I am on Windows 7 using WAMP, and I am trying to share the PHPSESSID across subdomains.
In my code I set: ini_set('session.cookie_domain', '.web.local');
When I go to test.web.local I get a different PHPSESSID than web.local
I want to be able to share the PHPSESSID in $_COOKIE accross the subdomains.
What am I doing wrong?
Also running Wildcard based subdomains via Acrylic DNS Proxy custom hosts file.
Another thing, if I echo phpinfo() on both domains, the session.cookie_domain directive has the same value on both.
I believe you need to use session_set_cookie_params to share session across subdomain and you use need to use it on every pages (use it on main domain and subdomain). For example:
session_set_cookie_params(0, '/', '.web.local');
session_start();
Noted that you need to use it before session_start(). For more information. Read the session_set_cookie_params documentation here.
Related
my sessions only work with a sub-domain, e.g. www. ,and do not work without that sub-domain.
For example, when a user is logged in.
If the address is not on the sub-domain. Typing does not logged in.
I set session cookie_domain but it did not work.
// I do not want to redirect by htaccess Because sub-domains Both have the same problem
If you want the php session to work all your subdomains, you must change cookie_domain option. Type this to top of your script:
ini_set('session.cookie_domain', '.example.com' );
www.domain.com and domain.com are NOT the same website. They are the mirror copy of each other
For this reason, cookies set on domain.com will NOT be used on www.domain.com and vice-verse, because it would be unsafe to assume they are the same thing.
You can override this behavior to some extent by allowing the session cookie to work on all subdomains as well as the main domain by setting the php.ini setting session.cookie_domain to .domain.com
i solved this probem use this code
session_name("name");
ini_set ("session.cookie_domain", '.domain.com') ;
session_set_cookie_params(0, '/', '.domain.com');
session_start();
I have a website with n number of sub-domains, and one reserved for static content. I need to set up a cookie across all sub-domains except the static sub-domain. My home-page is on a sub-domain-less (domain.lk) manner. It is possible to route it to www.domain.com if necessory
It is more important to keep the static sub-domain cookie free.
I have tried the following line of code before reading cookies
ini_set('session.cookie_domain', 'domain.lk');
and
ini_set('session.cookie_domain', 'www.domain.lk');
That line was present only on dynamic sub-domains. But it didn't work. Cookie was not accessible from different sub-domains.
My static sub-domain is hard coded in to many contents (database records), therefor changing that is not a good option.
There's no means of setting a domain level cookie and making it not visible on given sub-domain. (You will however need to prefix the domain with a period as such...)
ini_set('session.cookie_domain', '.domain.lk');
However, if the static domain doesn't require cookies (or indeed presumably the existence of PHP at all), the fact that this cookie doesn't exist shouldn't be an issue.
That said, you should be able to overcome this using the mod_headers Apache module on the given sub-domain (so that it's not transmitted to the browser client) via...
RequestHeader unset Set-Cookie
This question already has answers here:
PHP: SESSION lost on SUBDOMAIN
(3 answers)
Closed 9 years ago.
My site uses PHP sessions to keep track of a logged in user. Every page has session_start(); implemented properly, however in chrome when I place www. in from of the domain name it does not use the session variables. When I replace it back without the www. it works fine again, so the variables are not unset but rather just not being used.
In Firefox strangely it is the other way around. www. works and without does not. Is there a way around this? I'm having trouble because I'm using PayPal to redirect to my site and I can't have my users have to log out and back in directly after.
www.example.com and example.com are NOT the same website. They usually are, but only by convention. www.example.com is a subdomain of example.com
For this reason, cookies set on example.com will NOT be used on www.example.com and vice versa, because it would be unsafe to assume they are the same thing.
You can override this behaviour to some extent by allowing the session cookie to work on all subdomains as well as the main domain by setting the php.ini setting session.cookie_domain to .example.com (replace with your own domain name, of course)
You should either set the cookie_domain in PHP or make sure your users only see your site with www or without www. You can use .htaccess (apache server) to accomplish this.
Example to set your cookie domain for multiple subdomains:
session_set_cookie_params(0, '/', '.example.com');
session_start();
I have tried setting cookies but the problem is in setting domain. When i tried to set domain in setcookies() it doesn't set any value. Without domain setting it will automatically set my domain (for ex. localhost).
If I am using any .com it will set it by default but I cannot set domain in cookies.
Can any one please help me setting domain in php.
setcookie('session_id',$sessionID[1],strtotime($expireTime[1]),'/',$domain);
When I set it without domain it sets the cookies to my localhost or on which domain I am.
Can any one help me.
you can not set a cookie attributed to a domain other than that you are using. this is generally considered a good thing.
If you put a domain to setcookie, you'll see in your header that PHP has set your cookie with the right domain name. But, your browser will just ignore it for safety reasons.
If you need to set a cookie for an auto-login or such, you need to play with your hosts file to make your browser believe that you're on the same domain than the domain where you want to set a cookie.
Example :
If you add :
127.0.0.1 autologin.amazon.co.uk
in your hosts file, and go to http://autologin.amazon.co.uk instead of http://localhost, your remote script will be allowed to set any .amazon.co.uk cookie.
Thanks in advance.
I have a local installation of Xampp. My sites are setup as follows. I have my main domain i.e. 'domain' installatiopn directory: C:\xampp\htdocs\domain
Within this i have a subdomain setup i.e. 'subdomain.domain' installation directory: C:\xampp\htdocs\domain\subdomain
The goal of this is to have a single sign on on the main domain site and be able to access the same session data when the user accesses the subdomain site (and thus not have to re-authenticate the user once they have logged into the domain portal site).
I create the session in my domain index.php as follows:
session_set_cookie_params(0, '/', '.3pccap');
session_name('mysessionname');
session_start();
Subdomain index.php
session_name('mysessionname');
session_start();
I've added a var_dump($_SESSION); on each index.php page to confirm what session data is available. Once I log into my main domain, the session if populated with the users data. I then navigate to my subdomain site which also runs a var_dump of the session variable. The variable is displaying as an empty array.
I have attempted setting the session cookie domain within my php.ini file, no change in behaviour.
Any assistance is most appreciated.
You need to make the Session cookie visible for your subdomain (thus, calling the session_set_cookie on both, your domain and your subdomain):
session_set_cookie_params (0, '/', '.domain.com');
session_name('mysessionname');
session_start();
EDIT (From comments, which solved the issue)
A domain hostname should consist of two parts (even for local development), e.g. domain.local instead of domain
When COOKIES are set, there is a parameter that allows you to specify the PATH and DOMAIN, if you set the DOMAIN to "domain.com" and the PATH to "/" this will make the COOKIE available accross all subdomains, some old browsers require the DOMAIN to use a leading dot(.) ".domain.com"...
Checkout the params on this page, session_set_cookie_params also has the DOMAIN and PATH arguments