i have domain and i created a sub domain as well with the name www.join.domainname.com, now the problem is i start session on the main domain login page that is www.domainname.com/support/login.php
all the pages in same domain working properly with session but when i am trying to check the session
on : www.join.domainname.com/member.php
i am not getting anything i don't know why?? Plz help me to solve the issue, here is the code of www.join.domainname.com/member.php :
session_start();
$session_key = (isset($_SESSION['userid'])) ? $_SESSION['userid'] : 'empty';
echo $session_key;
it return the result empty.
You have to set the session cookie domain to .domainname.com so that it can be accessible to all of its subdomain.
you can use the session_set_cookie_params to do this.
session_set_cookie_params(0, '/', '.domainname.com');
session_start();
Alternatively, you can set the session cookie domain with ini_set
ini_set('session.cookie_domain','.domainname.com');
From my previous experience to make your session usable across domain/sub domain you need to use the session.cookie_domain setting e.g
// Start the session
DEFINE('COOKIE_BASE_DOMAIN_NAME', '.domain.com');
$some_name = session_name("domain-name");
ini_set('session.cookie_domain', COOKIE_BASE_DOMAIN_NAME);
session_start();
Related
I use PHP sessions (not cookies, except for session id cookie) for all user data, and when a user goes to their profile user.mydomain.example they are immediately "logged out" until then remove the subdomain.
Is there a way to accept sessions from all domains as long as its *.mydomain.example
Here are 4 options.
Place this in your php.ini:
session.cookie_domain = ".example.com"
Or in your .htaccess:
php_value session.cookie_domain .example.com
Or as the first thing in your script:
ini_set('session.cookie_domain', '.example.com' );
Or in your php-fpm pool configuration for your site:
php_value[session.cookie_domain] = .example.com
if(isset($_COOKIE['session_id']))
session_id($_COOKIE['session_id']);
Zend_Session::start(); //or session_start();
if(!isset($_COOKIE['session_id']))
setcookie('session_id', session_id(), 0, '/', '.yourdomain.example');
security be damned, if you are as frustrated with incomplete or bad answers as I am, this is your savior. It just works.
change the session name at the top of the core functions file
like
session_name('mysession');
then use the following code into the php page
session_set_cookie_params(0,"/",".example.com",FALSE,FALSE);
setcookie(session_name(), session_id(),0,"/","example.com");
session_start();
finally change the default session name of the subdomain and remove the default cookie in subdomain's core functions file
like:
/*default session name*/
session_name("mysession");
/*remove the PHPSESSID and default session name from subdomain's cookie*/
setcookie( "mysession", "",1,"/" );
setcookie( "PHPSESSID", "",1,"/" );
if you continue with using your cookie name as PHPSESSID ,just remove all the functions with
"mysession" string like session_name('mysession'), setcookie( "mysession", "",1,"/" );
then check your browser's existing cookies, just remove all the cookies of domain and subdomain, and repeat the process.
I know this is quite old - but to further expand on #CTT's suggestion - I needed to add a php.ini file in each sub-directory (that will be executing php code and requires the session) of my subdomain with the following text:
suhosin.session.cryptdocroot=Off
suhosin.cookie.cryptdocroot=Off
I hope this helps (it took me ages to figure this out).
Another option that worked for me: is to force the name of the session:
session_name("myWebsite");
session_start();
yes. ini_set is working. but remember to destroy all caches and cookies of the browser to see it works.
destroy all caches and cookies of your browser
in your xxx.example.com and yyy.example.com, your php files should start like this.
ini_set('session.cookie_domain', '.example.com' ); session_start();
I just had this problem and it turns out I was using different php.ini files for two different sub-domains. These ini files specified different session.save_path variables. For obvious reasons this needs to be the same for all sub-domains that need to share sessions.
