22

I have a website www.example.com. That will have multiple subdomains that work with a single application or program. For an example, login.example.com will allow the user to log in to the site while system.example.com will allow the user to access an information system, while forums.example.com will allow the user to access forums.

We may need to pass information between the subdomains such as a user id, or a user preference, etc. How do we go about passing information between the sudomains using SESSION variables?

EDIT: I like this idea:

As the first thing in your script:

ini_set('session.cookie_domain', '.example.com' );
Improve this question
3
  • 1
    Possible duplicate? Allow php sessions to carry over to subdomains Commented Feb 5, 2012 at 22:38
  • 2
    Do you plan on using the SAME session on all of the subdomains or would you like the session information to be isolated by subdomain? If you ever expand and move one subdomain to another physical server, this could be problematic if you share the session across all domains. Or you would have to switch to memory/database based session storage which all servers could access. Commented Feb 5, 2012 at 22:43
  • I plan to use the SAME session on all the subdomains. However another drawback may be that I have multiple domains on one sever. What would I do then to keep the sessions separte amongst the regular domains, but keep them for the subdomains only? Commented Feb 6, 2012 at 16:52

9 Answers 9

Reset to default
19

1) the subdomains should use the same path to save session files

2) modify your

php.ini session.cookie_domain = ".example.com"

or .htaccess php_value session.cookie_domain .example.com

or inside of the script ini_set('session.cookie_domain', '.example.com' );

Improve this answer
Sign up to request clarification or add additional context in comments.

7 Comments

What if you are using a hosting service where you have more than one domain. Example would be example1.com, example2.com, example3.com. Then what would you do?
@KevinOluseunKarimu Nothing by the cookies, it does not work this way. You could attach session id to the links leading to another domain, at another domain you get this session id and start session with. The requirement about shared session folders is still here.
How do I get the sessiom id to put in the links?
Furthermore, how do I get the other page to read and use it? haha. I'm a bit confused.
@KevinOluseunKarimu look at php.net/session_id use at, attach this ID as argument to the URLs leading to another domain. Use it to set the same session id on it. The best way is not to match it directly to the authentication session, otherwise if user is not logged out and submits this link to somebody else then they will have access to his data.
|
16

PHP session ids are saved in Cookies. To make a cookie available in all the sub-domains you need to assign it to the root domain. Then all the sub-domains will get the session id from cookie and PHP can find the session using passed session id.

As it turns out, You just need to set the session.cookie_domain to the root domain in php.ini file

session.cookie_domain = ".example.com"

Also check manual for different approaches used to set an ini entry.

Improve this answer

5 Comments

What if you are using a hosting service where you have more than one domain. Example would be example1.com, example2.com, example3.com. Then what would you do?
Add php_value session.cookie_domain .example.com in .htaccess file for each of your domains
I'm sorry so you would add that as "php_value session.cookie_domain .example.com?" Correct?
The way my hosting service has set this up is to have a .htaccess for each directory. I don't see one for each domain.
put it in root directory or example.com. If you have example.com/index.php file then put the .htaccess in the directory where index.php is kept. Thats the document root.
11

I found a solution to my problem:

session_name("2620368ghwahw90w");
session_set_cookie_params(0, '/', '.mydomain.com');
session_start();

This appears to work with no problem. Is this a good method with low security risk?

Improve this answer

Comments

3

Before you create your session in php file, add this line at first line :

<?php
//session cross to sub domain
ini_set('session.cookie_domain', substr($_SERVER['SERVER_NAME'],strpos($_SERVER['SERVER_NAME'],"."),100));
Improve this answer

Comments

2

you can use cookies. check the path parameter in setcookie() which makes that cookie available for he entire domain. drawbacks to this are people who turn off cookies (private browsing modes)

another method would be by passing the sessionID around using links or hidden <input> fields (for forms).

since separate websites don't share sessions (as far as i know, since subdomains are technically "different places" from eachother), don't use sessions to store on the server side. instead, use a database to handle your sessions. that way, multiple sites can share the same session tracking table.

Improve this answer

1 Comment

What if you are using a hosting service where you have more than one domain. Example would be example1.com, example2.com, example3.com. Then what would you do?
0

To share the session cookie among subdomains, you have to set the cookie's domain to .example.org (mind the dot).

http://www.php.net/manual/en/session.configuration.php#ini.session.cookie-domain

Improve this answer

Comments

0

I have been going round with this for a while now and what worked for me is placing the code below:

session_name("some_session_name"); session_set_cookie_params(0, '/', '.some_domain.com'); session_start();

across all the sub-domains that will use the session variables. I set this at the beginning of my index php file and it works. Hope this will make it clear.

Improve this answer

Comments

0

Works like charm!

I believe the cleanest way is to create in you .env a variable SESSION_DOMAIN=.example.com

Alternatively, you can open up config/session.php and set 'domain' => env('SESSION_DOMAIN', '.example.com'), with that all subdomains eg. domain.example.com, test.example.com even example.com shares same session

Improve this answer

Comments

0

This should work in most, if not all, cases:

<?php

if (!session_id()) /* If session is not started yet, then... */
    {
        ini_set('session.cookie_domain', substr_count($_SERVER['SERVER_NAME'],'.') > 1 ? ('.'.substr($_SERVER['SERVER_NAME'], strpos($_SERVER['SERVER_NAME'], '.') + 1)) : ('.'.$_SERVER['SERVER_NAME']));
        session_start(); /* Start session now. */
    };
    
?>
Improve this answer

1 Comment

The problem with @Pathic 's answer is if you visit the page without a subdomain at all, then your session.cookie_domain will be set to '.com' which matches most of the domains on the internet. Not secure at all, if it even works. :(

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.