I have a website with n number of sub-domains, and one reserved for static content. I need to set up a cookie across all sub-domains except the static sub-domain. My home-page is on a sub-domain-less (domain.lk) manner. It is possible to route it to www.domain.com if necessory
It is more important to keep the static sub-domain cookie free.
I have tried the following line of code before reading cookies
ini_set('session.cookie_domain', 'domain.lk');
and
ini_set('session.cookie_domain', 'www.domain.lk');
That line was present only on dynamic sub-domains. But it didn't work. Cookie was not accessible from different sub-domains.
My static sub-domain is hard coded in to many contents (database records), therefor changing that is not a good option.
There's no means of setting a domain level cookie and making it not visible on given sub-domain. (You will however need to prefix the domain with a period as such...)
ini_set('session.cookie_domain', '.domain.lk');
However, if the static domain doesn't require cookies (or indeed presumably the existence of PHP at all), the fact that this cookie doesn't exist shouldn't be an issue.
That said, you should be able to overcome this using the mod_headers Apache module on the given sub-domain (so that it's not transmitted to the browser client) via...
RequestHeader unset Set-Cookie
Related
I am having a problem with SetCookie. I have two different PHP websites hosted on two subdomains, site1.myweb.com and site2.myweb.com. I want to set a cookie on the domain site2 from site1. And this cookie should only be able to access by site2 and not any other subdomains like site3 or site4.
But when I use setcookie function in PHP from site1 with domain set to site2.myweb.com, the cookie is not set on the browser (but the response contains the cookie). The browser gives an error saying This attempt to set a cookie via a set-cookie header was blocked because its domain attribute was invalid with regards to the current host url.
Can somebody please tell me if this is possible to do?
https://github.com/appleboy/CodeIgniter-Native-Session/blob/master/libraries/Session.php
If you run multiple applications on the same site, please modify your_application/config/session.php file line:
// Session namespace
$config['sess_namespace'] = 'your_application_name';
In my setup I run the same application across different sub domains. Does this apply to me? Or is this for multiple applications running on same domain?
It depends on what you have in $config['cookie_domain'].
By default (if you don't specify), php will set the domain to the domain of the current request meaning that the session cookie created for domain.com will be sent to the www.domain.com and every other higher level subdomains too (see the $domain parameter).
If you are using the "main" domain (one segment + tld, ie.: domain.com) you might need to redirect the traffic to a subdomain (like www) before you set any cookies, or you can of course use the sess_namespace setting.
This question already has answers here:
PHP: SESSION lost on SUBDOMAIN
(3 answers)
Closed 9 years ago.
My site uses PHP sessions to keep track of a logged in user. Every page has session_start(); implemented properly, however in chrome when I place www. in from of the domain name it does not use the session variables. When I replace it back without the www. it works fine again, so the variables are not unset but rather just not being used.
In Firefox strangely it is the other way around. www. works and without does not. Is there a way around this? I'm having trouble because I'm using PayPal to redirect to my site and I can't have my users have to log out and back in directly after.
www.example.com and example.com are NOT the same website. They usually are, but only by convention. www.example.com is a subdomain of example.com
For this reason, cookies set on example.com will NOT be used on www.example.com and vice versa, because it would be unsafe to assume they are the same thing.
You can override this behaviour to some extent by allowing the session cookie to work on all subdomains as well as the main domain by setting the php.ini setting session.cookie_domain to .example.com (replace with your own domain name, of course)
You should either set the cookie_domain in PHP or make sure your users only see your site with www or without www. You can use .htaccess (apache server) to accomplish this.
Example to set your cookie domain for multiple subdomains:
session_set_cookie_params(0, '/', '.example.com');
session_start();
Thanks in advance.
I have a local installation of Xampp. My sites are setup as follows. I have my main domain i.e. 'domain' installatiopn directory: C:\xampp\htdocs\domain
Within this i have a subdomain setup i.e. 'subdomain.domain' installation directory: C:\xampp\htdocs\domain\subdomain
The goal of this is to have a single sign on on the main domain site and be able to access the same session data when the user accesses the subdomain site (and thus not have to re-authenticate the user once they have logged into the domain portal site).
I create the session in my domain index.php as follows:
session_set_cookie_params(0, '/', '.3pccap');
session_name('mysessionname');
session_start();
Subdomain index.php
session_name('mysessionname');
session_start();
I've added a var_dump($_SESSION); on each index.php page to confirm what session data is available. Once I log into my main domain, the session if populated with the users data. I then navigate to my subdomain site which also runs a var_dump of the session variable. The variable is displaying as an empty array.
I have attempted setting the session cookie domain within my php.ini file, no change in behaviour.
Any assistance is most appreciated.
You need to make the Session cookie visible for your subdomain (thus, calling the session_set_cookie on both, your domain and your subdomain):
session_set_cookie_params (0, '/', '.domain.com');
session_name('mysessionname');
session_start();
EDIT (From comments, which solved the issue)
A domain hostname should consist of two parts (even for local development), e.g. domain.local instead of domain
When COOKIES are set, there is a parameter that allows you to specify the PATH and DOMAIN, if you set the DOMAIN to "domain.com" and the PATH to "/" this will make the COOKIE available accross all subdomains, some old browsers require the DOMAIN to use a leading dot(.) ".domain.com"...
Checkout the params on this page, session_set_cookie_params also has the DOMAIN and PATH arguments
There is a website with several subdomains.
On the main subdomain cookies are set:
#setcookie( $name, $value, $expires, '/', '.www.mysite.com');
I can see the cookie on www.mysite.com and sub1.mysite.com.
The directories are:
www.mysite.com: public/index.php
sub1.mysite.com: public/sub1/index.php
How can that be possible that I can't see it in the new subdomain sub2.mysite.com?
sub2.mysite.com public/sub2/index.php
Setting the domain to 'www.example.com' or '.www.example.com' will
make the cookie only available in the www subdomain.
If you want to make the cookie available on all subdomains of example.com (including example.com itself) then you'd set it to '.example.com'.
make sure the path is set to / so it works for the whole site, otherwise it might not work for sub directories on your site
Using # is not a wise act in general but using it in front of setcookie() is exceptionally unwise, if not to say a stronger word.
Subdomain should be set to .mysite.com'
path should be set, not omitted. If you want to have access to the cookie in any directory, set path to /.
Nevertheless, the reason can be any. One have to debug their code, not asking for the possible reasons.