We Keep Coding

php subdomain session sharing

I need to share a session between two subdomains.
I have these domains:
http://example.com
https://secure.example.com
And I tried session sharing with this way:
<?php
ini_set("session.cookie_domain", ".example.com");
session_start();
?>
And this also
<?php session_set_cookie_params ( 0,"/" ,".example.com"); session_start(); ?>
But both seems not working!
How can I make it works?
Sorry for bad English

I don't think sessions are shared across sub-domains. Instead assign the value of the session to a cookie. The cookies are shared.
setcookie("TestCookie", $value, time()+3600);
get the value of the cookie by using this:
$_COOKIE['TestCookie'];

Solved.
I created .htaccess file with this content:
php_value session.cookie_domain ".example.com"

php session value losing while moving to one page to another

I have made a simple website in which user can log in.my problem is when a user enter the address http://www.mysite.com/signin.php and after a successful log in he manually enters the address as http://mysite.com but from that page session variable is not getting. How do I make same session to both www.mysite.com,mysite.com Are there any settings in the php ini file or how do I manage to make same session to both addresses?
if(verify($password,$pw['password']))
{
$uid=$pw['user_id'];
$_SESSION['login_status']=true;
$_SESSION['user']=$uid;
}
i have a page checksession.php
<?php
session_start();
var_dump($_SESSION);
?>
when i login from http://www.mysite.com/signin.php and checking http://www.mysite.com/checksession.php its showing session values but from http://mysite.com/checksession.php it showing nothing.(differance is in address one with www,another without www)

I usually force www. or no www. in my .htaccess file using redirects.
Your problem is probably your PHP_SESS_ID cookie domain not beginning with a "."
session_set_cookie_params ( 3600 , '/', '.example.com');
That should set it.

Add this line before your session_start();:
ini_set('session.cookie_domain', '.mysite.com' );
This should tell PHP to include all subdomains of mysite.com in the same session, including 'www'. Note the period before the domain name.

A different Approach is to use session_start(); inside config.php file and include that file on the top of the code of every page where sessions are required otherwise U will not be able to get the value of SESSION variable..!!

use https:// before the page address call..

Set cookie in different folders

I'm trying to create cookie from one folder that will also work in another.
Simply doing:
setcookie('favorite['.$id.']',1,time()+60*24*60*60,'/');
But it doesn't work. Cookies are visible in the created folder but empty in other.
Also I've tried:
setcookie('favorite['.$id.']',1,time()+60*24*60*60,ROOT);
setcookie('favorite['.$id.']',1,time()+60*24*60*60,HTTP_ADR);
Where ROOT = dirname(__FILE__) and HTTP_ADR is address of my site in http://example.com/site
Could it be due to problem of this array favorite['.$id.'] ?
UPDATE: using in this way echo count($_COOKIE['favorite'])

In case its not working you can store that cookie in the session and can use that cookie
<?php
session_start();
if(isset($_COOKIE['cookiename']))
{
$_SESSION['cookie_name']= $_COOKIE['cookiename'];
}
echo $_SESSION['cookie_name'];
?>

Strange.
This script which in /cookie/ foolder
<?
setcookie('foo[lol]', 1, time()+60*24*60*60, "/");
sets cookie which works even in root folder.
So make shure nothing deletes your cookies in another folder.
EDIT: php can't read cookies which contain brackets. But browsers can.
EDIT2: no, it can, but it thinks that it is array. So to read your cookie use this code:
var_dump($_COOKIE['favorite'][$id]);

SESSION not working on server

i have domain and i created a sub domain as well with the name www.join.domainname.com, now the problem is i start session on the main domain login page that is www.domainname.com/support/login.php
all the pages in same domain working properly with session but when i am trying to check the session
on : www.join.domainname.com/member.php
i am not getting anything i don't know why?? Plz help me to solve the issue, here is the code of www.join.domainname.com/member.php :
session_start();
$session_key = (isset($_SESSION['userid'])) ? $_SESSION['userid'] : 'empty';
echo $session_key;
it return the result empty.

