Maintaining Session Variables across Subdomains

Question

I have been trying to maintain session vars between two subdomains and found it impossible. I ended up creating 2 minimal PHP web pages as a test bed, one I call \'test 1\' just

Answer 1

Ok I nailed it and it was a stinker.

Suhosin's suhosin.session.cryptdocroot option was the entire cause of the problem. When the session encryption key is based on the DocRoot it causes the subdomains to fail to see each other's session variables when the base domain and the subdomains are served from different directories. This leads to the session vars on the server being stored in different folders and hence they are not visible to each of the corresponding domains.

Solution. Simply add these 2 lines in your php.ini file:

suhosin.session.cryptdocroot=Off
suhosin.cookie.cryptdocroot=Off

A 48 hour nightmare to track down, 4.8 seconds to fix.