Jump to content

Recommended Posts

I have recently started a new website and a lot of the content is based off subdomains.

 

How would I use session_set_cookie_params to make it so it basically makes the session valid throughout all the subdomains.

 

I have:

 

session_set_cookie_params(10800,'/','.mysite.com/',true);
session_start();

 

On every page.

Link to comment
https://forums.phpfreaks.com/topic/73107-session_set_cookie_params-help/
Share on other sites

Tested in FF and IE (browser shouldn't matter much, but just in case ;p):

 

session_set_cookie_params(10800,'/','.domain.com');

 

For some reason or other, I think the true on the end was messing wit hti.... I think thats supposed to be an integer and not a bool so that could have been it, but I'm not sure.... All I know is that works and:

 

session_set_cookie_params(10800,'/','.domain.com', true);

 

doesn't.

Hmmm maybe your secure paramter defaults to something different....

 

<?php

session_set_cookie_params(10800,'/','.no-ip.org', false);

session_start();

$_SESSION['lol'] = (isset($_SESSION['lol'])) ? $_SESSION['lol']+1 : 1;

echo session_id();

print_r($_SESSION['lol']);

?>

 

That works, but the following doesn't:

 

<?php

session_set_cookie_params(10800,'/','.no-ip.org', true);

session_start();

$_SESSION['lol'] = (isset($_SESSION['lol'])) ? $_SESSION['lol']+1 : 1;

echo session_id();

print_r($_SESSION['lol']);

?>

 

(P.S. I was wrong earlier when I said maybe it wasn't supposed to be a bool.)

 

Edit: Oh, I was using two .no-ip.org sites I have to test it by the way ;p.

The cookie setting has to be on every page (or in the ini) so that PHP knows to accept those cookies too....

 

For now, try using that example script I pasted and see if it works.  If that works, then the concept is working correctly and its just the script of yours that needs tweaking.

That's because the cookie isn't being read by the second script, meaning either the client is with holding the cookie, or PHP is ignoring it.

 

The session_set_cookie_params needs to be on everypage so that if a session is created, not only is it created globally on that page, but it's read globally on other pages.

 

Also, if you set a cookie with one setting, you need to delete that cookie before testing another way since you'll still have the cookie from before ;p.

I highly suggest not using cookies to store data.... Well, data that won't be [re]validated by the server.

 

Is it different even on the page you set it on?

 

Try clearing all the cookies you have now and then trying that page again.

 

If it still doesn't work, please post your code.

I cleared all my cookies.

 

CODE:

 

global.php [included on every page]

 

<?php
session_set_cookie_params(10800,'/','.mysite.com', false);
session_start();
#session_destroy();


//---------------MAIN DATABASE---------------//
$db	= array();
$db['user'] = "us_***";
$db['pass'] = "*******";
$db['host'] = "localhost";
$db['base'] = "us_***";
$connect = 1;

if($connect > 0){
$c = mysql_connect($db['host'], $db['user'], $db['pass']) or die("Error connecting to mySQL Database: " . mysql_error());
$d = mysql_select_db($db['base'], $c);
}
//-------------------------------------------//



//--------------INCLUDES---------------------//

#-------FUNCTIONS
if(file_exists( "/home2/us/public_html/includes/functions.php" )){
	include "/home2/us/public_html/includes/functions.php";
}

#-------LANGUAGES
if(file_exists( "/home2/us/public_html/includes/languages.php" )){
	include "/home2/us/public_html/includes/languages.php";
}


//------------------------------------------//
# CHECK LANGUAGE
#checkLang($_COOKIE['ln']);
//-----------------------------------------//

?>

 

login.mysite.com/index.php

<?php
include "/home2/us/public_html/global.php";
$page = $lang[$ln]['login_title'];

layout('header');

if(!$_SESSION['uid']){

if(!$_POST['submit']){
echo "<table border=\"0\" cellspacing=\"3\" cellpadding=\"3\">\n";
echo "<form method=\"post\" action=\"http://login.mysite.com\">\n";
echo "<tr><td>{$lang[$ln]['login_username']}</td><td><input type=\"text\" name=\"username\"></td></tr>\n";
echo "<tr><td>{$lang[$ln]['login_password']}</td><td><input type=\"password\" name=\"password\"></td></tr>\n";
echo "<input type=\"hidden\" name=\"submit\" value=\"1\">\n";
echo "<tr><td colspan=\"2\" align=\"right\"><input type=\"image\" src=\"{$src['input_submit']}\"></td></tr>\n";
echo "</form></table>\n";
}else {
$username = protect($_POST['username']);
$password = protect($_POST['password']);
$errors = array();

	if(!$username){ $errors[] = "You did not supply a username"; }
	if(!$password){ $errors[] = "You did not supply a password"; }

	if($username && $password){

		$sql = "SELECT * FROM `users` WHERE `username`='$username'";
		$res = mysql_query($sql) or die(mysql_error());

		if(mysql_num_rows($res) == 0){ $errors[] = "Invalid username"; }else {
			$pass = md5(sha1($password));
			$sql2 = "SELECT * FROM `users` WHERE `username`='$username' AND `password`='$pass'";
			$res2 = mysql_query($sql2) or die(mysql_error());
				if(mysql_num_rows($res2) == 0){ $errors[] ="Invalid username and password combination"; }
		}
	}

	if(count($errors) > 0){
		foreach($errors AS $error){
		echo $error . "<br>\n";
		}
	}else {
	$pass2 = md5(sha1($password));
	$sql3 = "SELECT * FROM `users` WHERE `username`='$username' AND `password`='$pass2'";
	$res3 = mysql_query($sql3) or die(mysql_error());
	$row = mysql_fetch_assoc($res3);
	$_SESSION['uid'] = $row['id'];
	echo "You have successfully logged in!";
	}
}
}else {
echo "You are already logged in!";
}

layout('footer');
?>

This is kind of a weird question, but you aren't trying to do this with a subdomain of a subdomain are you?

 

I can't think of a reason as to why that wouldn't work....

 

Does the login page stay logged in if you login then refresh (without correct post data on the refresh)?

 

If it doesn't then the session_set_params is still not working....

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.