and it gets redirected back to a script on my site which stores some variables in a SESSION.
I have found out that the PHP script in the child window isn't aware of the session and session_id that is set already and it therefore starts a new session which means the parent window (index.php) can not access those session variables.
I am baffled. What can I do?
Update
Here is my code, but its not my code that is the problem, its the implementation that I am having trouble with.
index.php
<?php session_start(); ?>
oauth.php //child window
<?php session_start();
$_SESSION['screen_name'] = $twitterInfo->screen_name;
$_SESSION['profile_image_url'] = $twitterInfo->profile_image_url;
?>
When child window closes and I use AJAX to check a screen_name like so, it returns a no match as the child window oauth.php is using a different session (id).
<?php session_start();
sleep(1);
if(isset($_SESSION['screen_name'])){
echo 'done';
exit;
}else{
echo session_id().$_SESSION['screen_name'];
exit;
}
?>
If you use the same domain, then PHP should be aware of the session since all cookies are sent back to the domain that set them according to the HTTP specs.
Note that www.domain.com is a different domain then domain.com.
Cookies can also be set for a path on a domain, so make sure the path is the same.
Cookies can also be set for multiple sub domains using *.
If you post the relevant PHP code you have, it will help.