Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Page 1 of 3 123 LastLast
Results 1 to 15 of 35
  1. #1
    New Coder
    Join Date
    Jan 2012
    Posts
    53
    Thanks
    8
    Thanked 4 Times in 4 Posts

    Post Keeping Login Sessions Over a Subdomain

    I've been struggling with this for a long time now...

    How would I keep the $_SESSION values through all the subdomains on my site? They just don't seem to work on any domain but the main one.

    Thanks.

  • #2
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,994
    Thanks
    4
    Thanked 2,662 Times in 2,631 Posts
    First, set your ini to session.use_trans_sid of 1. This will auto append a PHPSESSID or whatever your chosen session id is to the query string. Next, disable your browser from setting cookies. Finally, add a few pages that create sessions and bounce between the subdomains (the ini setting can be done in these pages instead for just testing purposes instead of altering ini).
    Does that work?

    If so, problem is simply your domain cookies. Set your session cookie domain from your ini's session.cookie_domain, or at a script level. This domain must be in the form of ".yoursite.com".

    Let me know if that works. Remember to clear your cookies prior to trying.

    Edit:
    Sorry, for a test you should set some more to verify. These can all be done inline with a script prior to session_start call:
    PHP Code:
    ini_set('session.use_trans_sid'1);
    ini_set('session.use_cookies'1);
    ini_set('session.use_only_cookies'0); 
    This disables the forced cookies in sessions (which you want for something like a TLS site), but makes it easier to test.

  • Users who have thanked Fou-Lu for this post:

    DarkLaika (01-18-2012)

  • #3
    New Coder
    Join Date
    Jan 2012
    Posts
    53
    Thanks
    8
    Thanked 4 Times in 4 Posts

    Smile

    Quote Originally Posted by Fou-Lu View Post
    First, set your ini to session.use_trans_sid of 1. This will auto append a PHPSESSID or whatever your chosen session id is to the query string. Next, disable your browser from setting cookies. Finally, add a few pages that create sessions and bounce between the subdomains (the ini setting can be done in these pages instead for just testing purposes instead of altering ini).
    Does that work?

    If so, problem is simply your domain cookies. Set your session cookie domain from your ini's session.cookie_domain, or at a script level. This domain must be in the form of ".yoursite.com".

    Let me know if that works. Remember to clear your cookies prior to trying.

    Edit:
    Sorry, for a test you should set some more to verify. These can all be done inline with a script prior to session_start call:
    PHP Code:
    ini_set('session.use_trans_sid'1);
    ini_set('session.use_cookies'1);
    ini_set('session.use_only_cookies'0); 
    This disables the forced cookies in sessions (which you want for something like a TLS site), but makes it easier to test.
    I'm really sorry for not mentioning this before, but I'm sorta new to PHP. If I private messaged you the code for my page, would you be able to tell me where everything should go?

    Thanks!

  • #4
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,994
    Thanks
    4
    Thanked 2,662 Times in 2,631 Posts
    No, keep everything within the thread since that allows others to reply.
    Any ini change can go at the top of the script. Session changes in particular should be done before the session_start which is typically the first line of a script that uses a session.

  • #5
    New Coder
    Join Date
    Jan 2012
    Posts
    53
    Thanks
    8
    Thanked 4 Times in 4 Posts
    So what exactly do I put at the top of my document then?

  • #6
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,994
    Thanks
    4
    Thanked 2,662 Times in 2,631 Posts
    PHP Code:
    ini_set('session.use_trans_sid'1);
    ini_set('session.use_cookies'1);
    ini_set('session.use_only_cookies'0); 
    Is what you would put in each of your test scripts prior to opening a session_start().

  • Users who have thanked Fou-Lu for this post:

    DarkLaika (01-19-2012)

  • #7
    New Coder
    Join Date
    Jan 2012
    Posts
    53
    Thanks
    8
    Thanked 4 Times in 4 Posts

    Post

    Quote Originally Posted by Fou-Lu View Post
    PHP Code:
    ini_set('session.use_trans_sid'1);
    ini_set('session.use_cookies'1);
    ini_set('session.use_only_cookies'0); 
    Is what you would put in each of your test scripts prior to opening a session_start().
    And what should I do after adding this code?

    Sorry about this.

  • #8
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,994
    Thanks
    4
    Thanked 2,662 Times in 2,631 Posts
    Write links to go between the test scripts across the subdomains and print out the data within a session.

  • Users who have thanked Fou-Lu for this post:

    DarkLaika (01-19-2012)

  • #9
    New Coder
    Join Date
    Jan 2012
    Posts
    53
    Thanks
    8
    Thanked 4 Times in 4 Posts

    Post

    Quote Originally Posted by Fou-Lu View Post
    Write links to go between the test scripts across the subdomains and print out the data within a session.
    Will this work in a login form?

  • #10
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,994
    Thanks
    4
    Thanked 2,662 Times in 2,631 Posts
    Sure. The purpose of this test is to determine if the sessions themselves are established properly and the issue is with the cookie domain.

  • Users who have thanked Fou-Lu for this post:

    DarkLaika (01-19-2012)

  • #11
    New Coder
    Join Date
    Jan 2012
    Posts
    53
    Thanks
    8
    Thanked 4 Times in 4 Posts

    Thumbs up

    Quote Originally Posted by Fou-Lu View Post
    Sure. The purpose of this test is to determine if the sessions themselves are established properly and the issue is with the cookie domain.
    It's worked! Thank you so much!

  • #12
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,994
    Thanks
    4
    Thanked 2,662 Times in 2,631 Posts
    Quote Originally Posted by DarkLaika View Post
    It's worked! Thank you so much!
    Okay, then to fix the problem you need to set the session.cookie_domain directive to ".yoursite.com". This can be configured at any level of run, but I'd suggest to modify either php.ini or add a php_value to a perdir in an .htaccess file.
    The fix above is only to confirm the issue is the cookie domain. Those with cookies enabled will still have issues since the sid is not passed via get if the cookie is successfully set.

  • #13
    New Coder
    Join Date
    Jan 2012
    Posts
    53
    Thanks
    8
    Thanked 4 Times in 4 Posts

    Post

    Quote Originally Posted by Fou-Lu View Post
    Okay, then to fix the problem you need to set the session.cookie_domain directive to ".yoursite.com". This can be configured at any level of run, but I'd suggest to modify either php.ini or add a php_value to a perdir in an .htaccess file.
    The fix above is only to confirm the issue is the cookie domain. Those with cookies enabled will still have issues since the sid is not passed via get if the cookie is successfully set.
    How would I do this? I don't seem to have a php.ini file.

  • #14
    God Emperor Fou-Lu's Avatar
    Join Date
    Sep 2002
    Location
    Saskatoon, Saskatchewan
    Posts
    16,994
    Thanks
    4
    Thanked 2,662 Times in 2,631 Posts
    I'd contact your host to find out if a local php.ini will work (cgi). Otherwise, check if a .htaccess is allowed. If neither of the two are allowed, every script has to be modified to set:
    PHP Code:
    ini_set('session.cookie_domain''.yoursite.com'); 

  • #15
    New Coder
    Join Date
    Jan 2012
    Posts
    53
    Thanks
    8
    Thanked 4 Times in 4 Posts

    Post

    Quote Originally Posted by Fou-Lu View Post
    I'd contact your host to find out if a local php.ini will work (cgi). Otherwise, check if a .htaccess is allowed. If neither of the two are allowed, every script has to be modified to set:
    PHP Code:
    ini_set('session.cookie_domain''.yoursite.com'); 
    .htaccess is allowed, I can use that.


  •  
    Page 1 of 3 123 LastLast

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •