I have a website www.example.com
When a user logs in when he visits http://example.com and then when he browses http://www.example.com, he is shown as NOT logged in. I think the reason is that the cookies set when he visited http://example are not being sent to the server when the same user visits http://www.example.com
I want the user to be shown as logged in in both of the sites if he logs in any one of the sites. I have a mobile site also http://m.example.com. I want the user to be shown as logged in here also.
I am using PHP and Zend Framework for my web application.
Try setting the cookie domain (5th arg of set_cookie) to ".example.com".
http://php.net/set_cookie
The domain that the cookie is
available to. To make the cookie
available on all subdomains of
example.com (including example.com
itself) then you'd set it to
'.example.com'. Although some browsers
will accept cookies without the
initial ., ยป RFC 2109 requires it to
be included. Setting the domain to
'www.example.com' or
'.www.example.com' will make the
cookie only available in the www
subdomain.
Hope this helps!
set it in php.ini
session.cookie_domain = .example.com
OR
ini_set("session.cookie_domain", ".example.com");
This will alive session in sub domain also.
Related
I am having a problem with SetCookie. I have two different PHP websites hosted on two subdomains, site1.myweb.com and site2.myweb.com. I want to set a cookie on the domain site2 from site1. And this cookie should only be able to access by site2 and not any other subdomains like site3 or site4.
But when I use setcookie function in PHP from site1 with domain set to site2.myweb.com, the cookie is not set on the browser (but the response contains the cookie). The browser gives an error saying This attempt to set a cookie via a set-cookie header was blocked because its domain attribute was invalid with regards to the current host url.
Can somebody please tell me if this is possible to do?
As I have searched recently, I found some specific information about domain and path.
Domain restriction:
When a website sets a cookie, it is by default tied to the originating domain. For instance, if server1.cookie-domain.com set the cookie, the web browser will automatically send the cookie with all subsequent requests to that domain and it sub-domains (admin.server1.cookie-domain.com).
But the cookie will not be sent to the parent domain or peer domains (cookie-domain.com or server2.cookie-domain.com).
Path restriction:
If an application residing at http://cookie-domain.com/app1/index.jsp sets a cookie, the browser will automatically send this cookie to all requests for pages residing under the /app1/ directory and also any sub-directories but if those attributes have been set to $wgCookieDomain = '' and $wgCookiePath = '/'.
So, my question:
Do the cookies have their path set to an appropriately
restrictive value for the application?
I've 1 domain and created 1 sub domain from main domian says www.example.com and dev.example.com. www.example.com is production domain and dev.example.com is development environment.
I've then clone 2 projects from a same repo but put them in different folder. In www.example.com folder .env file, i've set the domain session to example.com. It means in browser when i access from www.example.com or example.com it will be able to share the domain. In dev.example.com, the session_domain i've set is dev.example.com.
Now the problem i've faced is, when i visit www.example.com it will generates a laravel_session domain name of .example.com. with the dot infront it seems like it can be share to sub domain. When i visit to dev.example.com and login with facebook, it seems like it will looks for the .example.com domain session instead of the session created in dev.example.com.
if i delete the laravel_session in www.example.com im able to login with facebook in my dev.example.com or i clear all the cookies/sessions and i'm also able to login with facebook in my dev.example.com.
What i need to do to not make it share the session in sub domian ? And if i put not to share, can the domain be shared when user key in example.com and www.example.com in their browser?
And when it hit invalidstateException when login with facebook, it can be solved by clear all cookie/session. But i think it's not right to ask user to clear cookie browser by themselves. Is there any solution for this?
You just need to use a differently named session cookie in dev.example.com.
if ( $_SERVER['HTTP_HOST'] === 'dev.example.com' )
{
//The default session name is PHPSESSID,
//so if we use a different one, they don't collide.
session_name('DEVSESSIONID');
}
session_start();
Say my domain was www.example.com and I was setting a user's login cookie if their login credentials are correct.
How would I set the cookie? I've done the same thing with sessions and cookies on my localhost and worked perfectly fine. But when I uploaded my files on to a web server with an actual domain, it doesn't seem to work?
Cookie path: "/"
Cookie domain: ".example.com"
Thanks,
Thanks in advance.
I have a local installation of Xampp. My sites are setup as follows. I have my main domain i.e. 'domain' installatiopn directory: C:\xampp\htdocs\domain
Within this i have a subdomain setup i.e. 'subdomain.domain' installation directory: C:\xampp\htdocs\domain\subdomain
The goal of this is to have a single sign on on the main domain site and be able to access the same session data when the user accesses the subdomain site (and thus not have to re-authenticate the user once they have logged into the domain portal site).
I create the session in my domain index.php as follows:
session_set_cookie_params(0, '/', '.3pccap');
session_name('mysessionname');
session_start();
Subdomain index.php
session_name('mysessionname');
session_start();
I've added a var_dump($_SESSION); on each index.php page to confirm what session data is available. Once I log into my main domain, the session if populated with the users data. I then navigate to my subdomain site which also runs a var_dump of the session variable. The variable is displaying as an empty array.
I have attempted setting the session cookie domain within my php.ini file, no change in behaviour.
Any assistance is most appreciated.
You need to make the Session cookie visible for your subdomain (thus, calling the session_set_cookie on both, your domain and your subdomain):
session_set_cookie_params (0, '/', '.domain.com');
session_name('mysessionname');
session_start();
EDIT (From comments, which solved the issue)
A domain hostname should consist of two parts (even for local development), e.g. domain.local instead of domain
When COOKIES are set, there is a parameter that allows you to specify the PATH and DOMAIN, if you set the DOMAIN to "domain.com" and the PATH to "/" this will make the COOKIE available accross all subdomains, some old browsers require the DOMAIN to use a leading dot(.) ".domain.com"...
Checkout the params on this page, session_set_cookie_params also has the DOMAIN and PATH arguments