I have a website. People can login it on here
sub.domain.com
If they login here, the session will do its job and user will be logged in. On any page at sub.domain.com, the session value be will returned so it will work fine.
But site can also be reached from www.sub.domain.com . When user logins at sub.domain.com, the session value is empty at www.sub.domain.com.
I mean if user logs in at sub.domain.com,
When he navigates to www.sub.domain.com, site will say 'please login', but user was already logged in at site without 'www'.
Hope it was all clear, thank you.
Add in your main script at the top, before session_start.
ini_set('session.cookie_domain', '.domain.com' );
If you running PHP with suhosin enabled, try disabling there settings too
ini_set("suhosin.session.cryptdocroot", "Off");
ini_set("suhosin.cookie.cryptdocroot", "Off");
Source PHP bug tracker
Thanks to #RandomDave
You could dynamically determine the domain from $_SERVER['HTTP_HOST'] so you don't have to hard-code the domain name
ini_set('session.cookie_domain', strtolower(substr($_SERVER['HTTP_HOST'], 0, 4)) == 'www.' ? substr($_SERVER['HTTP_HOST'], 3) : '.'.$_SERVER['HTTP_HOST'] );
Set the cookie_domain for your session.
ini_set('session.cookie_domain', '.domain.com' );
Or change this setting in your php.ini.
PHP Sessions use cookies to store the session identifier, if you're browsing over www. that is where the cookie will be set.
You can alleviate this issue by setting the session cookie domain prefixed with a dot, which will act essentially as a wildcard for *.domain.com by using .domain.com. You do this with session_set_cookie_params like so:
session_set_cookie_params(0, '/', '.domain.com');
A safer example would use session_get_cookie_params and re-pass the other values back in. Even better, you could modify the php.ini on your server to set session.cookie_domain value to be .domain.com (you could also use ini_set for this).
You can also add a .htaccess at the root of your site like
RewriteEngine on
RewriteBase /
RewriteCond %{HTTP_HOST} ^sub\.domain\.com
RewriteRule ^(.*)$ http://www.sub.domain.com$1 [R=permanent,L]
Related
my sessions only work with a sub-domain, e.g. www. ,and do not work without that sub-domain.
For example, when a user is logged in.
If the address is not on the sub-domain. Typing does not logged in.
I set session cookie_domain but it did not work.
// I do not want to redirect by htaccess Because sub-domains Both have the same problem
If you want the php session to work all your subdomains, you must change cookie_domain option. Type this to top of your script:
ini_set('session.cookie_domain', '.example.com' );
www.domain.com and domain.com are NOT the same website. They are the mirror copy of each other
For this reason, cookies set on domain.com will NOT be used on www.domain.com and vice-verse, because it would be unsafe to assume they are the same thing.
You can override this behavior to some extent by allowing the session cookie to work on all subdomains as well as the main domain by setting the php.ini setting session.cookie_domain to .domain.com
i solved this probem use this code
session_name("name");
ini_set ("session.cookie_domain", '.domain.com') ;
session_set_cookie_params(0, '/', '.domain.com');
session_start();
This question already has answers here:
PHP: SESSION lost on SUBDOMAIN
(3 answers)
Closed 9 years ago.
My site uses PHP sessions to keep track of a logged in user. Every page has session_start(); implemented properly, however in chrome when I place www. in from of the domain name it does not use the session variables. When I replace it back without the www. it works fine again, so the variables are not unset but rather just not being used.
In Firefox strangely it is the other way around. www. works and without does not. Is there a way around this? I'm having trouble because I'm using PayPal to redirect to my site and I can't have my users have to log out and back in directly after.
www.example.com and example.com are NOT the same website. They usually are, but only by convention. www.example.com is a subdomain of example.com
For this reason, cookies set on example.com will NOT be used on www.example.com and vice versa, because it would be unsafe to assume they are the same thing.
