esoteric Posted May 2, 2012 Share Posted May 2, 2012 I have recently changed server and setting things up are a right pain, after 2 days im need of some help. I have my site split into sub domains so lets say; www.domain.com one.domain.com two.domain.com three.domain.com They are to separate parts of my site which used to make it easier the manage each part, so one sub domain handles accounts and logins etc.. whilst another handles products and so on. the problem im having is all my login scripts and are on say 'one.domain.com', i can log in fine but when i visit any other domain im logged out, i can't seem to sort it out. i have tried setting my session cookie path and session cookie domain by painstakingly adding ini_set('session.save_path', '/var/www/vhosts/website.co.uk/httpdocs/tmp'); ini_set('session.cookie_domain', '.website.co.uk'); to every page, but it makes no difference, im also getting the occasional error Warning: session_start() [function.session-start]: open(/tmp/sess_d387ha6eqvj53f135q0fh4d733, O_RDWR) failed: Permission denied I have contacted my server provider by after endless messages they are no longer helping but rather keep saying 'leave it with us' then 'we fixed it' although they didnt. It doesn't help im so limited in what i have access to, i cant access the php.ini so everything has to be done via php So i would really appreciate any help getting this session problem sorted out. Thank you. Quote Link to comment https://forums.phpfreaks.com/topic/261971-session-problem-over-multiple-domains/ Share on other sites More sharing options...
rythemton Posted May 2, 2012 Share Posted May 2, 2012 This sounds like it's an issue with your hosting. In all reality, I'd switch it to be all in one domain for SEO friendliness. Google considers each sub-domain as a different domain for the purposes of tracking, so by separating your site into separate sub-domains will affect your placement in searches. If you don't care about SEO, it sounds like it will take finding someone at your hosting company that knows what they are doing. Quote Link to comment https://forums.phpfreaks.com/topic/261971-session-problem-over-multiple-domains/#findComment-1342433 Share on other sites More sharing options...
esoteric Posted May 2, 2012 Author Share Posted May 2, 2012 I understand the search engine problem but it isn't really an option, my site has been set up like this for a while and changing it now would make all paperwork and existing users links etc.. invalid. We also have business cards which point to specific sub domains so i'm not too worried about search engines. thanks you though, im trying to get help from my host but its been a long wait and very little has been done. Quote Link to comment https://forums.phpfreaks.com/topic/261971-session-problem-over-multiple-domains/#findComment-1342443 Share on other sites More sharing options...
PFMaBiSmAd Posted May 2, 2012 Share Posted May 2, 2012 When you do log in, what does the PHPSESSID cookie have for a domain setting when you look at the cookie in your browser? Are you putting the ini_set() statements before the session_start() statement? Is the ini_set() statement enabled on your server? You should be able to put php settings into a local php.ini (when php is running as a CGI application) or into a .htaccess file (on Apache when php is running as an Apache Module.) What does a phpinfo statement show for the session.auto_start setting? Quote Link to comment https://forums.phpfreaks.com/topic/261971-session-problem-over-multiple-domains/#findComment-1342444 Share on other sites More sharing options...
PFMaBiSmAd Posted May 2, 2012 Share Posted May 2, 2012 Also, what does a phpinfo statement show for the session.cookie_path setting? Quote Link to comment https://forums.phpfreaks.com/topic/261971-session-problem-over-multiple-domains/#findComment-1342448 Share on other sites More sharing options...
esoteric Posted May 2, 2012 Author Share Posted May 2, 2012 The cookie name is my website name without the www. (so domain.co.uk) the top of my php pages looks like this <? ini_set('session.save_path', '/var/www/vhosts/xxxxx.co.uk/httpdocs/tmp'); ini_set('session.cookie_domain', '.xxxxx.co.uk'); session_start(); I dont have access to the php.ini which i was surprised about, they wont let me change anything, i tried adding it to my htaccess it just stopped me logging in at all. session.auto_start = Off session.cookie_path = / Thank you Quote Link to comment https://forums.phpfreaks.com/topic/261971-session-problem-over-multiple-domains/#findComment-1342456 Share on other sites More sharing options...
esoteric Posted May 2, 2012 Author Share Posted May 2, 2012 oh and i created the folder at 'xxxxx.co.uk/httpdocs/tmp' and gave it full permission (777) Quote Link to comment https://forums.phpfreaks.com/topic/261971-session-problem-over-multiple-domains/#findComment-1342457 Share on other sites More sharing options...
xyph Posted May 2, 2012 Share Posted May 2, 2012 The cookie name is my website name without the www. (so domain.co.uk) Use a tool that lets you see the raw headers. In Chrome, ctrl+shift+j will open the debug window, and under the Resources tab, there's a 'Cookie' option on the left. This gives details about the actual cookies being set. The 'domain' value is what PFMaBiSmAd wants to confirm. There may be cases where changing the value using ini_set doesn't actually change the behaviour. Quote Link to comment https://forums.phpfreaks.com/topic/261971-session-problem-over-multiple-domains/#findComment-1342459 Share on other sites More sharing options...
