Php sessions across subdomains

[phpsycho]

I was wondering how to allow php sessions to be held and used across all sub domains securely?

 

Thanks! 

[Eiolon]

Typically, a sub domain is just another directory in the your domains root (ie. domain.com/sub).  It's just DNS settings that make it accessible with the directory name infront of the domain (ie. sub.domain.com)

 

So with that in mind, handle sessions as you normally would.  Use session_start(); at the top of each page you are passing it to, and if in a shared hosting environment, consider storing session information in a database.

[PFMaBiSmAd]

See the domain parameter at this link - http://www.php.net/manual/en/function.session-set-cookie-params.php

[phpsycho]

Okay so using this:

session_set_cookie_params(0, '/', '.example.com'); 
session_start(); 

 

Would do the trick? and thats secure, correct? I'm confused with the "set_cookie".. is that setting a cookie to your browser with session data in it? If so.. that can't be very secure I would imagine.. 

Secure: If TRUE cookie will only be sent over secure connections.

can you define "secure connection"?

 

Thanks again

[PFMaBiSmAd]

The session cookie is the session ID cookie, that carries the session id.

 

A secure connection refers to a HTTPS connection.

[phpsycho]

ah alright, so just the id of the session, no other data. Feeling better about this lol.

 

Instead of using that code I posted, does setting this option: session.cookie_domain = .mydomain.com

in the php.ini file gunna do the same? Because it seems much more simpler to just do it that way.

[PFMaBiSmAd]

Yes, you can put settings in the php.ini to avoid needing to add lines of code to set them in each individual script.

[phpsycho]

Okay great!

Thanks very much!