SESSION across subdomain

[Kaboom]

Because my entire script is coded around a session right now I don't want to convert everything to cookies because, as I have tried before, I always fail and it doesn't work regardless. Now we have two seperate places but the session won't stick, even when using the .htaccess thing. We have http://secure.stephanddarryn.com/www/login/ and it works and holds a session, IN SECURE but wont from http://secure.stephanddarryn.com/www/login/ to http://www.stephanddarryn.com/ for them to browse, which it is supposed to do. the subdomains make it look more professional but it won't hold, how can I fix this?

 

 

EDIT: we were using "ini_set("session.cookie_domain", ".stephanddarryn.com");" but isnt working since not using cookies

[PFMaBiSmAd]

You need to set the session.cookie-domain to .stephanddarryn.com

 

Ref: http://us2.php.net/manual/en/session.configuration.php#ini.session.cookie-domain

 

[Kaboom]

I just edited mine, we were using that but it's not using cookies for the session so it will log them out after they close browser

 

ini_set("session.cookie_domain", ".stephanddarryn.com");

[PFMaBiSmAd]

How do you know you are not using cookies to pass the session id?

[Kaboom]

When they login it uses

 

$_SESSION["user"] = login($_POST["name"], md5($_POST["pass"]));

 

and everything from there is in SESSION with user, like a temporary string or something

[PFMaBiSmAd]

That's a session variable, not the session id that I asked about.

 

Do you in fact know how the session id is being propagated between pages by the browser on your system?

 

Do your links contain something that looks like this - http://your_doamin.com/your_file.php?PHPSESSID=son0gdkjfmahc6ve52l0l65mn6

[Kaboom]

No. There isn't a session id that I know of

[PFMaBiSmAd]

Then your session id IS being propagated between pages by the browser using a cookie and in order for it to match all variations of your domain, you will need to get the ini_set("session.cookie_domain", ".stephanddarryn.com"); to work.

 

You must set the session.cookie_domain before every session_start() statement. It is best to globally set it in the master php.ini (when you have access to the master php.ini), in a local php,ini (when php is running as a CGI application), in a .htaccess file (when php is running as an Apache Module), or finally in your script if you don't have access to any of the other methods.

[Kaboom]

I HAD that there but it wan't working, I will have it added to my PHP.ini i guess.

[PFMaBiSmAd]

Have you done anything to troubleshoot if the session id has the same value on the www. page that it has on the page where it was set? For all we can tell, you don't have a session_start() statement on the www. page and the session does not exist or you are changing the path of the page and the session.cookie_path is not set to '/' so that it would match any path other then where the session id cookie is being set.

[Kaboom]

I include global.php and at the very top of that I have session_start(); and the part that's pissing me off about this is it used to work when it was in same folder but now it stopped.

[PFMaBiSmAd]

it used to work when it was in same folder

 

Meaning what? Different paths on the end of the URL? If so, go back and read in my last post above about the session.cookie_path setting.

[Kaboom]

No like login.php and index.php where in the same folder at one point in time. Ex:

 

/home/user/public_html/www/

 

I then moved my login file to a new folder and renamed it to be the default in that folder. Ex:

 

/home/user/public_html/secure/www/login/

 

For some reason now that it's in it's own subdomain the login script is not storing the session for my domain even with the code for php.session_domain and cookies at .stephanddarryn.com. For some odd reason it won't actually log you in anymore and I can't for the life of me get it to stay. Get what I mean? I'll try another thing and see if it works.