Allow php sessions to carry over to subdomains

前端 未结 10 1109
清歌不尽
清歌不尽 2020-11-22 01:10

I use php sessions (not cookies, except for session id cookie) for all user data, and when a user goes to their profile user.mydomain.com they are immediately \"logged out\"

相关标签:
10条回答
  • 2020-11-22 01:48

    yes. ini_set is working. but remember to destroy all caches and cookies of the browser to see it works.

    1. destroy all caches and cookies of your browser
    2. in your xxx.example.com and yyy.example.com, your php files should start like this.

      ini_set('session.cookie_domain', '.example.com' ); session_start();
      
    0 讨论(0)
  • 2020-11-22 01:50

    I know this is quite old - but to further expand on @CTT's suggestion - I needed to add a php.ini file in each sub-directory (that will be executing php code and requires the session) of my subdomain with the following text:

    suhosin.session.cryptdocroot=Off
    suhosin.cookie.cryptdocroot=Off
    

    I hope this helps (it took me ages to figure this out).

    0 讨论(0)
  • 2020-11-22 01:54
    if(isset($_COOKIE['session_id']))
        session_id($_COOKIE['session_id']);
        Zend_Session::start(); //or session_start();
    
        if(!isset($_COOKIE['session_id']))
            setcookie('session_id', session_id(), 0, '/', '.yourdomain.com');
    

    This is a good solution, but you cannot use it in all situations. For examples it will not work when you cannot rely on not-session cookies.

    This actually MUST work if you use it correctly.

    ini_set('session.cookie_domain', '.example.com' );
    

    For example you need to put it before session_start() and also in all files that call session_start()

    0 讨论(0)
  • 2020-11-22 01:56
            if(isset($_COOKIE['session_id']))
                session_id($_COOKIE['session_id']);
            Zend_Session::start(); //or session_start();
            if(!isset($_COOKIE['session_id']))
                setcookie('session_id', session_id(), 0, '/', '.yourdomain.com');
    

    security be damned, if you are as frustrated with incomplete or bad answers as I am, this is your savior. It just works.

    0 讨论(0)
  • 2020-11-22 01:58

    I just had this problem and it turns out I was using different php.ini files for two different sub-domains. These ini files specified different session.save_path variables. For obvious reasons this needs to be the same for all sub-domains that need to share sessions.

    0 讨论(0)
  • 2020-11-22 02:05

    Before session_start() use session_set_cookie_params() replacing .domain.com with your domain like this example:

    session_set_cookie_params(0, '/', '.domain.com');
    session_start();
    
    0 讨论(0)
提交回复
热议问题