0

My user is logged in at site_url.com on a CMS, however I am now developing a mobile version of the site, outside the CMS on a subdomain m.site_url.com and would like the session to be synchronized with the CMS.

I have included a file with all the CMS' functions like this:

<?php include('/home/flyeurov/public_html/core/codon.config.php');

The subdomain m.site_url.com is located at /public_html/mobile directory. Inside /mobile is index.php and a trigger to display a dashboard or a login form, depending on user's state (logged in or not).

It is working, and I am able to login and see the dashboard, however only when I access direct path for example site_url.com/mobile/index.php. If I am logged in, and I access this path, it will take me to crew_center.php - the dashboard.

This does not happen when I access the subdomain at m.site_url.com. Even when I am logged in, I get shown login.php page.

Here is index.php:

<?php include('/home/flyeurov/public_html/core/codon.config.php');

session_set_cookie_params(0, '/', '.site_url.com');

if(Auth::LoggedIn())
{
    header("Location: crew_center.php");
} 
else
{
    header("Location: login.php");
}

?>

I can therefore imagine that this is down to a session issue, but how can I share the CMS' session with the m subdomain?

user2442178
  • 101
  • 1
  • 2
  • 9

3 Answers3

0

Try setting a cookie!

When the user logs into their account at sitea.com, then set a cookie.

setcookie("TestCookie", "COOKIE-VALUE", time()+3600, "/", "siteb.com");

This will set a cookie with this info contained in it:

Name: TestCookie
Value: COOKIE-VALUE
Expiration: One Hour
Cookie directory: /
Domain: siteb.com

The domain is set to siteb.com so that siteb can read the value contained in the cookie.

Now all you have to do is read the cookie at siteb.com!

I do not recommend using cookies to hold passwords or banking information, however, this is the only way that i see possible as a solution to your problem.

I hope this helps, let me know if you need further help.

pattyd
  • 5,927
  • 11
  • 38
  • 57
0

You cannot pass a session id across domains, they are not designed to work that way (for security reasons). Although you can do what i have done in the past and store the session data in a serialised format in either a cookie, or as a POST variable within a form, or as base64 encoded serialised format as part of the URL.

<input type="hidden" name="session_data" value="<?php echo(base64_encode(serialize($_SESSION))); ?>"/>

or

<a href="http://sub.domain.com/?session_data=<?php echo(base64_encode(serialize($_SESSION))); ?>">Go Here</>
bizzehdee
  • 20,289
  • 11
  • 46
  • 76
-1

You have to tell the server to keep the session for the domain and not for the subdomains. It can be achieved via *ini_set('session.cookie_domain', 'site_url.com');*

This will keep the session for the domain and the same session will be shared to all the subdomains.

Visit http://www.php.net/manual/en/session.configuration.php#ini.session.cookie-domain

Vinu S
  • 11
  • 1
  • 1
    I do not recommend changing ini settings for this issue. – pattyd Jul 26 '13 at 19:58
  • 1
    The php's default ini setting will be override in the application. It will not affect the settings of other applications hosted in the same web server. – Vinu S Jul 27 '13 at 04:05