• We’re currently investigating an issue related to the forum theme and styling that is impacting page layout and visual formatting. The problem has been identified, and we are actively working on a resolution. There is no impact to user data or functionality, this is strictly a front-end display issue. We’ll post an update once the fix has been deployed. Thanks for your patience while we get this sorted.

php question: session sharing across subdomains

S

stndn

Golden Member
Is there a way to share session variable across different subdomains? Say, a.domain.com and b.domain.com?

Background story:
So the user goes to www.domain.com, enters his login/password, and then the username is stored in $_SESSION['username'] upon valid login.
After that, the user is redirected to a.domain.com, and on this page the user is again asked for his login/password.
We found out this is due to www.domain.com having different session_id from a.domain.com, thus saving two different session variables.

Is there a way to have $_SESSION['username'] shared on www.domain.com, a.domain.com, b.domain.com, etc?

So far the only way we've found is using cookie to do that. However, we'd like to try to find a session-based solution, if any exists.

Any information/how-to/link would be appreciated -)


Thanks.
 
quick google found this. Apparently, they are saying that for security reasons you cannot share a session between different subdomains.

A quick workaround I can see without much thought is to change your a.domain.com to www.domain.com/a, which will make things a lot easier.
 
Hmm... yeah, that's the same search result i got for searching the problem...
Seems like there's no real way of doing it easily ... -(

unfortunately, changing a.domain.com to www.domain.com/a is not possible, since we actually moved from www.domain.com/a to a.domain.com in the first place ,p

and that's when the problem came -(
 
Does php allow you to load another session if you have the correct session id? What I'm thinking is that you store the session id in a cookie when they login. Then, when they hit the other site and you find no session data for them you check the cookie, tell php which session you want and go on your way. It'd be a small piece of code up front but the rest of your site could pretend that the session was always the same.

That link was quite a different situation because
a) he didn't have subdomains, they were completely different names and
b) he didn't mind rolling his own session control system (including the database)

Have you looked at the documentation on sessions (http://www.php.net/manual/en/ref.session.php )? Some of that stuff looks interesting, particularly session_encode() and session_decode() but I haven't read too deeply. session_id() looks interesting too.
 
hmmm....
we actually fixed the problem by setting cookie_domain to .domain.com in php.ini.
that way, all the session cookies created will be valid for *.domain.com, instead of say, www.domain.com or a.domain.com or b.domain.com, etc ....

i was thinking of storing the session id in the cookie, too, and run session_id() before calling session_start() to reuse the same session id. Given how i didn't have the chance to try it out, i'm not sure if it would've worked, though.

anyways, given how this has worked out (at least for now), i need to go back to "working" 😉
 
Originally posted by: stndn
hmmm....
we actually fixed the problem by setting cookie_domain to .domain.com in php.ini.
that way, all the session cookies created will be valid for *.domain.com, instead of say, www.domain.com or a.domain.com or b.domain.com, etc ....

i was thinking of storing the session id in the cookie, too, and run session_id() before calling session_start() to reuse the same session id. Given how i didn't have the chance to try it out, i'm not sure if it would've worked, though.

anyways, given how this has worked out (at least for now), i need to go back to "working" 😉
Click to expand...

Mmmmm, I envy that you can change your php.ini so simply. i have to submit applications/beg/sacrifice my newborn babies to get anything from the systems folks at my school. we're not even running PHP 5 yet 😛
 
Zugzwang152: Mmmmm, I envy that you can change your php.ini so simply. i have to submit applications/beg/sacrifice my newborn babies to get anything from the systems folks at my school. we're not even running PHP 5 yet
Click to expand...
for one i'm glad that i sit next to our programmer/sysadmin, and our company has our own server.
if anything fails, i'll just glance over the cubicle wall and scream at the sysadmin 😉

changing php.ini was actually his idea, since he couldn't be bothered with us keep bugging him how some things won't work, blah blah blah ... -D

777php: write session variables to sql?
Click to expand...
it might be another solution, but for now i don't think we'll ever need it.
Maybe when we start doing server load balancing.. then my "skill" from previous work might come in handy ... hopefully in time for performance review / appraisal ,)
 
Originally posted by: stndn
Zugzwang152: Mmmmm, I envy that you can change your php.ini so simply. i have to submit applications/beg/sacrifice my newborn babies to get anything from the systems folks at my school. we're not even running PHP 5 yet
Click to expand...
for one i'm glad that i sit next to our programmer/sysadmin, and our company has our own server.
if anything fails, i'll just glance over the cubicle wall and scream at the sysadmin 😉

changing php.ini was actually his idea, since he couldn't be bothered with us keep bugging him how some things won't work, blah blah blah ... -D

777php: write session variables to sql?
Click to expand...
it might be another solution, but for now i don't think we'll ever need it.
Maybe when we start doing server load balancing.. then my "skill" from previous work might come in handy ... hopefully in time for performance review / appraisal ,)
Click to expand...

hehe the university's main data center is located right across the hall from where i work, and yet i've never been in there, although i've attempted to try my door keycode on it, it refuses to open for me. bunch of middle-aged geezers in there, from what i can tell. oh well.
 
Originally posted by: Zugzwang152
Originally posted by: stndn
hmmm....
we actually fixed the problem by setting cookie_domain to .domain.com in php.ini.
that way, all the session cookies created will be valid for *.domain.com, instead of say, www.domain.com or a.domain.com or b.domain.com, etc ....

i was thinking of storing the session id in the cookie, too, and run session_id() before calling session_start() to reuse the same session id. Given how i didn't have the chance to try it out, i'm not sure if it would've worked, though.

anyways, given how this has worked out (at least for now), i need to go back to "working" 😉
Click to expand...

Mmmmm, I envy that you can change your php.ini so simply. i have to submit applications/beg/sacrifice my newborn babies to get anything from the systems folks at my school. we're not even running PHP 5 yet 😛
Click to expand...

PHP 5 is a piece of crap.
 
Originally posted by: DnaJ
PHP 5 is a piece of crap.
Click to expand...

oh? why is it?
(no, i really don't know)

i thought php5 is better than php4, given how it supports OOP and a few other fixes...

Either way, though, the decision to use php5 was made by the uppers in our company, and us drones just have to follow the orders...
 
Oh hey, if we're gonna get into that discussion, PHP sucks period. PHP5 has more ... uh .. "advanced" (not sure how else to say it) stuff, but in any case it's still a hacked together mess.
 
You must log in or register to reply here.

TRENDING THREADS

Back
Top