sessions on a subdomain

[meddiecap]

Hi,

 

I have a website and a (sort of) personalized subdomain.

When someone logs in at www.domain.com, he has to be sent to myname.domain.com.

 

Right now, this user has to go to myname.domain.com and then login.

 

Also, i'm saving the session files in a folder on that subdomain (so: myname.domain.com/sessions). I'm doing this because I had a problem with users always being logged out after 30-45 minutes even though I had the correct settings in the php.ini

 

Can someone explain how I can transport the session to the subdomain? I've read about "ini_set('session.cookie_domain', '.domain.com');", but i'm not using cookies.

 

 

[PFMaBiSmAd]

Be default, the session id is passed in a cookie. Are you saying that you are not passing the session id using a cookie?

[meddiecap]

as far as i know, i save the sessions as a file (or in a file) on the server.

 

i'm not sure if i say something stupid right now, but don't save anything in a cookie, or is there ALWAYS a cookie?

[teamatomic]

Whether you save any session data in a cookie is up to you but as default the sessionID is sent in a cookie to a user, otherwise as a stateless unit how would you know what user is associated with what session as we all know how well(or not) privacy is guarded by the browser to not reveal who/what you are. the only other choice is to append the url with the session ID, which can be automatic also, if so desired.

read this for a real good overview:

http://www.serverwatch.com/tutorials/article.php/10825_3588671_1/Apache-Session-Management-Within-Dynamic-Sites.htm

 

 

I think you have done all you can. sessions are handled at the server level. The most you can do is control the name and location as well as garbage collection.

 

 

HTH

Teamatomic

[jl5501]

AFAIK if you start a session in the main or default (www) subdomain then it is available across the site.

 

If however you start the session in another subdomain, then it is not.

 

it is worth trying this code in all your files where you are using session data

 

session_set_cookie_params(0, '/', '.example.com');
session_start(); 

[gizmola]

as far as i know, i save the sessions as a file (or in a file) on the server.

 

i'm not sure if i say something stupid right now, but don't save anything in a cookie, or is there ALWAYS a cookie?

 

Using sessions, each page request gets bound to previous ones by a session id.  There are 2 ways the sessions ID can be passed:

 

1. As a url parameter

2. As a cookie

 

Out of the box, PHP will utilize a cookie.

 

Cookies are a mechanism of the browser.  A server can request that the browser save a cookie.  The specifics of that can vary, but what what is important is the domain of the cookie.  If you have domain/subdomain specific issues you may need to look into those specifics.  In general, if you create a cookie for mydomain.com, it is good for any subdomains.

 

By default, php sessions use the hostname of the server as the domain for the cookie.  You can verify what is configured like this:

 

$parms = session_get_cookie_params();
echo $parms['domain'];

 

So assuming this is the problem, both sites will need an adjustment to the base session management if they are to share sessions.  You can set this prior to starting sessions like so:

 

session_set_cookie_params(0, '/', '.yourdomain.com');
session_start();