Before session_start() use session_set_cookie_params() replacing .domain.example with your domain like this example:
session_set_cookie_params(0, '/', '.domain.example');
session_start();
Try This:
session_start();
$sessionId = session_id();
logged the user. When user will switch to other subdomain sent the session id in the URL like this user.mydomain.example/?id=$sessionId
$sessionId = $_GET['id'];
session_start($sessionId);
Now the user will get all the session values and stay logged in.
if(isset($_COOKIE['session_id']))
session_id($_COOKIE['session_id']);
Zend_Session::start(); //or session_start();
if(!isset($_COOKIE['session_id']))
setcookie('session_id', session_id(), 0, '/', '.yourdomain.example');
This is a good solution, but you cannot use it in all situations. For examples it will not work when you cannot rely on not-session cookies.
This actually MUST work if you use it correctly.
ini_set('session.cookie_domain', '.example.com' );
For example you need to put it before session_start() and also in all files that call session_start()
I am new to php. I am facing problem with sessions. I mean, after I get logged in and I click on any link in the website , its immediately getting logged out. Not sure why.
In chrome console: I entered as : document.cookie , it showing me "", then I got to understand that cookie is somehow getting deleted immediately or some other issue.
This problem exists for below 2 websites.
We have a websites like :
www.mysite.site1.com/folder1
www.mysite.site2.com/folder2
Below is my code of MySite.com/folder1
function MySession() {
$params = session_get_cookie_params();
session_set_cookie_params($params['lifetime'], '/v/folder1');
session_start();
}
function clear()
{
$_SESSION=array();
session_destroy();
}
Below is my code of MySite.com/folder2
function MySession() {
$params = session_get_cookie_params();
session_set_cookie_params($params['lifetime'], '/v/folder2');
session_start();
}
function clear()
{
$_SESSION=array();
session_destroy();
}
Setting the domain for cookies in session_set_cookie_params() only affects the domain used for the session cookie .
So to make all your cookies be available across all sub-domains of your site you need to set your cookies on root domain.
when setting the path that the cookie is valid for, always remember to have that trailing '/'.
CORRECT:
session_set_cookie_params (0, '/yourpath/');
INCORRECT:
session_set_cookie_params (0, '/yourpath');
mysite.site1.com is your base url.
when you switched from www.mysite.site1.com/folder1
to
www.mysite.site2.com/folder2
you'll surely be logged out.
Well, I am able to find out answer for my query:
since in my case I have 2 folders ie., www.mysite.com/folder1 && www.mysite.com/folder2 , then we MUST keep session_name('folder1') for 'folder1' and session_name('folder2') for 'folder2' , otherwise both folders share the same session ID and so user gets logged in automatically in folder2 (assuming if he already got loggedin folder1)
function Session() {
session_name('FOLDER_SID');
session_start();
}
Regarding more info about session_name, here: http://stackoverflow.com/a/7551430/4956785
I use PHP sessions (not cookies, except for session id cookie) for all user data, and when a user goes to their profile user.mydomain.example they are immediately "logged out" until then remove the subdomain.
Is there a way to accept sessions from all domains as long as its *.mydomain.example
Here are 4 options.
Place this in your php.ini:
session.cookie_domain = ".example.com"
Or in your .htaccess:
php_value session.cookie_domain .example.com
Or as the first thing in your script:
ini_set('session.cookie_domain', '.example.com' );
Or in your php-fpm pool configuration for your site:
php_value[session.cookie_domain] = .example.com
if(isset($_COOKIE['session_id']))
session_id($_COOKIE['session_id']);
Zend_Session::start(); //or session_start();
if(!isset($_COOKIE['session_id']))
setcookie('session_id', session_id(), 0, '/', '.yourdomain.example');
security be damned, if you are as frustrated with incomplete or bad answers as I am, this is your savior. It just works.
change the session name at the top of the core functions file
like
session_name('mysession');
then use the following code into the php page
session_set_cookie_params(0,"/",".example.com",FALSE,FALSE);
setcookie(session_name(), session_id(),0,"/","example.com");
session_start();
finally change the default session name of the subdomain and remove the default cookie in subdomain's core functions file
like:
/*default session name*/
session_name("mysession");
/*remove the PHPSESSID and default session name from subdomain's cookie*/
setcookie( "mysession", "",1,"/" );
setcookie( "PHPSESSID", "",1,"/" );
if you continue with using your cookie name as PHPSESSID ,just remove all the functions with
"mysession" string like session_name('mysession'), setcookie( "mysession", "",1,"/" );
then check your browser's existing cookies, just remove all the cookies of domain and subdomain, and repeat the process.
