Similar to (Empty $_SESSION superglobal on AJAX request, but session ID is preserved) but slightly different.
I am attempting to access sessions across two sub-domains. Up until recently this worked flawlessly. Across the two domains .example.com and admin.example.com
session_set_cookie_params(0, '/', '.example.com');
session_start();
The admin.example.com account is on it's own virtual server and as such is a different user to example.com, lets call them 'User1' and 'Adminuser' for ease. Adminuser has access to User1's files because its part of the User1 group.
The cookie is passed along perfectly between domains and therefore the session_id is also correct on admin.example.com. I can even read the file contents of the session and the data is all present and correct.
However, the $_SESSION super global is empty on admin.example.com
Interestingly, if I change the session file ownership to Adminuser, then the reverse happens. Adminuser has access to the session but User1 doesn't. Leading me to believe it's a security issue with my server settings.
As stated above, this worked flawlessly for months. The issues began when I installed a the apache module fastcgi and did a rebuild. I've since uninstalled the module and gone back to suphp to see if the issue would revert, but alas it has persisted.
I DON'T have suhosin installed, which from reading up on similar posts I can see sometimes causes issues.
Anyone know what setting may be causing this?
[Edit 1]
See this thread also: PHP Sessions across sub domains 2
The point discussed in @ajmicek's accepted answer is the same as what is occurring on my server, only I know for a fact that Adminuser is already part of User1's group.
