2

I have a problem sharing the session between two subdomains, and I've read a lot of threads here and other places.

I have www.xx.com and sub.xx.com and I've set 

session_name("PHPSESSXX");
session_set_cookie_params(0, '/', '.xx.com');

and the session.save_path is the same on both domains.

I get a cookie called PHPSESSXX on both domains, and it has the same value.

When I log on to www.xx.com I get a session with some details in it, and it stays that way until I go to sub.xx.com. Then the session on sub.xx.com is empty, and if I refresh www.xx.com, the session there is gone as well. So it does something, but it seems to be overwriting the session data each time I visit a different subdomain.

Any ideas anyone? - Can i debug this somehow?

Btw: I'm using ssl on both domains.

cheers

smokiespartakus
  • 176
  • 3
  • 14
  • 1
    Your code seems correct, are you setting this up before `session_start`? – Aurelia Nov 20 '13 at 09:07
  • http://stackoverflow.com/questions/6318492/sharing-session-over-subdomains-in-php – shanethehat Nov 20 '13 at 09:13
  • The first obvious debugging tip is to find your browser's developer tools and check whether the cookie value remains the same. If that's okay, you're probably deleting session data inadvertently. – Álvaro González Nov 20 '13 at 09:18
  • possible duplicate of [PHP Sessions across sub domains](http://stackoverflow.com/questions/1064243/php-sessions-across-sub-domains) – NDM Nov 20 '13 at 10:05
  • I've checked each and every one (I believe) of the supposed duplicates, and haven't found an answer. I am setting it before session_start and I'm not deleting any session values. Not in my php script anyway. – smokiespartakus Nov 20 '13 at 18:19
  • I've checked the cookie in devtools and it seems to stay the same... I'll continue looking for a solution... – smokiespartakus Nov 20 '13 at 18:33
  • I think that maybe it's suhosin server encryption that causes the problem. I will test this asap.. (Found here: http://stackoverflow.com/questions/11653603/php-session-is-getting-reset-between-subdomains) – smokiespartakus Jan 08 '14 at 12:16
  • The problem was suhosin - I'll add an answer... Thanks for eyes and help and such ;o) – smokiespartakus Jan 08 '14 at 13:19

2 Answers2

0

PHP session ids are saved in Cookies. To make a cookie available in all the sub-domains you need to assign it to the root domain. Then all the sub-domains will get the session id from cookie and PHP can find the session using passed session id.

As it turns out, You just need to set the session.cookie_domain to the root domain in php.ini file

session.cookie_domain = ".example.com" Also check manual for different approaches used to set an ini entry.

Your question is answered here

Sharing SESSION Variables Between Multiple Subdomains

Community
  • 1
  • 1
Kannan Rajendran
  • 220
  • 1
  • 16
  • That's exactly what I've done, as described above. And I've tried different ways to set the ini settings. The cookie_domain works fine but the session doesn't work across the domains. I've read the topic in the top, and that doesn't work, as well as the one you've suggested... Seems like I just have to continue searching...;o) – smokiespartakus Nov 20 '13 at 18:22
0

My solution was to set a flag in .htaccess like this:

php_flag "suhosin.session.cryptdocroot" 0

And it now works perfectly ;o)

The problem was that Suhosin was installed on the system, and the ini variable 

suhosin.session.cryptdocroot = On

encrypted the session files in such a way, that when a different subdomain tried to change the session, it deleted everything for security reasons.

It didn't work for me to set the variable to Off or [nothing] in the ini-file, though maybe I didn't find the right file.

I also tried setting it in PHP without any luck. Like this:

ini_set('suhosin.session.cryptdocroot', 0)

cheers

smokiespartakus
  • 176
  • 3
  • 14