marcus Posted October 13, 2007 Share Posted October 13, 2007 I have recently started a new website and a lot of the content is based off subdomains. How would I use session_set_cookie_params to make it so it basically makes the session valid throughout all the subdomains. I have: session_set_cookie_params(10800,'/','.mysite.com/',true); session_start(); On every page. Quote Link to comment https://forums.phpfreaks.com/topic/73107-session_set_cookie_params-help/ Share on other sites More sharing options...
marcus Posted October 14, 2007 Author Share Posted October 14, 2007 Nobody knows? subdomains are: login.site.com register.site.com tools.site.com forums.site.com etc... Quote Link to comment https://forums.phpfreaks.com/topic/73107-session_set_cookie_params-help/#findComment-368894 Share on other sites More sharing options...
kratsg Posted October 14, 2007 Share Posted October 14, 2007 session_set_cookie_params(10800,'/','mysite.com',true); session_start(); That should work, if you said www.mysite.com, then it would only work for the subdomain of www.mysite.com. Quote Link to comment https://forums.phpfreaks.com/topic/73107-session_set_cookie_params-help/#findComment-368908 Share on other sites More sharing options...
marcus Posted October 14, 2007 Author Share Posted October 14, 2007 Didn't work. Still only validating the session for login.site.com Quote Link to comment https://forums.phpfreaks.com/topic/73107-session_set_cookie_params-help/#findComment-368910 Share on other sites More sharing options...
kratsg Posted October 14, 2007 Share Posted October 14, 2007 Hmm, that's odd, I know for sure it works with cookies, but I've never had to do it between subdomains... Why not convert from session to cookies to pass data between the diff domains. Quote Link to comment https://forums.phpfreaks.com/topic/73107-session_set_cookie_params-help/#findComment-368911 Share on other sites More sharing options...
corbin Posted October 14, 2007 Share Posted October 14, 2007 He can't access the cookies from the different domains.... That's whats causing the session problem ;p. And cookies can be modifed while session cookies only the session id can be modified ;p. Quote Link to comment https://forums.phpfreaks.com/topic/73107-session_set_cookie_params-help/#findComment-368913 Share on other sites More sharing options...
marcus Posted October 14, 2007 Author Share Posted October 14, 2007 Yeah, I figured out how to access cookies around the whole site, but how can i with sessions. Quote Link to comment https://forums.phpfreaks.com/topic/73107-session_set_cookie_params-help/#findComment-368917 Share on other sites More sharing options...
corbin Posted October 14, 2007 Share Posted October 14, 2007 The session id is simply a string stored in a cookie... What settings are you using to access cookies site wide? Try using those for the session cookie, and it should work perfectly. Quote Link to comment https://forums.phpfreaks.com/topic/73107-session_set_cookie_params-help/#findComment-368920 Share on other sites More sharing options...
marcus Posted October 14, 2007 Author Share Posted October 14, 2007 The cookie is only used for the language. setcookie("ln",$value,time()+(3600*24*7*365),"/",".site.com",0); Quote Link to comment https://forums.phpfreaks.com/topic/73107-session_set_cookie_params-help/#findComment-368922 Share on other sites More sharing options...
corbin Posted October 14, 2007 Share Posted October 14, 2007 So: session_set_cookie_params(10800,'/','.mysite.com/',true); Doesn't work.... Just of curiosity, have you tried without the trailing slash on .com? I don't think that's it, but that's the only difference I see.... Quote Link to comment https://forums.phpfreaks.com/topic/73107-session_set_cookie_params-help/#findComment-368926 Share on other sites More sharing options...
marcus Posted October 14, 2007 Author Share Posted October 14, 2007 Tried about five different variations and it's still only valid on login.site.com Quote Link to comment https://forums.phpfreaks.com/topic/73107-session_set_cookie_params-help/#findComment-368929 Share on other sites More sharing options...
corbin Posted October 14, 2007 Share Posted October 14, 2007 Tested in FF and IE (browser shouldn't matter much, but just in case ;p): session_set_cookie_params(10800,'/','.domain.com'); For some reason or other, I think the true on the end was messing wit hti.... I think thats supposed to be an integer and not a bool so that could have been it, but I'm not sure.... All I know is that works and: session_set_cookie_params(10800,'/','.domain.com', true); doesn't. Quote Link to comment https://forums.phpfreaks.com/topic/73107-session_set_cookie_params-help/#findComment-368949 Share on other sites More sharing options...
