Bengo Posted April 24, 2009 Share Posted April 24, 2009 Hi, Im developing a large auction website with 5 sub-domains, my major problem is that once I login from either of the 5 sub-domains I cannot access secure pages in the other sub-domains because the session variables do not work across the sub-domains. This means that I have to login in every sub-domain to be able to access secure functions and pages. Does anyone have a solution for this. I have used the following code session_set_cookie_params(30 * 60, '/','.sokomart.co.ke'); This works perfectly in my local host. Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted April 24, 2009 Share Posted April 24, 2009 Are you switching between http and https on the live sites but were not actually switching between http and https on your localhost while testing? Quote Link to comment Share on other sites More sharing options...
Bengo Posted April 26, 2009 Author Share Posted April 26, 2009 Thank you for the response. I am only using HTTP, both in my local server and also in the hosted website. Please checkout http://www.sokomart.co.ke and see exactly what i mean. Your quick support will be highly appreciated Quote Link to comment Share on other sites More sharing options...
ToonMariner Posted April 26, 2009 Share Posted April 26, 2009 http://uk.php.net/manual/en/function.session-set-cookie-params.php if you set the $domain part then .site.com should allow use across sub-domains also... Quote Link to comment Share on other sites More sharing options...
thebadbad Posted April 26, 2009 Share Posted April 26, 2009 http://uk.php.net/manual/en/function.session-set-cookie-params.php if you set the $domain part then .site.com should allow use across sub-domains also... That's what he did. @ the OP Did you see the responses to another thread of yours? Found it on Google If those aren't resolving anything, check these posts from the manual: http://dk.php.net/manual/en/function.session-set-cookie-params.php#83484 i found it somewhat difficult to work with sessions due to the documentation not really denoting the necessity for the session name to be set via session_name() in order for session_set_cookie_params() to be of any use. i found no reference to session_name() in this article, and my session functions would have been a disastrous mess were it not for a friend familiar with session. so, in essence, for anybody wondering about where to start: declare a session name before using session_set_cookie_params(), otherwise you might agitate php to the point of committing some atrocity against your webserver. http://dk2.php.net/manual/en/function.session-name.php#89090 Remember, kids--you MUST use session_name() first if you want to use session_set_cookie_params() to, say, change the session timeout. Otherwise it won't work, won't give any error, and nothing in the documentation (that I've seen, anyway) will explain why. Thanks to brandan of bildungsroman.com who left a note under session_set_cookie_params() explaining this or I'd probably still be throwing my hands up about it. Quote Link to comment Share on other sites More sharing options...
Bengo Posted April 27, 2009 Author Share Posted April 27, 2009 Hi, I am saving login info like user_ID, User_Level etc in session variables which I expect to be available accross all sub-domains. I also have a common header.php file in each sub-domain with the following code at the top as guided in the posts above; ini_set('session.cookie_domain', '.sokomart.co.ke'); session_set_cookie_params(30 * 60, '/','.sokomart.co.ke'); session_start(); its still not working, what could I be doing wrong? Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted April 27, 2009 Share Posted April 27, 2009 What do you get when you add the following two lines immediately after the <?php tag (put them before the ini_set() statement) - ini_set ("display_errors", "1"); error_reporting(E_ALL); Quote Link to comment Share on other sites More sharing options...
