php question: session sharing across subdomains

Toggle sidebar Toggle sidebar
S

stndn

Golden Member
Mar 10, 2001
1,886
0
0
Is there a way to share session variable across different subdomains? Say, a.domain.com and b.domain.com?

Background story:
So the user goes to www.domain.com, enters his login/password, and then the username is stored in $_SESSION['username'] upon valid login.
After that, the user is redirected to a.domain.com, and on this page the user is again asked for his login/password.
We found out this is due to www.domain.com having different session_id from a.domain.com, thus saving two different session variables.

Is there a way to have $_SESSION['username'] shared on www.domain.com, a.domain.com, b.domain.com, etc?

So far the only way we've found is using cookie to do that. However, we'd like to try to find a session-based solution, if any exists.

Any information/how-to/link would be appreciated -)


Thanks.
 
Z

Zugzwang152

Lifer
Oct 30, 2001
12,134
1
0
quick google found this. Apparently, they are saying that for security reasons you cannot share a session between different subdomains.

A quick workaround I can see without much thought is to change your a.domain.com to www.domain.com/a, which will make things a lot easier.
 
S

stndn

Golden Member
Mar 10, 2001
1,886
0
0
Hmm... yeah, that's the same search result i got for searching the problem...
Seems like there's no real way of doing it easily ... -(

unfortunately, changing a.domain.com to www.domain.com/a is not possible, since we actually moved from www.domain.com/a to a.domain.com in the first place ,p

and that's when the problem came -(
 
kamper

kamper

Diamond Member
Mar 18, 2003
5,513
0
0
Does php allow you to load another session if you have the correct session id? What I'm thinking is that you store the session id in a cookie when they login. Then, when they hit the other site and you find no session data for them you check the cookie, tell php which session you want and go on your way. It'd be a small piece of code up front but the rest of your site could pretend that the session was always the same.

That link was quite a different situation because
a) he didn't have subdomains, they were completely different names and
b) he didn't mind rolling his own session control system (including the database)

Have you looked at the documentation on sessions (http://www.php.net/manual/en/ref.session.php )? Some of that stuff looks interesting, particularly session_encode() and session_decode() but I haven't read too deeply. session_id() looks interesting too.
 
S

stndn

Golden Member
Mar 10, 2001
1,886
0
0
hmmm....
we actually fixed the problem by setting cookie_domain to .domain.com in php.ini.
that way, all the session cookies created will be valid for *.domain.com, instead of say, www.domain.com or a.domain.com or b.domain.com, etc ....

i was thinking of storing the session id in the cookie, too, and run session_id() before calling session_start() to reuse the same session id. Given how i didn't have the chance to try it out, i'm not sure if it would've worked, though.

anyways, given how this has worked out (at least for now), i need to go back to "working" ;)
 
Z

Zugzwang152

Lifer
Oct 30, 2001
12,134
1
0
Originally posted by: stndn
hmmm....
we actually fixed the problem by setting cookie_domain to .domain.com in php.ini.
that way, all the session cookies created will be valid for *.domain.com, instead of say, www.domain.com or a.domain.com or b.domain.com, etc ....

i was thinking of storing the session id in the cookie, too, and run session_id() before calling session_start() to reuse the same session id. Given how i didn't have the chance to try it out, i'm not sure if it would've worked, though.

anyways, given how this has worked out (at least for now), i need to go back to "working" ;)
Click to expand...

Mmmmm, I envy that you can change your php.ini so simply. i have to submit applications/beg/sacrifice my newborn babies to get anything from the systems folks at my school. we're not even running PHP 5 yet :p
 
S

stndn

Golden Member
Mar 10, 2001
1,886
0
0
Zugzwang152: Mmmmm, I envy that you can change your php.ini so simply. i have to submit applications/beg/sacrifice my newborn babies to get anything from the systems folks at my school. we're not even running PHP 5 yet
Click to expand...
for one i'm glad that i sit next to our programmer/sysadmin, and our company has our own server.
if anything fails, i'll just glance over the cubicle wall and scream at the sysadmin ;)

changing php.ini was actually his idea, since he couldn't be bothered with us keep bugging him how some things won't work, blah blah blah ... -D

777php: write session variables to sql?
Click to expand...
it might be another solution, but for now i don't think we'll ever need it.
Maybe when we start doing server load balancing.. then my "skill" from previous work might come in handy ... hopefully in time for performance review / appraisal ,)
 
Z

Zugzwang152

Lifer
Oct 30, 2001
12,134
1
0
Originally posted by: stndn
Zugzwang152: Mmmmm, I envy that you can change your php.ini so simply. i have to submit applications/beg/sacrifice my newborn babies to get anything from the systems folks at my school. we're not even running PHP 5 yet
Click to expand...
for one i'm glad that i sit next to our programmer/sysadmin, and our company has our own server.
if anything fails, i'll just glance over the cubicle wall and scream at the sysadmin ;)

changing php.ini was actually his idea, since he couldn't be bothered with us keep bugging him how some things won't work, blah blah blah ... -D

777php: write session variables to sql?
Click to expand...
it might be another solution, but for now i don't think we'll ever need it.
Maybe when we start doing server load balancing.. then my "skill" from previous work might come in handy ... hopefully in time for performance review / appraisal ,)
Click to expand...

hehe the university's main data center is located right across the hall from where i work, and yet i've never been in there, although i've attempted to try my door keycode on it, it refuses to open for me. bunch of middle-aged geezers in there, from what i can tell. oh well.
 
DannyBoy

DannyBoy

Diamond Member
Nov 27, 2002
8,820
2
81
www.danj.me
Originally posted by: Zugzwang152
Originally posted by: stndn
hmmm....
we actually fixed the problem by setting cookie_domain to .domain.com in php.ini.
that way, all the session cookies created will be valid for *.domain.com, instead of say, www.domain.com or a.domain.com or b.domain.com, etc ....

i was thinking of storing the session id in the cookie, too, and run session_id() before calling session_start() to reuse the same session id. Given how i didn't have the chance to try it out, i'm not sure if it would've worked, though.

anyways, given how this has worked out (at least for now), i need to go back to "working" ;)
Click to expand...

Mmmmm, I envy that you can change your php.ini so simply. i have to submit applications/beg/sacrifice my newborn babies to get anything from the systems folks at my school. we're not even running PHP 5 yet :p
Click to expand...

PHP 5 is a piece of crap.
 
S

stndn

Golden Member
Mar 10, 2001
1,886
0
0
Originally posted by: DnaJ
PHP 5 is a piece of crap.
Click to expand...

oh? why is it?
(no, i really don't know)

i thought php5 is better than php4, given how it supports OOP and a few other fixes...

Either way, though, the decision to use php5 was made by the uppers in our company, and us drones just have to follow the orders...
 
B

Barnaby W. Füi

Elite Member
Aug 14, 2001
12,343
0
0
Oh hey, if we're gonna get into that discussion, PHP sucks period. PHP5 has more ... uh .. "advanced" (not sure how else to say it) stuff, but in any case it's still a hacked together mess.
 
You must log in or register to reply here.

TRENDING THREADS

COMPANY
RESOURCES
FOLLOW
Top Bottom