PHP Sessions across sub domains

前端 未结 17 1482
慢半拍i
慢半拍i 2020-11-22 05:59

I am trying to set up the following:

auth.example.com
sub1.example.com
sub2.example.com

If the user visits sub1.example.com or

相关标签:
17条回答
  • 2020-11-22 06:12

    I do not know if the problem still exists, but I just ran into the same problem and solved it setting a session name before calling session_set_cookie_params():

    $some_name = session_name("some_name");
    session_set_cookie_params(0, '/', '.example.com');
    session_start();
    

    I have changed nothing in my php.ini but now everything is working fine.

    0 讨论(0)
  • 2020-11-22 06:12

    I know this is old but this works fine for me with multiple domains and sub domains on the same box.

    <?php
    define('site_domain','example.com');
    session_set_save_handler('_open',
                             '_close',
                             '_read',
                             '_write',
                             '_destroy',
                             '_clean');
    
    function _open(){
    
        global $_sess_db;
    
    $db_user = 'user';
    $db_pass = 'pass';
    $db_host = 'localhost';
    
    if ($_sess_db = mysql_connect($db_host, $db_user, $db_pass)){
    
        return mysql_select_db('database', $_sess_db);
    
    }
    
    return false;
    
    }
    
    function _close(){
    
        global $_sess_db;
        return mysql_close($_sess_db);
    
    }
    
    function _read($id){
    
        global $_sess_db;
        $id = mysql_real_escape_string($id);
        $domain = mysql_real_escape_string(site_domain);
        $agent = mysql_real_escape_string(isset($_SERVER['HTTP_USER_AGENT']));
    
        $sql = "SELECT data
        FROM sessions
        WHERE id = '$id' AND domain = '$domain' AND agent = '$agent'";
    
         if ($result = mysql_query($sql, $_sess_db)){
    
             if (mysql_num_rows($result)){
                 $record = mysql_fetch_assoc($result);
                 return $record['data'];
            }
    
        }
    
        return '';
    
    }
    
    function _write($id, $data){
    
        global $_sess_db;
        $access = time();
    
        $id = mysql_real_escape_string($id);
        $access = mysql_real_escape_string($access);
        $data = mysql_real_escape_string($data);
        $domain = mysql_real_escape_string(site_domain);
        $agent = mysql_real_escape_string(isset($_SERVER['HTTP_USER_AGENT']));
    
        $sql = "REPLACE INTO sessions
        VALUES ('$id', '$access', '$data', '$domain', '$agent')";
    
        return mysql_query($sql, $_sess_db);
    
    }
    
    function _destroy($id){
    
        global $_sess_db;
        $id = mysql_real_escape_string($id);
        $domain = mysql_real_escape_string(site_domain);
        $agent = mysql_real_escape_string(isset($_SERVER['HTTP_USER_AGENT']));
    
        $sql = "DELETE FROM sessions
        WHERE id = '$id' AND domain = '$domain' AND agent = '$agent'";
    
        return mysql_query($sql, $_sess_db);
    
    }
    
    function _clean($max){
    
        global $_sess_db;
        $old = time() - $max;
        $old = mysql_real_escape_string($old);
        $domain = mysql_real_escape_string(site_domain);
        $agent = mysql_real_escape_string(isset($_SERVER['HTTP_USER_AGENT']));
    
        $sql = "DELETE FROM sessions
        WHERE  access < '$old' AND domain = '$domain' AND agent = '$agent'";
    
        return mysql_query($sql, $_sess_db);
    
    }
    

    ?>

    0 讨论(0)
  • 2020-11-22 06:13

    I have confirmed. joreon's answer is correct. I cannot comment because my reputation is not enough so I post my comment here.

    Define the constant in a config file. If you want to change it, no need to modify whole files.

    define('ROOT_DOMAIN',   'mysite.example');
    define('PHP_SESSION_NAME', 'MYSITE'); 
    

    The session name can't consist of digits only, at least one letter must be present. Otherwise, a new session id is generated every time.

    Use the following code to start using session

    session_name(PHP_SESSION_NAME);
    session_set_cookie_params(0, '/', '.' . ROOT_DOMAIN);
    session_start();
    

    I'm using this function:

    function load_session() {
        if (session_status() == PHP_SESSION_NONE) {
            session_name(PHP_SESSION_NAME);
            session_set_cookie_params(0, '/', '.' . ROOT_DOMAIN);
            session_start();
        } elseif (session_name() != PHP_SESSION_NAME) {
            session_destroy();
            session_name(PHP_SESSION_NAME);
            session_set_cookie_params(0, '/', '.' . ROOT_DOMAIN);
            session_start();
        }
    }
    load_session(); // put it in anywhere you want to use session
    
    0 讨论(0)
  • 2020-11-22 06:13

    Sub domain and root domain Cookie Sessions Combined Use

    Resource: http://php.net//manual/tr/function.session-set-cookie-params.php

    I've tested works

    sub.example.com/sessionadd.php?id=123
    
    example.com/sessionview.php // 123
    

    -- Codes

    <?php 
    $currentCookieParams = session_get_cookie_params(); 
    
    $rootDomain = '.example.com'; 
    
    session_set_cookie_params( 
        $currentCookieParams["lifetime"], 
        $currentCookieParams["path"], 
        $rootDomain, 
        $currentCookieParams["secure"], 
        $currentCookieParams["httponly"] 
    ); 
    
    session_name('mysessionname'); 
    session_start(); 
    
    setcookie($cookieName, $cookieValue, time() + 3600, '/', $rootDomain); 
    ?>
    
    0 讨论(0)
  • 2020-11-22 06:13

    A quick and dirty solution is to use this for your redirect:

    header( $url.'?'.session_name().'='.session_id() );
    

    this will add something along the lines of ?PHPSESSID=etnm7kbuf5lg0r6tv7je6ehtn4 to the URL, which tells PHP the session id it should use.

    0 讨论(0)
  • 2020-11-22 06:14

    Use this , it works:

    ini_set('session.cookie_domain', 
        substr($_SERVER['SERVER_NAME'],strpos($_SERVER['SERVER_NAME'],"."),100));
    
    0 讨论(0)
提交回复
热议问题