I know this is quite old - but to further expand on #CTT's suggestion - I needed to add a php.ini file in each sub-directory (that will be executing php code and requires the session) of my subdomain with the following text:
suhosin.session.cryptdocroot=Off
suhosin.cookie.cryptdocroot=Off
I hope this helps (it took me ages to figure this out).
Another option that worked for me: is to force the name of the session:
session_name("myWebsite");
session_start();
yes. ini_set is working. but remember to destroy all caches and cookies of the browser to see it works.
destroy all caches and cookies of your browser
in your xxx.example.com and yyy.example.com, your php files should start like this.
ini_set('session.cookie_domain', '.example.com' ); session_start();
I just had this problem and it turns out I was using different php.ini files for two different sub-domains. These ini files specified different session.save_path variables. For obvious reasons this needs to be the same for all sub-domains that need to share sessions.
Before session_start() use session_set_cookie_params() replacing .domain.example with your domain like this example:
session_set_cookie_params(0, '/', '.domain.example');
session_start();
Try This:
session_start();
$sessionId = session_id();
logged the user. When user will switch to other subdomain sent the session id in the URL like this user.mydomain.example/?id=$sessionId
$sessionId = $_GET['id'];
session_start($sessionId);
Now the user will get all the session values and stay logged in.
if(isset($_COOKIE['session_id']))
session_id($_COOKIE['session_id']);
Zend_Session::start(); //or session_start();
if(!isset($_COOKIE['session_id']))
setcookie('session_id', session_id(), 0, '/', '.yourdomain.example');
This is a good solution, but you cannot use it in all situations. For examples it will not work when you cannot rely on not-session cookies.
This actually MUST work if you use it correctly.
ini_set('session.cookie_domain', '.example.com' );
For example you need to put it before session_start() and also in all files that call session_start()
I have read many forums (including this one) about passing session variables between subdomains, and I can't get this to work. Can someone explain what I am missing?
Step 1
In the php.ini file:
session.cookie_domain = ".mydomain.example"
Verified with phpinfo() that I am using the right php.ini file
Step 2
In page at www.mydomain.example set a session variable $_SESSION['a'], verify that it appears by calling it on the next page (it does). Click link to sub.mydomain.example.
Step 3
Page at sub.mydomain.example checks if session variable is set using:
$a = $_SESSION['a'];
if(!isset($_SESSION['a'])){
echo "Error: Session Variable not available";
}
Unfortunately I am getting my error message. What am I missing?
You must pass the session id as a cookie and set the same session id on the new domain
For example you can use this code
ini_set('session.cookie_domain', '.example.com');
$currentCookieParams = session_get_cookie_params();
$rootDomain = '.example.com';
session_set_cookie_params(
$currentCookieParams["lifetime"],
$currentCookieParams["path"],
$rootDomain,
$currentCookieParams["secure"],
$currentCookieParams["httponly"]
);
if(!empty($_SESSION)){
$cookieName = session_id();
setcookie('PHPSESSID', $cookieName, time() + 3600, '/', $rootDomain);
}
if(isset($_COOKIE['PHPSESSID'])){
session_name($_COOKIE['PHPSESSID']);
}
debugging.
is the thing you're missing.
first of all you have to watch HTTP headers to see what is going on and what cookies actually being set. You can use LiveHTTPHeaders Firefox addon or something. With such info you can find the problem. Without it noone can answer tour question "my sessions don't work"
It can prove your statement of proper domain setting in the session settings. Or disprove it.