You can override this behaviour to some extent by allowing the session cookie to work on all subdomains as well as the main domain by setting the php.ini setting session.cookie_domain to .example.com (replace with your own domain name, of course)
You should either set the cookie_domain in PHP or make sure your users only see your site with www or without www. You can use .htaccess (apache server) to accomplish this.
Example to set your cookie domain for multiple subdomains:
session_set_cookie_params(0, '/', '.example.com');
session_start();
I have a script encoded with ironcube and when I login into that script it creates a session for the domain with the www. only. So if i enter mydomain.com the session changes and I cant access session variables for WWW.mydomain.com.
I would have added the appropriate script so it creates a session for both with the www. and without but the script is encoded with ironcube.
So my problem is, I need to access sessions created with the WWW.mydomain.com from mydomain.com.
Any assistance would be appreciated :)
That is a security measure implemented by browsers to prevent cookie stealing.
The workaround, is to set the cookie for the top-level-domain.
If you have domains www.example.com and example.com use the following code in the beginning of your PHP files.
ini_set('session.cookie_domain', '.example.com');
Session is the wrong term. What you are referring to are cookies. You need to set the cookie so that its on the domain .mydomain.com
Write another script that runs in the www domain that will take the value of the cookie and write it toeaanother cookie in the domain.com so that your scripts there can access it.
After login in this url www.example.com, if I remove the www extension from address-bar the login detail value doesnot keep by session.
Try creating a redirect function from non-www to www. See this topic: WWW to non-WWW Redirect with PHP
Your session is maintained by a cookie. When you log on to www.example.com, a cookie is saved for this domain by default, which is represented with every request to a URL in this domain. example.com is a different cookie domain, and the cookie won't therefore be presented.
Solutions are to either redirect from example.com to www.example.com as Andrei suggested, or to make the cookie domain match as Adnan suggests - both valid answers.
put this in your globals, or in your includes file, or just add it before any session_start() call.
ini_set("session.cookie_domain",".example.com");
another option would be to to add this:
php_value session.cookie_domain .example.com
to your .htaccess
Try clearing browser cache
deleting temporary files and prefetch files
clear dns from cmd ipconfig/flushdns
re open browser login, writing or removing www should not alter with session since it runs on server.
make sure you are not Re - Starting session.
Thanks in advance.
I have a local installation of Xampp. My sites are setup as follows. I have my main domain i.e. 'domain' installatiopn directory: C:\xampp\htdocs\domain
Within this i have a subdomain setup i.e. 'subdomain.domain' installation directory: C:\xampp\htdocs\domain\subdomain
The goal of this is to have a single sign on on the main domain site and be able to access the same session data when the user accesses the subdomain site (and thus not have to re-authenticate the user once they have logged into the domain portal site).
I create the session in my domain index.php as follows:
session_set_cookie_params(0, '/', '.3pccap');
session_name('mysessionname');
session_start();
Subdomain index.php
session_name('mysessionname');
session_start();
I've added a var_dump($_SESSION); on each index.php page to confirm what session data is available. Once I log into my main domain, the session if populated with the users data. I then navigate to my subdomain site which also runs a var_dump of the session variable. The variable is displaying as an empty array.
I have attempted setting the session cookie domain within my php.ini file, no change in behaviour.
Any assistance is most appreciated.
You need to make the Session cookie visible for your subdomain (thus, calling the session_set_cookie on both, your domain and your subdomain):
session_set_cookie_params (0, '/', '.domain.com');
session_name('mysessionname');
session_start();
EDIT (From comments, which solved the issue)
A domain hostname should consist of two parts (even for local development), e.g. domain.local instead of domain
When COOKIES are set, there is a parameter that allows you to specify the PATH and DOMAIN, if you set the DOMAIN to "domain.com" and the PATH to "/" this will make the COOKIE available accross all subdomains, some old browsers require the DOMAIN to use a leading dot(.) ".domain.com"...
Checkout the params on this page, session_set_cookie_params also has the DOMAIN and PATH arguments