marcus Posted October 14, 2007 Author Share Posted October 14, 2007 That didn't work either :/ Quote Link to comment https://forums.phpfreaks.com/topic/73107-session_set_cookie_params-help/#findComment-368974 Share on other sites More sharing options...
corbin Posted October 14, 2007 Share Posted October 14, 2007 Hmmm maybe your secure paramter defaults to something different.... <?php session_set_cookie_params(10800,'/','.no-ip.org', false); session_start(); $_SESSION['lol'] = (isset($_SESSION['lol'])) ? $_SESSION['lol']+1 : 1; echo session_id(); print_r($_SESSION['lol']); ?> That works, but the following doesn't: <?php session_set_cookie_params(10800,'/','.no-ip.org', true); session_start(); $_SESSION['lol'] = (isset($_SESSION['lol'])) ? $_SESSION['lol']+1 : 1; echo session_id(); print_r($_SESSION['lol']); ?> (P.S. I was wrong earlier when I said maybe it wasn't supposed to be a bool.) Edit: Oh, I was using two .no-ip.org sites I have to test it by the way ;p. Quote Link to comment https://forums.phpfreaks.com/topic/73107-session_set_cookie_params-help/#findComment-368978 Share on other sites More sharing options...
marcus Posted October 14, 2007 Author Share Posted October 14, 2007 It's still not passing throughout any of the other subdomains. It's on a global page, which is included on everypage. Should I only key it out on the login page? Quote Link to comment https://forums.phpfreaks.com/topic/73107-session_set_cookie_params-help/#findComment-368982 Share on other sites More sharing options...
corbin Posted October 14, 2007 Share Posted October 14, 2007 The cookie setting has to be on every page (or in the ini) so that PHP knows to accept those cookies too.... For now, try using that example script I pasted and see if it works. If that works, then the concept is working correctly and its just the script of yours that needs tweaking. Quote Link to comment https://forums.phpfreaks.com/topic/73107-session_set_cookie_params-help/#findComment-368986 Share on other sites More sharing options...
marcus Posted October 14, 2007 Author Share Posted October 14, 2007 The session id is not carrying over. Quote Link to comment https://forums.phpfreaks.com/topic/73107-session_set_cookie_params-help/#findComment-368988 Share on other sites More sharing options...
corbin Posted October 14, 2007 Share Posted October 14, 2007 That's because the cookie isn't being read by the second script, meaning either the client is with holding the cookie, or PHP is ignoring it. The session_set_cookie_params needs to be on everypage so that if a session is created, not only is it created globally on that page, but it's read globally on other pages. Also, if you set a cookie with one setting, you need to delete that cookie before testing another way since you'll still have the cookie from before ;p. Quote Link to comment https://forums.phpfreaks.com/topic/73107-session_set_cookie_params-help/#findComment-368991 Share on other sites More sharing options...
marcus Posted October 14, 2007 Author Share Posted October 14, 2007 It's different on every page now and/or refresh. Hmm. I could use cookies to store the data, but that could be insecure. Quote Link to comment https://forums.phpfreaks.com/topic/73107-session_set_cookie_params-help/#findComment-368994 Share on other sites More sharing options...
corbin Posted October 14, 2007 Share Posted October 14, 2007 I highly suggest not using cookies to store data.... Well, data that won't be [re]validated by the server. Is it different even on the page you set it on? Try clearing all the cookies you have now and then trying that page again. If it still doesn't work, please post your code. Quote Link to comment https://forums.phpfreaks.com/topic/73107-session_set_cookie_params-help/#findComment-368996 Share on other sites More sharing options...