It can reveal some other misconfiguring.
It may show you cookie being sent back by the browser - so you can be sure that is server side problem
To see the actual result of your code (instead of guessing based on the indirect consequences) always helps.
So, I went a different direction and used this entry which worked...
session_set_cookie_params(0, '/', '.mydomain.example');
session_start();
I use PHP sessions (not cookies, except for session id cookie) for all user data, and when a user goes to their profile user.mydomain.example they are immediately "logged out" until then remove the subdomain.
Is there a way to accept sessions from all domains as long as its *.mydomain.example
Here are 4 options.
Place this in your php.ini:
session.cookie_domain = ".example.com"
Or in your .htaccess:
php_value session.cookie_domain .example.com
Or as the first thing in your script:
ini_set('session.cookie_domain', '.example.com' );
Or in your php-fpm pool configuration for your site:
php_value[session.cookie_domain] = .example.com
if(isset($_COOKIE['session_id']))
session_id($_COOKIE['session_id']);
Zend_Session::start(); //or session_start();
if(!isset($_COOKIE['session_id']))
setcookie('session_id', session_id(), 0, '/', '.yourdomain.example');
security be damned, if you are as frustrated with incomplete or bad answers as I am, this is your savior. It just works.
change the session name at the top of the core functions file
like
session_name('mysession');
then use the following code into the php page
session_set_cookie_params(0,"/",".example.com",FALSE,FALSE);
setcookie(session_name(), session_id(),0,"/","example.com");
session_start();
finally change the default session name of the subdomain and remove the default cookie in subdomain's core functions file
like:
/*default session name*/
session_name("mysession");
/*remove the PHPSESSID and default session name from subdomain's cookie*/
setcookie( "mysession", "",1,"/" );
setcookie( "PHPSESSID", "",1,"/" );
if you continue with using your cookie name as PHPSESSID ,just remove all the functions with
"mysession" string like session_name('mysession'), setcookie( "mysession", "",1,"/" );
then check your browser's existing cookies, just remove all the cookies of domain and subdomain, and repeat the process.
I know this is quite old - but to further expand on #CTT's suggestion - I needed to add a php.ini file in each sub-directory (that will be executing php code and requires the session) of my subdomain with the following text:
suhosin.session.cryptdocroot=Off
suhosin.cookie.cryptdocroot=Off
I hope this helps (it took me ages to figure this out).
Another option that worked for me: is to force the name of the session:
session_name("myWebsite");
session_start();
yes. ini_set is working. but remember to destroy all caches and cookies of the browser to see it works.
destroy all caches and cookies of your browser
in your xxx.example.com and yyy.example.com, your php files should start like this.
ini_set('session.cookie_domain', '.example.com' ); session_start();
I just had this problem and it turns out I was using different php.ini files for two different sub-domains. These ini files specified different session.save_path variables. For obvious reasons this needs to be the same for all sub-domains that need to share sessions.
Before session_start() use session_set_cookie_params() replacing .domain.example with your domain like this example:
session_set_cookie_params(0, '/', '.domain.example');
session_start();
Try This:
session_start();
$sessionId = session_id();
logged the user. When user will switch to other subdomain sent the session id in the URL like this user.mydomain.example/?id=$sessionId
$sessionId = $_GET['id'];
session_start($sessionId);
Now the user will get all the session values and stay logged in.
if(isset($_COOKIE['session_id']))
session_id($_COOKIE['session_id']);
Zend_Session::start(); //or session_start();
if(!isset($_COOKIE['session_id']))
setcookie('session_id', session_id(), 0, '/', '.yourdomain.example');
This is a good solution, but you cannot use it in all situations. For examples it will not work when you cannot rely on not-session cookies.
This actually MUST work if you use it correctly.
ini_set('session.cookie_domain', '.example.com' );
For example you need to put it before session_start() and also in all files that call session_start()