Thanks in advance.
I have a local installation of Xampp. My sites are setup as follows. I have my main domain i.e. 'domain' installatiopn directory: C:\xampp\htdocs\domain
Within this i have a subdomain setup i.e. 'subdomain.domain' installation directory: C:\xampp\htdocs\domain\subdomain
The goal of this is to have a single sign on on the main domain site and be able to access the same session data when the user accesses the subdomain site (and thus not have to re-authenticate the user once they have logged into the domain portal site).
I create the session in my domain index.php as follows:
session_set_cookie_params(0, '/', '.3pccap');
session_name('mysessionname');
session_start();
Subdomain index.php
session_name('mysessionname');
session_start();
I've added a var_dump($_SESSION); on each index.php page to confirm what session data is available. Once I log into my main domain, the session if populated with the users data. I then navigate to my subdomain site which also runs a var_dump of the session variable. The variable is displaying as an empty array.
I have attempted setting the session cookie domain within my php.ini file, no change in behaviour.
Any assistance is most appreciated.
You need to make the Session cookie visible for your subdomain (thus, calling the session_set_cookie on both, your domain and your subdomain):
session_set_cookie_params (0, '/', '.domain.com');
session_name('mysessionname');
session_start();
EDIT (From comments, which solved the issue)
A domain hostname should consist of two parts (even for local development), e.g. domain.local instead of domain
When COOKIES are set, there is a parameter that allows you to specify the PATH and DOMAIN, if you set the DOMAIN to "domain.com" and the PATH to "/" this will make the COOKIE available accross all subdomains, some old browsers require the DOMAIN to use a leading dot(.) ".domain.com"...
Checkout the params on this page, session_set_cookie_params also has the DOMAIN and PATH arguments
Related
We have a website www.example.com that use some cookies.
And we have a copy of this website in a subfolder like these:
www.example.com:8000/test/
The copy of this subfolder is for testing.
We create the cookies like this (for example) in the domain and in the subfolder:
setcookie("name", "value", time() + 1800);
And when we navigate into domain and subfolder on different tabs into the same navigator we have conflict between cookies because we have the same cookies in both.
I think that we can do this in the subfolder:
setcookie("name", "value", time() + 1800, "test", "www.example.com:8000");
To my knowledge this creates only the cookies in the subfolder and one part of the problem would be solved.
But, to my knowledge, when we create a cookie in the root of the domain, this cookie is also available in the subfolders... then the problem will continue...
Anyone knows how can I define a cookie only for the root folder of the domain?
Thanks a lot.
You can't
Cookies are strongly connected with website. A domain to be specific. And that's why they are great and powerfull. Any cookie defined anywhere within www.example.com will be accessible in any page on this domain. But on the www.blog.example.com however, that cookie will not be accessible, as subdomains are technically separate domains/websites. Folders and subdirectiories are not.
Using subfolder allows you to set cookie to more deep parts of website. But you cannot limit cookie to root only.
How to help you
Use different names for your cookies.
my sessions only work with a sub-domain, e.g. www. ,and do not work without that sub-domain.
For example, when a user is logged in.
If the address is not on the sub-domain. Typing does not logged in.
I set session cookie_domain but it did not work.
// I do not want to redirect by htaccess Because sub-domains Both have the same problem
If you want the php session to work all your subdomains, you must change cookie_domain option. Type this to top of your script:
ini_set('session.cookie_domain', '.example.com' );
www.domain.com and domain.com are NOT the same website. They are the mirror copy of each other
For this reason, cookies set on domain.com will NOT be used on www.domain.com and vice-verse, because it would be unsafe to assume they are the same thing.
You can override this behavior to some extent by allowing the session cookie to work on all subdomains as well as the main domain by setting the php.ini setting session.cookie_domain to .domain.com
i solved this probem use this code
session_name("name");
ini_set ("session.cookie_domain", '.domain.com') ;
session_set_cookie_params(0, '/', '.domain.com');
session_start();
I have a website with n number of sub-domains, and one reserved for static content. I need to set up a cookie across all sub-domains except the static sub-domain. My home-page is on a sub-domain-less (domain.lk) manner. It is possible to route it to www.domain.com if necessory
It is more important to keep the static sub-domain cookie free.
I have tried the following line of code before reading cookies
ini_set('session.cookie_domain', 'domain.lk');
and
ini_set('session.cookie_domain', 'www.domain.lk');
That line was present only on dynamic sub-domains. But it didn't work. Cookie was not accessible from different sub-domains.
My static sub-domain is hard coded in to many contents (database records), therefor changing that is not a good option.
There's no means of setting a domain level cookie and making it not visible on given sub-domain. (You will however need to prefix the domain with a period as such...)
ini_set('session.cookie_domain', '.domain.lk');
However, if the static domain doesn't require cookies (or indeed presumably the existence of PHP at all), the fact that this cookie doesn't exist shouldn't be an issue.
That said, you should be able to overcome this using the mod_headers Apache module on the given sub-domain (so that it's not transmitted to the browser client) via...
RequestHeader unset Set-Cookie
I have a script encoded with ironcube and when I login into that script it creates a session for the domain with the www. only. So if i enter mydomain.com the session changes and I cant access session variables for WWW.mydomain.com.
I would have added the appropriate script so it creates a session for both with the www. and without but the script is encoded with ironcube.
So my problem is, I need to access sessions created with the WWW.mydomain.com from mydomain.com.
Any assistance would be appreciated :)
That is a security measure implemented by browsers to prevent cookie stealing.
The workaround, is to set the cookie for the top-level-domain.
If you have domains www.example.com and example.com use the following code in the beginning of your PHP files.
ini_set('session.cookie_domain', '.example.com');
Session is the wrong term. What you are referring to are cookies. You need to set the cookie so that its on the domain .mydomain.com
Write another script that runs in the www domain that will take the value of the cookie and write it toeaanother cookie in the domain.com so that your scripts there can access it.
There is a website with several subdomains.
On the main subdomain cookies are set:
#setcookie( $name, $value, $expires, '/', '.www.mysite.com');
I can see the cookie on www.mysite.com and sub1.mysite.com.
The directories are:
www.mysite.com: public/index.php
sub1.mysite.com: public/sub1/index.php
How can that be possible that I can't see it in the new subdomain sub2.mysite.com?
sub2.mysite.com public/sub2/index.php
Setting the domain to 'www.example.com' or '.www.example.com' will
make the cookie only available in the www subdomain.
If you want to make the cookie available on all subdomains of example.com (including example.com itself) then you'd set it to '.example.com'.
make sure the path is set to / so it works for the whole site, otherwise it might not work for sub directories on your site
Using # is not a wise act in general but using it in front of setcookie() is exceptionally unwise, if not to say a stronger word.
Subdomain should be set to .mysite.com'
path should be set, not omitted. If you want to have access to the cookie in any directory, set path to /.
Nevertheless, the reason can be any. One have to debug their code, not asking for the possible reasons.