Jump to content

Allow subdomains to access session data


jasonc310771

Recommended Posts

I am wanting to access session data on all subdomains.  I have tried to add session.cookie_domain = '.yourdomainname.example' (with my domain name) to php.ini But no change.

using the following..

if(isset($_COOKIE['session_id']))
            session_id($_COOKIE['session_id']);
        session_start();
        if(!isset($_COOKIE['session_id']))
            setcookie('session_id', session_id(), 0, '/', '.yourdomainname.example');

All works fine, but I have been told that I should not be setting sessions this way ?

How do I correctly configure the server to allow this ?

Edited by jasonc310771
Link to comment
Share on other sites

Are you wanting to use $_SESSION (data stored server side) or $_COOKIE (data stored client side)?

Others can correct me if I'm wrong, but I don't think session.cookie_domain applies to $_COOKIE. Whether (sub)domain(s) have access to $_COOKIE is determined by the corresponding argument in setcookie(). Of course, it has been a while since I've needed to deal with either $_SESSION or $_COOKIE.

Link to comment
Share on other sites

 A cookie has an argument that indicates how wide in the domain it can be read.  A session doesn't.  PHP sets the session up and re-opens it when you return to the session by accepting a submit from the client.  The session has nothing to do with domains  If it does, I"ll have learned something new today

Link to comment
Share on other sites

1 hour ago, ginerjm said:

A cookie has an argument that indicates how wide in the domain it can be read.  A session doesn't.

The session ID is stored in a regular cookie, just like any other cookie data you would want to set.  It has all the same cookie parameters, which can be configured with session_set_cookie_params.

 

@jasonc310771

So long as the session cookie is setup with a domain parameter that allows it to be used on sub-domains, there should not be any issues with your session id carrying between domains.  If the server-side code for both domains has access to the same session storage back end then sharing the data should work as well.  If the two domains are hosted on different servers and you're using regular file based session handling, then the data won't carry over since the second server would not have access to the first server's session files.

Have you checked if the session ID is being carried between domains by inspecting the requests your browser makes using it's dev tools?  If it's not, try using the session_set_cookie_params function to setup your domain parameter prior to calling session_start().

 

Link to comment
Share on other sites

I still do not know enough about $_SESSION

The main domain example.com is where they login. I have the user data is stored in $_SESSION['user'] as an array. Once logged in they get taken to members.example.com and $_SESSION['user'] is no longer available. All pages have session_start(); at the start (no spaces or anything outputted before)

Some time ago in some forum I tried to get help in, suggested I should not use the second method that actually worked as it should work automatically without the extra code. Just use session_start();

So confused as to why it does not automatically work ?

Link to comment
Share on other sites

3 hours ago, jasonc310771 said:

So confused as to why it does not automatically work ?

It does automatically work. It just doesn't automatically work the specific way you want it to.

kicken said to use session_set_cookie_params. Have you done that yet?

Link to comment
Share on other sites

  • 2 weeks later...
On 5/13/2023 at 8:00 PM, jasonc310771 said:

I still do not know enough about $_SESSION

The main domain example.com is where they login. I have the user data is stored in $_SESSION['user'] as an array. Once logged in they get taken to members.example.com and $_SESSION['user'] is no longer available.

So confused as to why it does not automatically work ?

Everything I'm going to say, is based on the default behavior of php sessions.  Session behavior can be altered by changing php configuration variables or in most cases, overriding the runtime variables in your script prior to doing anything else.  You need to verify what these settings are for your specific installation.

Sessions, by default are simply files stored on the server, that contain the contents of the $_SESSION array in serialized form.  These variables are serialized/deserialized during the runtime of a php script.

The way the server associates a session file on the server with a user, is via a cookie.   The default name for that cookie is PHPSESSID

The full list of runtime session configuration variables is here.

So let us look at the code you provided:

if (isset($_COOKIE['session_id']))
    session_id($_COOKIE['session_id']);
session_start();
if(!isset($_COOKIE['session_id']))
    setcookie('session_id', session_id(), 0, '/', '.yourdomainname.example');

So a few things to point out about this code:

  • It exists to change the name of the cookie from 'PHPSESSID' to 'session_id'.  That's a lot of wonky code to do something that has official session specific functions to accomodate.
  • This code is attempting to go around the built in cookie session handling, and is likely the source of your issues.  My advice is to use the session specific functions instead.
session_name('session_id');
session_set_cookie_params(0, '/', '.yourdomain.example');
session_start();

 

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.