thebadbad Posted April 27, 2009 Share Posted April 27, 2009 The posts I linked to say that session_name() should be called before session_set_cookie_params(), in order for it to work. Did you try that? Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted April 27, 2009 Share Posted April 27, 2009 The only way that using session_name() would have an effect for the individual that posted that information is if their session.name setting was messed up and setting it to a valid value allowed sessions to start working. The session_name() and session_set_cookie_params() functions literally only replace the current ini settings that get used when session_start() is executed. Here is the C code for session_name - PHP_FUNCTION(session_name) { zval **p_name; int ac = ZEND_NUM_ARGS(); char *old; if (ac < 0 || ac > 1 || zend_get_parameters_ex(ac, &p_name) == FAILURE) WRONG_PARAM_COUNT; old = estrdup(PS(session_name)); if (ac == 1) { convert_to_string_ex(p_name); zend_alter_ini_entry("session.name", sizeof("session.name"), Z_STRVAL_PP(p_name), Z_STRLEN_PP(p_name), PHP_INI_USER, PHP_INI_STAGE_RUNTIME); } RETVAL_STRING(old, 0); } The C code for session_set_cookie_params() - PHP_FUNCTION(session_set_cookie_params) { zval **lifetime, **path, **domain, **secure, **httponly; if (!PS(use_cookies)) return; if (ZEND_NUM_ARGS() < 1 || ZEND_NUM_ARGS() > 5 || zend_get_parameters_ex(ZEND_NUM_ARGS(), &lifetime, &path, &domain, &secure, &httponly) == FAILURE) WRONG_PARAM_COUNT; convert_to_string_ex(lifetime); zend_alter_ini_entry("session.cookie_lifetime", sizeof("session.cookie_lifetime"), Z_STRVAL_PP(lifetime), Z_STRLEN_PP(lifetime), PHP_INI_USER, PHP_INI_STAGE_RUNTIME); if (ZEND_NUM_ARGS() > 1) { convert_to_string_ex(path); zend_alter_ini_entry("session.cookie_path", sizeof("session.cookie_path"), Z_STRVAL_PP(path), Z_STRLEN_PP(path), PHP_INI_USER, PHP_INI_STAGE_RUNTIME); if (ZEND_NUM_ARGS() > 2) { convert_to_string_ex(domain); zend_alter_ini_entry("session.cookie_domain", sizeof("session.cookie_domain"), Z_STRVAL_PP(domain), Z_STRLEN_PP(domain), PHP_INI_USER, PHP_INI_STAGE_RUNTIME); if (ZEND_NUM_ARGS() > 3) { convert_to_long_ex(secure); zend_alter_ini_entry("session.cookie_secure", sizeof("session.cookie_secure"), Z_BVAL_PP(secure)?"1":"0", 1, PHP_INI_USER, PHP_INI_STAGE_RUNTIME); } if (ZEND_NUM_ARGS() > 4) { convert_to_long_ex(httponly); zend_alter_ini_entry("session.cookie_httponly", sizeof("session.cookie_httponly"), Z_BVAL_PP(httponly)?"1":"0", 1, PHP_INI_USER, PHP_INI_STAGE_RUNTIME); } } } } session_set_cookie_params() works correctly for me with and without session_name() being used before or after it. It's more likely that session.auto_start is ON and nothing being done in the script has an affect on sessions. Quote Link to comment Share on other sites More sharing options...
Bengo Posted April 28, 2009 Author Share Posted April 28, 2009 Hi, Apology the link I directed you to was down, Its now back http://www.sokomart.co.ke . I used the ini_set ("display_errors", "1"); error_reporting(E_ALL); code as directed, got a couple of syntax errors that I corrected. But my sub-domain issue is not corrected at all. Even after repeating the ini_set('session.cookie_domain', '.sokomart.co.ke'); session_set_cookie_params(30 * 60, '/','.sokomart.co.ke'); session_start(); in all pages in all sub-domains. I still don't understand why it works on my local machine using http://localhost/sokomart but fails when it gets online. Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted April 28, 2009 Share Posted April 28, 2009 It works on your local machine because you are not using or switching subdomains. Provide examples of two of your subdomains you are attempting to use which don't work when you switch between them. On your live server are your subdomains on the same server? If they happen to be on different servers, sessions using the default file save handler won't work between the subdomains because the location where the session data files are saved at is not the same for each server. Provide information as to what your live server(s) are organized as. Quote Link to comment Share on other sites More sharing options...
Bengo Posted May 7, 2009 Author Share Posted May 7, 2009 Hello again, I proceeded with some programming on the website and I still can't figure out what is blocking the session functionality on the sub domains. Check the sub domains below http://motors.sokomart.co.ke http://property.sokomart.co.ke http://jobs.sokomart.co.ke Let me ask could there be another way of handling sessions between sub domains? Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.