You have to set the session cookie domain to .domainname.com so that it can be accessible to all of its subdomain.
you can use the session_set_cookie_params to do this.
session_set_cookie_params(0, '/', '.domainname.com');
session_start();
Alternatively, you can set the session cookie domain with ini_set
ini_set('session.cookie_domain','.domainname.com');

From my previous experience to make your session usable across domain/sub domain you need to use the session.cookie_domain setting e.g
// Start the session
DEFINE('COOKIE_BASE_DOMAIN_NAME', '.domain.com');
$some_name = session_name("domain-name");
ini_set('session.cookie_domain', COOKIE_BASE_DOMAIN_NAME);
session_start();

PHP Session not Saving

I have this written at the very first line on every page of my website.
include("restd.php");
and restd.php contains the following lines :
#session_start();
if(isset($_SESSION['id']))
{
}
else
{
header("location:index.php");
}
The problem i'm facing is that when ever i click or do something on my website. it logs me out and takes me to index.php.
im sure its something to do with the session. ive tried every single thing to avoid this problem but i ahve used restd.php because i dont want anyone to copy the url of someone and paste and get into the website.
anyone who is logged in only can view other's pages. if they arent logged in then they'll be redirected to index.php
EDIT : and guys a confusing thing is that all this is working fine on my testing server which is easyPHP-5.3.8.0 but this problem is coming up when i upload all the files to my server.

Your session directory (probably /tmp/) is not writable.
Check with session_save_path() if it is writable.
if (!is_writable(session_save_path())) {
echo 'Session path "'.session_save_path().'" is not writable for PHP!';
}

Do you actually set $_SESSION['id'] on a page...
What you are trying to do here is:
Start a session and load the $_SESSION from the session handler
Check if $_SESSION contains key 'id'
Redirect to index.php if $_SESSION['id'] is not set
Do you actually do this in index.php?
session_start();
$_SESSION['id'] = something;

you need declare $_SESSION['id'] :
file1.php
session_start();
$_SESSION['id'] = '123'
file2.php
include 'file1.php'
if(isset($_SESSION['id']))
{
}
else
{
header("location:index.php");
}

In my case I forgot that I had the PHP flag session.cookie_secure set to on, while the development environment was not TLS-secured.
More information about Session/Cookie parameters.

I know this is an old thread, but the following helped me with the same problem after hours of despair. Found on: http://php.net/manual/de/function.session-save-path.php
I made a folder next to the public html folder and placed these lines at the very first point in index.php
Location of session folder:
/domains/account/session
location of index.php
/domains/account/public_html/index.php
What I placed in index.php at line 0:
<?php
ini_set('session.save_path',realpath(dirname($_SERVER['DOCUMENT_ROOT']) . '/../session'));
session_start();
?>
Hopefully this will save you time.

Check maybe your session path does not exist
so you can save PHP session path using:
ini_set(' session.save_path','SOME WRITABLE PATH');

Couple things:
your include file doesn't have the <?php ?> tags, so the content will not be evaluated as PHP
Session_start must be called before you start outputting anything. Is that the case?

You still don't even answer where you SET $_SESSION['id']. $pid = $_SESSION['id'] does not set the session variable. session_start() comes before ANYTHING session related, it's not shown before your include.

I had the same problem and found a work-around for it. If anybody can explain why the session is not read even when the cookie is there, please let me know.
<?php
// logged.php
// The PHP session system will figure out whether to use cookies or URLs to pass the SID
if(!isset($_COOKIE['PHPSESSID']) && !isset($_GET['PHPSESSID']) && authenticationRoutine(/* Returns true if succesfully authenticated */) ) {
session_id(uniqid("User--"));
session_start();
$_SESSION['id']=session_id();
}
?>
<?php
// Insecure restd.php (The user can forge a stolen SID cookie or URL GET request, but that is inherent with PHP sessions)
if(!isset($_COOKIE['PHPSESSID']) && !isset($_GET['PHPSESSID']) {header('Location: index.php')}
?>
.
[EDIT]
Even though the cookie was there and I prevented starting a new session, the session had not been read and started, so no session variables were available. In this case I check if the session has been started first (not using session_status() because it doesn't exist in PHP 3.5, which for some reason is the most widespread among hosts). If no session has been started within PHP, I check if it had been started before by testing the cookies and GET variables. If a session ID was found, the script resumes the session with that ID. If no ID is available, the user gets redirected to the index.
<?php
// restd.php
if(empty(session_id())) {
if(isset($_COOKIE['PHPSESSID']) && !empty($_COOKIE['PHPSESSID'])) {session_id($_COOKIE['PHPSESSID']);}
elseif(isset($_GET['PHPSESSID']) && !empty($_GET['PHPSESSID'])) {session_id($_GET['PHPSESSID']);}
else {header('Location: index.php'); exit(0);}
session_start();
}