my sessions only work with a sub-domain, e.g. www. ,and do not work without that sub-domain.
For example, when a user is logged in.
If the address is not on the sub-domain. Typing does not logged in.
I set session cookie_domain but it did not work.
// I do not want to redirect by htaccess Because sub-domains Both have the same problem
If you want the php session to work all your subdomains, you must change cookie_domain option. Type this to top of your script:
ini_set('session.cookie_domain', '.example.com' );
www.domain.com and domain.com are NOT the same website. They are the mirror copy of each other
For this reason, cookies set on domain.com will NOT be used on www.domain.com and vice-verse, because it would be unsafe to assume they are the same thing.
You can override this behavior to some extent by allowing the session cookie to work on all subdomains as well as the main domain by setting the php.ini setting session.cookie_domain to .domain.com
i solved this probem use this code
session_name("name");
ini_set ("session.cookie_domain", '.domain.com') ;
session_set_cookie_params(0, '/', '.domain.com');
session_start();
Related
I am on Windows 7 using WAMP, and I am trying to share the PHPSESSID across subdomains.
In my code I set: ini_set('session.cookie_domain', '.web.local');
When I go to test.web.local I get a different PHPSESSID than web.local
I want to be able to share the PHPSESSID in $_COOKIE accross the subdomains.
What am I doing wrong?
Also running Wildcard based subdomains via Acrylic DNS Proxy custom hosts file.
Another thing, if I echo phpinfo() on both domains, the session.cookie_domain directive has the same value on both.
I believe you need to use session_set_cookie_params to share session across subdomain and you use need to use it on every pages (use it on main domain and subdomain). For example:
session_set_cookie_params(0, '/', '.web.local');
session_start();
Noted that you need to use it before session_start(). For more information. Read the session_set_cookie_params documentation here.
I have a script encoded with ironcube and when I login into that script it creates a session for the domain with the www. only. So if i enter mydomain.com the session changes and I cant access session variables for WWW.mydomain.com.
I would have added the appropriate script so it creates a session for both with the www. and without but the script is encoded with ironcube.
So my problem is, I need to access sessions created with the WWW.mydomain.com from mydomain.com.
Any assistance would be appreciated :)
That is a security measure implemented by browsers to prevent cookie stealing.
The workaround, is to set the cookie for the top-level-domain.
If you have domains www.example.com and example.com use the following code in the beginning of your PHP files.
ini_set('session.cookie_domain', '.example.com');
Session is the wrong term. What you are referring to are cookies. You need to set the cookie so that its on the domain .mydomain.com
Write another script that runs in the www domain that will take the value of the cookie and write it toeaanother cookie in the domain.com so that your scripts there can access it.
I have a website. People can login it on here
sub.domain.com
If they login here, the session will do its job and user will be logged in. On any page at sub.domain.com, the session value be will returned so it will work fine.
But site can also be reached from www.sub.domain.com . When user logins at sub.domain.com, the session value is empty at www.sub.domain.com.
I mean if user logs in at sub.domain.com,
When he navigates to www.sub.domain.com, site will say 'please login', but user was already logged in at site without 'www'.
Hope it was all clear, thank you.
Add in your main script at the top, before session_start.
ini_set('session.cookie_domain', '.domain.com' );
If you running PHP with suhosin enabled, try disabling there settings too
ini_set("suhosin.session.cryptdocroot", "Off");
ini_set("suhosin.cookie.cryptdocroot", "Off");
Source PHP bug tracker
Thanks to #RandomDave
You could dynamically determine the domain from $_SERVER['HTTP_HOST'] so you don't have to hard-code the domain name
ini_set('session.cookie_domain', strtolower(substr($_SERVER['HTTP_HOST'], 0, 4)) == 'www.' ? substr($_SERVER['HTTP_HOST'], 3) : '.'.$_SERVER['HTTP_HOST'] );
Set the cookie_domain for your session.
ini_set('session.cookie_domain', '.domain.com' );
Or change this setting in your php.ini.
PHP Sessions use cookies to store the session identifier, if you're browsing over www. that is where the cookie will be set.
You can alleviate this issue by setting the session cookie domain prefixed with a dot, which will act essentially as a wildcard for *.domain.com by using .domain.com. You do this with session_set_cookie_params like so:
session_set_cookie_params(0, '/', '.domain.com');
A safer example would use session_get_cookie_params and re-pass the other values back in. Even better, you could modify the php.ini on your server to set session.cookie_domain value to be .domain.com (you could also use ini_set for this).
You can also add a .htaccess at the root of your site like
RewriteEngine on
RewriteBase /
RewriteCond %{HTTP_HOST} ^sub\.domain\.com
RewriteRule ^(.*)$ http://www.sub.domain.com$1 [R=permanent,L]
Thanks in advance.
I have a local installation of Xampp. My sites are setup as follows. I have my main domain i.e. 'domain' installatiopn directory: C:\xampp\htdocs\domain
Within this i have a subdomain setup i.e. 'subdomain.domain' installation directory: C:\xampp\htdocs\domain\subdomain
The goal of this is to have a single sign on on the main domain site and be able to access the same session data when the user accesses the subdomain site (and thus not have to re-authenticate the user once they have logged into the domain portal site).
I create the session in my domain index.php as follows:
session_set_cookie_params(0, '/', '.3pccap');
session_name('mysessionname');
session_start();
Subdomain index.php
session_name('mysessionname');
session_start();
I've added a var_dump($_SESSION); on each index.php page to confirm what session data is available. Once I log into my main domain, the session if populated with the users data. I then navigate to my subdomain site which also runs a var_dump of the session variable. The variable is displaying as an empty array.
I have attempted setting the session cookie domain within my php.ini file, no change in behaviour.
Any assistance is most appreciated.
You need to make the Session cookie visible for your subdomain (thus, calling the session_set_cookie on both, your domain and your subdomain):
session_set_cookie_params (0, '/', '.domain.com');
session_name('mysessionname');
session_start();
EDIT (From comments, which solved the issue)
A domain hostname should consist of two parts (even for local development), e.g. domain.local instead of domain
When COOKIES are set, there is a parameter that allows you to specify the PATH and DOMAIN, if you set the DOMAIN to "domain.com" and the PATH to "/" this will make the COOKIE available accross all subdomains, some old browsers require the DOMAIN to use a leading dot(.) ".domain.com"...
Checkout the params on this page, session_set_cookie_params also has the DOMAIN and PATH arguments
There is a website with several subdomains.
On the main subdomain cookies are set:
#setcookie( $name, $value, $expires, '/', '.www.mysite.com');
I can see the cookie on www.mysite.com and sub1.mysite.com.
The directories are:
www.mysite.com: public/index.php
sub1.mysite.com: public/sub1/index.php
How can that be possible that I can't see it in the new subdomain sub2.mysite.com?
sub2.mysite.com public/sub2/index.php
Setting the domain to 'www.example.com' or '.www.example.com' will
make the cookie only available in the www subdomain.
If you want to make the cookie available on all subdomains of example.com (including example.com itself) then you'd set it to '.example.com'.
make sure the path is set to / so it works for the whole site, otherwise it might not work for sub directories on your site
Using # is not a wise act in general but using it in front of setcookie() is exceptionally unwise, if not to say a stronger word.
Subdomain should be set to .mysite.com'
path should be set, not omitted. If you want to have access to the cookie in any directory, set path to /.
Nevertheless, the reason can be any. One have to debug their code, not asking for the possible reasons.