marcus Posted October 14, 2007 Author Share Posted October 14, 2007 I cleared all my cookies. CODE: global.php [included on every page] <?php session_set_cookie_params(10800,'/','.mysite.com', false); session_start(); #session_destroy(); //---------------MAIN DATABASE---------------// $db = array(); $db['user'] = "us_***"; $db['pass'] = "*******"; $db['host'] = "localhost"; $db['base'] = "us_***"; $connect = 1; if($connect > 0){ $c = mysql_connect($db['host'], $db['user'], $db['pass']) or die("Error connecting to mySQL Database: " . mysql_error()); $d = mysql_select_db($db['base'], $c); } //-------------------------------------------// //--------------INCLUDES---------------------// #-------FUNCTIONS if(file_exists( "/home2/us/public_html/includes/functions.php" )){ include "/home2/us/public_html/includes/functions.php"; } #-------LANGUAGES if(file_exists( "/home2/us/public_html/includes/languages.php" )){ include "/home2/us/public_html/includes/languages.php"; } //------------------------------------------// # CHECK LANGUAGE #checkLang($_COOKIE['ln']); //-----------------------------------------// ?> login.mysite.com/index.php <?php include "/home2/us/public_html/global.php"; $page = $lang[$ln]['login_title']; layout('header'); if(!$_SESSION['uid']){ if(!$_POST['submit']){ echo "<table border=\"0\" cellspacing=\"3\" cellpadding=\"3\">\n"; echo "<form method=\"post\" action=\"http://login.mysite.com\">\n"; echo "<tr><td>{$lang[$ln]['login_username']}</td><td><input type=\"text\" name=\"username\"></td></tr>\n"; echo "<tr><td>{$lang[$ln]['login_password']}</td><td><input type=\"password\" name=\"password\"></td></tr>\n"; echo "<input type=\"hidden\" name=\"submit\" value=\"1\">\n"; echo "<tr><td colspan=\"2\" align=\"right\"><input type=\"image\" src=\"{$src['input_submit']}\"></td></tr>\n"; echo "</form></table>\n"; }else { $username = protect($_POST['username']); $password = protect($_POST['password']); $errors = array(); if(!$username){ $errors[] = "You did not supply a username"; } if(!$password){ $errors[] = "You did not supply a password"; } if($username && $password){ $sql = "SELECT * FROM `users` WHERE `username`='$username'"; $res = mysql_query($sql) or die(mysql_error()); if(mysql_num_rows($res) == 0){ $errors[] = "Invalid username"; }else { $pass = md5(sha1($password)); $sql2 = "SELECT * FROM `users` WHERE `username`='$username' AND `password`='$pass'"; $res2 = mysql_query($sql2) or die(mysql_error()); if(mysql_num_rows($res2) == 0){ $errors[] ="Invalid username and password combination"; } } } if(count($errors) > 0){ foreach($errors AS $error){ echo $error . "<br>\n"; } }else { $pass2 = md5(sha1($password)); $sql3 = "SELECT * FROM `users` WHERE `username`='$username' AND `password`='$pass2'"; $res3 = mysql_query($sql3) or die(mysql_error()); $row = mysql_fetch_assoc($res3); $_SESSION['uid'] = $row['id']; echo "You have successfully logged in!"; } } }else { echo "You are already logged in!"; } layout('footer'); ?> Quote Link to comment https://forums.phpfreaks.com/topic/73107-session_set_cookie_params-help/#findComment-369000 Share on other sites More sharing options...
corbin Posted October 14, 2007 Share Posted October 14, 2007 This is kind of a weird question, but you aren't trying to do this with a subdomain of a subdomain are you? I can't think of a reason as to why that wouldn't work.... Does the login page stay logged in if you login then refresh (without correct post data on the refresh)? If it doesn't then the session_set_params is still not working.... Quote Link to comment https://forums.phpfreaks.com/topic/73107-session_set_cookie_params-help/#findComment-369013 Share on other sites More sharing options...
marcus Posted October 14, 2007 Author Share Posted October 14, 2007 It stays saying "you logged in" Quote Link to comment https://forums.phpfreaks.com/topic/73107-session_set_cookie_params-help/#findComment-369014 Share on other sites More sharing options...
corbin Posted October 14, 2007 Share Posted October 14, 2007 Hmmmm.... So if you print_r($_SESSION) on one of your other pages right under the global include (after logging in) it spits out array()? Quote Link to comment https://forums.phpfreaks.com/topic/73107-session_set_cookie_params-help/#findComment-369019 Share on other sites More sharing options...
marcus Posted October 14, 2007 Author Share Posted October 14, 2007 On login.mysite.com after logged in I get: Array ( [uid] => 1 ) And on the index I get: Array ( ) Quote Link to comment https://forums.phpfreaks.com/topic/73107-session_set_cookie_params-help/#findComment-369023 Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.