0

I am trying for 8 hours to fix it, and this post doesn't help me: Allow php sessions to carry over to subdomains

I am losing my id session on a new sub.domains.com Here is the code: from sub.domains.com

if($postac['zalogowany'] == 0){ $postac = ""; $_SESSION['postac'] = 0; }

login.php from domena.com

    if($doVariable == 'play' && $_POST['postac'] > 0) {
        if($_GET['serv'] == 'cos') 
            $server = 'baza';
        $_SESSION['postac'] = $_POST['postac'];
            $zalogowany = $pdo->prepare("UPDATE postac set zalogowany = 1 where id=:postac");  
            $zalogowany->bindValue(':postac', $_SESSION['postac'], PDO::PARAM_STR);  
            $zalogowany->execute();
        if($_GET['serv'] == 'play');
            header("Location: http://sub.domains.com");
 }
Community
  • 1
  • 1
Programistyczny
  • 55
  • 8
  • can we see `var_dump(session_get_cookie_params());` ? – Federkun Dec 10 '16 at 16:21
  • @Federkun from sub.domains.com array(5) { ["lifetime"]=> int(0) ["path"]=> string(1) "/" ["domain"]=> string(0) "" ["secure"]=> bool(false) ["httponly"]=> bool(false) } the same is from domena.com – Programistyczny Dec 10 '16 at 16:25

1 Answers1

1

You can change session.cookie_domain in your php.ini to allow the cookie to be read across the subdomains. You can also do it at runtime with session_set_cookie_params.

session.cookie_domain = ".domains.com"
Federkun
  • 36,084
  • 8
  • 78
  • 90
  • where i can find php.ini ? i try locate php.ini but i got this locate: can not stat () `/var/lib/mlocate/mlocate.db': No such file or directory i have debian 8 – Programistyczny Dec 10 '16 at 16:41
  • i add session.cookie_domain = ".domena.com" to /etc/php5/fpm/php.ini but doesn't work – Programistyczny Dec 10 '16 at 16:48
  • have you rebooted the web server? – Federkun Dec 10 '16 at 16:52
  • what's `var_dump(session_get_cookie_params());` now? – Federkun Dec 10 '16 at 16:56
  • array(5) { ["lifetime"]=> int(0) ["path"]=> string(1) "/" ["domain"]=> string(0) "" ["secure"]=> bool(false) ["httponly"]=> bool(false) } – Programistyczny Dec 10 '16 at 17:00
  • `domain` is still an empty string, you didn't changed `session.cookie_domain` at all. Do it with `session_set_cookie_params`. – Federkun Dec 10 '16 at 17:01
  • do you mean session_set_cookie_params(0, '/', '.example.com'); session_start(); to everyfiles on sub.domains.com and on domena.com? – Programistyczny Dec 10 '16 at 17:10
  • i change from session.cookie_domain = ".domains.com" to session_set_cookie_param and nothing changed still the same problem – Programistyczny Dec 10 '16 at 17:28
  • now array(5) { ["lifetime"]=> int(0) ["path"]=> string(1) "/" ["domain"]=> string(12) "domena.com" ["secure"]=> bool(false) ["httponly"]=> bool(false) } i add this to file session_set_cookie_params(0, '/', 'domena.com'); session_start(); var_dump(session_get_cookie_params()); – Programistyczny Dec 10 '16 at 17:39
  • it should be `.domena.com` instead of `domena.com`. otherwise the cookie will be available only for `domena.com`. – Federkun Dec 10 '16 at 17:40
  • ok i understand now i change in php.ini and now working array(5) { ["lifetime"]=> int(0) ["path"]=> string(1) "/" ["domain"]=> string(13) ".domena.com" ["secure"]=> bool(false) ["httponly"]=> bool(false) } but $_SESSION id empty NULL – Programistyczny Dec 10 '16 at 18:00
  • i again lost $_SESSION why? i arleady have the domain on string but its show like Failed to load resource: htttp:domena.com/somefiles/files.php the server responded with a status of 502 (Bad Gateway) – Programistyczny Dec 12 '16 at 19:52
  • That's an unrelated problem, you can open another question – Federkun Dec 12 '16 at 20:19
  • but i lost too $_SESSION = null again why? – Programistyczny Dec 12 '16 at 21:03