Jump to content

PHP 5 sessions sub-domain problem

Bengo

By Bengo
in PHP Coding Help

 Share

Recommended Posts

Bengo Newbie

Bengo

Posted
Posted

Hi, Im developing a large auction website with 5 sub-domains, my major problem is that once I login from either of the 5 sub-domains I cannot access secure pages in the other sub-domains because the session variables do not work across the sub-domains. This means that I have to login in every sub-domain to be able to access secure functions and pages. Does anyone have a solution for this. I have used the following code

 

session_set_cookie_params(30 * 60, '/','.sokomart.co.ke');

 

This works perfectly in my local host.

Link to comment
Share on other sites
thebadbad Newbie

thebadbad

Posted
Posted

http://uk.php.net/manual/en/function.session-set-cookie-params.php

 

if you set the $domain part then .site.com should allow use across sub-domains also...

 

That's what he did.

 

@ the OP

Did you see the responses to another thread of yours? Found it on Google ;) If those aren't resolving anything, check these posts from the manual:

 

http://dk.php.net/manual/en/function.session-set-cookie-params.php#83484

i found it somewhat difficult to work with sessions due to the documentation not really denoting the necessity for the session name to be set via session_name() in order for session_set_cookie_params() to be of any use.  i found no reference to session_name() in this article, and my session functions would have been a disastrous mess were it not for a friend familiar with session.

 

so, in essence, for anybody wondering about where to start: declare a session name before using session_set_cookie_params(), otherwise you might agitate php to the point of committing some atrocity against your webserver.

 

http://dk2.php.net/manual/en/function.session-name.php#89090

Remember, kids--you MUST use session_name() first if you want to use session_set_cookie_params() to, say, change the session timeout. Otherwise it won't work, won't give any error, and nothing in the documentation (that I've seen, anyway) will explain why.

 

Thanks to brandan of bildungsroman.com who left a note under session_set_cookie_params() explaining this or I'd probably still be throwing my hands up about it.

Link to comment
Share on other sites
Bengo Newbie

Bengo

Posted
  • Author
Posted

Hi, I am saving login info like user_ID, User_Level etc  in session variables which I expect to be available accross all sub-domains. I also have a common header.php file in each sub-domain with the following code at the top as guided in the posts above;

 

ini_set('session.cookie_domain', '.sokomart.co.ke');

session_set_cookie_params(30 * 60, '/','.sokomart.co.ke');

session_start();

 

its still not working, what could I be doing wrong?

Link to comment
Share on other sites
PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

The only way that using session_name() would have an effect for the individual that posted that information is if their session.name setting was messed up and setting it to a valid value allowed sessions to start working.

 

The session_name() and session_set_cookie_params() functions literally only replace the current ini settings that get used when session_start() is executed.

 

Here is the C code for session_name -

 

PHP_FUNCTION(session_name)
{
zval **p_name;
int ac = ZEND_NUM_ARGS();
char *old;

if (ac < 0 || ac > 1 || zend_get_parameters_ex(ac, &p_name) == FAILURE)
	WRONG_PARAM_COUNT;

old = estrdup(PS(session_name));

if (ac == 1) {
	convert_to_string_ex(p_name);
	zend_alter_ini_entry("session.name", sizeof("session.name"), Z_STRVAL_PP(p_name), Z_STRLEN_PP(p_name), PHP_INI_USER, PHP_INI_STAGE_RUNTIME);
}

RETVAL_STRING(old, 0);
}

 

The C code for session_set_cookie_params() -

 

PHP_FUNCTION(session_set_cookie_params)
{
zval **lifetime, **path, **domain, **secure,  **httponly;

if (!PS(use_cookies))
	return;

if (ZEND_NUM_ARGS() < 1 || ZEND_NUM_ARGS() > 5 ||
	zend_get_parameters_ex(ZEND_NUM_ARGS(), &lifetime, &path, &domain, &secure, &httponly) == FAILURE)
	WRONG_PARAM_COUNT;

convert_to_string_ex(lifetime);
zend_alter_ini_entry("session.cookie_lifetime", sizeof("session.cookie_lifetime"), Z_STRVAL_PP(lifetime), Z_STRLEN_PP(lifetime), PHP_INI_USER, PHP_INI_STAGE_RUNTIME);

if (ZEND_NUM_ARGS() > 1) {
	convert_to_string_ex(path);
	zend_alter_ini_entry("session.cookie_path", sizeof("session.cookie_path"), Z_STRVAL_PP(path), Z_STRLEN_PP(path), PHP_INI_USER, PHP_INI_STAGE_RUNTIME);

	if (ZEND_NUM_ARGS() > 2) {
		convert_to_string_ex(domain);
		zend_alter_ini_entry("session.cookie_domain", sizeof("session.cookie_domain"), Z_STRVAL_PP(domain), Z_STRLEN_PP(domain), PHP_INI_USER, PHP_INI_STAGE_RUNTIME);
		if (ZEND_NUM_ARGS() > 3) {
			convert_to_long_ex(secure);
			zend_alter_ini_entry("session.cookie_secure", sizeof("session.cookie_secure"), Z_BVAL_PP(secure)?"1":"0", 1, PHP_INI_USER, PHP_INI_STAGE_RUNTIME);
		}
		    if (ZEND_NUM_ARGS() > 4) {
		    	    convert_to_long_ex(httponly);
			    zend_alter_ini_entry("session.cookie_httponly", sizeof("session.cookie_httponly"), Z_BVAL_PP(httponly)?"1":"0", 1, PHP_INI_USER, PHP_INI_STAGE_RUNTIME);
		    }
	}
}
}

 

session_set_cookie_params() works correctly for me with and without session_name() being used before or after it.

 

It's more likely that session.auto_start is ON and nothing being done in the script has an affect on sessions.

Link to comment
Share on other sites
Bengo Newbie

Bengo

Posted
  • Author
Posted

Hi, Apology the link I directed you to was down, Its now back http://www.sokomart.co.ke . I used the

 

ini_set ("display_errors", "1");

error_reporting(E_ALL);

 

code as directed, got a couple of syntax errors that I corrected. But my sub-domain issue is not corrected at all. Even after repeating the

 

ini_set('session.cookie_domain', '.sokomart.co.ke');

session_set_cookie_params(30 * 60, '/','.sokomart.co.ke');

session_start();

 

in all pages in all sub-domains. I still don't understand why it works on my local machine using http://localhost/sokomart but fails when it gets online.

Link to comment
Share on other sites
PFMaBiSmAd Advanced Member

PFMaBiSmAd

Posted
Posted

It works on your local machine because you are not using or switching subdomains. Provide examples of two of your subdomains you are attempting to use which don't work when you switch between them.

 

On your live server are your subdomains on the same server? If they happen to be on different servers, sessions using the default file save handler won't work between the subdomains because the location where the session data files are saved at is not the same for each server.

 

Provide information as to what your live server(s) are organized as.

 

 

Link to comment
Share on other sites
  • 2 weeks later...
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.