So this has been asked a few times before, and my problem seems to be of a little different character.
Two domains:
x.y.com
z.y.com
I want to share sessions, so I do this on both sites:
session_name("shared");
session_set_cookie_params(0, '/', '.hojio.com'); <--- i have experiemented with many versions of this, nothing seems to change much
session_save_path("XX");
session_start();
When I do a print_r($_COOKIE) it gives me:
[shared] => gpppai72ukd0fnoesca08g5vk4
(on both sites)
So it has the same session_id across sites. But when i put a variable on one site, the other site will, on load, remove it from the session file.
Why is the information not kept, when it obviously looks into the same session file on the server?
I tried replicating on a windows localhost - and it works perfectly fine, apache on ubuntu. Not.
Soren
Related
I have a script for a little chat feature, it uses a single session for everyone. Everything looks weird in this code, but I'm allowed to just edit it not recreate it.
The script tries to open this weird "single session for everyone" using code below:
$name='PREFIX-'.md5(home_url());
session_id($name);
session_name($name);
session_start();
Everything looks fine on localhost (XAMPP, Windows, PHP 7.2.5), but when I tried to use it on shared hosting server (Linux, PHP 7.1.18) the session is saved with various names and I can't read it anymore using same $name.
I've printed everything in ini_get( 'session.save_path') with print_r(scandir($dir)) but there is nothing like sess_PREFIX-* there and the save_path folder is growing by page refresh 3 files every time.
One of my friends pointed out this which fixed my problem with random session_id.
I have a problem with Chrome and sessions...
I'm using Kohana Framework for PHP.
I manage sessions with the Auth module using the native driver.
My problem is that when i login with Chrome everything is fine, it creates the cookie and I can see the session data if I do var_dump($_SESSION) or var_dump(Session::instance()), but when I go to another page my session data is lost.
I can see the cookie in the developer tools and I see that it doesn't change it's value, but if I do var_dump($_SESSION) or var_dump(Session::instance) it has lost the session data.
I changed the cookie lifetime, the $salt, y defined the domain and I tested with Cookie::$domain = FALSE, Cookie::$domain = NULL, Cookie::$domain = '.localhost', Cookie::$domain = '.ipadress' and without Cookie::$domain.... and I can't get it to work.
Everything works as expected in Firefox and Internet Explorer.
Solved.
It was the missing favicon problem... (Chrome looks for a favicon and if it doesn't find it, the session data dissapears).
The solution was to put a favicon in the root folder of the project.
Strange problem... but finally solved.
Hmm, it could also be a domain Issue, if you can, try to reach you site with 127.0.0.1 instead of localhost.. If you have multiple sites and you have defined them in the hosts file like this:
site1.local localhost
...
try to change it to the local IP
site1.local 127.0.0.1
...
It's a try worth ;)
We are having some issues with PHP Session Cookies not allowing us to log into our *SugarCRM** application which is open source PHP application.
The problem is we have the same application installed on 2 sub-domains like below...
Main site
www.domain.com
Dev site
dev.www.domain.com
Now after logging into one, it will not allow you to login to the other!
Please view the image below to see the Cookie problem...
In the image above you can see that there is 2 PHPSESSID Cookies competing for the Session!
If I now delete one of them, it allows me to login as normal without an issue!
Because this is SugarCRM, I am hoping I can resolve this issue without making really any core file modifications to the application. But if I have to, then we will.
So does anyone have any ideas on a good solution?
Right now my idea for a "Nasty Dirty Hack" which I really do NOT want to have to do. It is to make a button on the login form, this button will use JavaScript to clear/delete the PHPSESSID Cookies but again I would really like to find a proper solution.
If anyone has any ideas, please share? Thank you
UPDATE
Thanks for the answers so far. Please do take into acocunt that this is not a simple PHP application that I built where I can easily do code changes. THis is SugarCRM which is a massive large application with thousands of files
Try to setup in .htaccess parameter on subdomain
php_value session.cookie_domain .domain.com
or use in php code, but before "session_start()"
ini_set('session.cookie_domain', '.domain.com' );
Use
session_set_cookie_params
to set the session from the subdomain, on the principal domain.
Try to use function (http://php.net/manual/en/function.session-set-cookie-params.php):
session_set_cookie_params ( $lifetime, $path, $domain, $secure, $httponly)
And set one $domain = '.domain.com'
Or if you setting session cookie manually by setcookie, then setting the same domain too
Its actually not the domain you need to change, but the "session name" (name of the cookie parameter). Both apps seem to be using the default "phpsessid" and need to be made to differ, otherwise the apps will see eachother sessions, see the wrong session, or try to unserialize classes only defined in the other project.
You need to change the cookie parameter its storing the session ID in. It can be controlled from an environment variable (php.ini, .htaccess, etc.): http://us1.php.net/manual/en/session.configuration.php#ini.session.name
This way you can have multiple PHP sessions on the same domain. For example if you had example.com/sugarcrm and example.com/foo You could have sugarCRM store it's session ID in a cookie param called "sugarsession" (instead of the default phpsessid)
It has been a while since I had this issue but I think all you have to do is write each instances session file to a different directory by editing the config.php in each SugarCRM's file system and change the line
'session_dir' => '',
to point at a different directory.
PHP sessions work as expected in root directory, and one directory deep. Directories that exist 2 deep end up with a new session id, and all session varaibles are lost.
I include a file config.inc.php (absolute path) into all pages which calls session_start() and initializes the SESSION variables. I found a PHP directive setting that seems to mention subdirectories, but it looks like it is referring to subdirectories of temporarily stored session files.
I've double checked using the HTTPFox firefox plugin, as soon as I visit any page 2 levels deep, the session is gone, and and a new session ID is issued. Very Strange...
Ah, it looks like I was writing my URLS to those particular directories using localhost instead of 127.0.0.1... The different domain caused the browser to think it was a different website, I guess. Changing this solved my problem.
I am developing a site on my localhost, where everything works fine, but now that the site is uploaded to the HTTPS side of our inserted ONLINE /inserted server, the $_SESSION variables don't get carried over from the login.php to the index.php page. Both are located on HTTPS, the process never goes out of HTTPS. As I said, everything worked fine on my localhost.
My localhost's PHP is version 5.3.2 and the HTTPS server is 5.2.6. The only difference in settings I can identify regarding sessions is session.use_only_cookies is On on my localhost and Off on the HTTPS server.
Can anyone please shed some light as to why the session variables are not transferred? PS. I do have session_start(); in both login.php and index.php.
Thanks in advance.
Have you checked that the session cookie is carried over between the HTTP and HTTPS requests? And that the same session token is present on both sides?
If the cookie established via the HTTPS page is marked as "secure only", it will not be transmitted to non-SSL pages, so you'd get a brand new empty session on the non-secure pages, which would give you the symptoms of "missing" session variables. They're not really missing, just in some other session which isn't active now.
There are a few things that can go wrong.
Make sure both login.php and index.php are accessed through https. session.cookie_secure defaults to off, but you never know.
Also make sure they are they both on the same domain. Cookies are set per-domain.
Maybe there is some oddball cookie setting? You can view the current session cookie settings with: session_get_cookie_params()
You can also verify how the cookie is being set in your browser (if at all), for Opera you can right-click in the page, select "edit site preferences", and use the "Cookie" tab. Don't know about other browsers from the top of my head ...
Another possibility is a borked session.save_path, run session_save_path() without any arguments to get the current session_save_path, make sure the user running PHP (typically but not necessarily the same user running the webserver) can write to this directory.