PFMaBiSmAd Posted May 2, 2012 Share Posted May 2, 2012 Does the PHPSESSID cookie domain setting have the leading dot as part of it? Is there more than one PHPSESSID cookie, for different variations of your domain, that are left over from previous testing? You may need to delete them all so that a new one that matches the current session.cookie settings will get created. When you log in under one sub-domain, look at the value (content) in the PHPSESSID cookie, then navigate to a different sub-domain and check the PHPSESSID cookie value (content) again. Are those two values the same? Quote Link to comment https://forums.phpfreaks.com/topic/261971-session-problem-over-multiple-domains/#findComment-1342460 Share on other sites More sharing options...
esoteric Posted May 2, 2012 Author Share Posted May 2, 2012 Is this the info you wanted? i had to download a addon for firefox to see it name - PHPSESSID host - .xxxxxxxxx.co.uk content - 7qpi4boe4n5rf26hha1tqh45p5 path - / and the host does have the . at the start. I deleted all other cookies, this is the only one i have from a fresh login attempt. I cant test it from another domain because i would need to shift a whole load of script about to do it, but if need to in order to find the problem i will? Quote Link to comment https://forums.phpfreaks.com/topic/261971-session-problem-over-multiple-domains/#findComment-1342467 Share on other sites More sharing options...
xyph Posted May 2, 2012 Share Posted May 2, 2012 And that session cookie shows up when accessing both one.domain.com and domain.com ? Quote Link to comment https://forums.phpfreaks.com/topic/261971-session-problem-over-multiple-domains/#findComment-1342470 Share on other sites More sharing options...
PFMaBiSmAd Posted May 2, 2012 Share Posted May 2, 2012 The only thing I asked you to do is to navigate to a different sub-domain and recheck the value. Any chance you are using https on some of these sub-domains and not on others? Quote Link to comment https://forums.phpfreaks.com/topic/261971-session-problem-over-multiple-domains/#findComment-1342471 Share on other sites More sharing options...
esoteric Posted May 3, 2012 Author Share Posted May 3, 2012 I got a reply from my host, he said he new the problem and has to reset my sessions, needless to say that didn't do anything as i expected but he also said I would suggest you set /tmp as the save session path this way it will correctly write to the servers /tmp folder ensuring permissions are consistent. But im not sure what he means, how would i change this to make that change, anything i try give me 'ini_set() [function.ini-set]: SAFE MODE Restriction in effect', safe mode is off. ini_set('session.save_path', '/var/www/vhosts/xxxx.co.uk/httpdocs/tmp'); Quote Link to comment https://forums.phpfreaks.com/topic/261971-session-problem-over-multiple-domains/#findComment-1342646 Share on other sites More sharing options...
Jessica Posted May 3, 2012 Share Posted May 3, 2012 Do you have access to php.ini file? Quote Link to comment https://forums.phpfreaks.com/topic/261971-session-problem-over-multiple-domains/#findComment-1342649 Share on other sites More sharing options...
esoteric Posted May 3, 2012 Author Share Posted May 3, 2012 No, bit of a pain Quote Link to comment https://forums.phpfreaks.com/topic/261971-session-problem-over-multiple-domains/#findComment-1342651 Share on other sites More sharing options...
Jessica Posted May 3, 2012 Share Posted May 3, 2012 Then reply to him and tell him you can't set it. Quote Link to comment https://forums.phpfreaks.com/topic/261971-session-problem-over-multiple-domains/#findComment-1342653 Share on other sites More sharing options...
xyph Posted May 3, 2012 Share Posted May 3, 2012 Also, NEVER set your session save directory to a folder inside of your web root. Always in a place that can't be accessed by the outside world. Quote Link to comment https://forums.phpfreaks.com/topic/261971-session-problem-over-multiple-domains/#findComment-1342714 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.