0

I set a PHP session global on one web page, go to fetch it from another and it isn't there....

I have read up on all the standard pitfalls and have made sure they're not the issue:

– Web pages end in .php,

– First line:

<?php
if (session_id () === "")
{
    session_start ();
}
?>

– Etc....

My best guess at this point is that perhaps it is because I assign the session variable from one domain (http://www.foo.com) and then call through to a PHP executable on another (https://api.bar.com) and ... maybe I get a different session ID? These domains are on the same server though.

I guess my question is, are sessions scoped to the domain in question in PHP?

(I kind of wanted to have all my PHP scripts on my one domain with the secure transfer protocol — I'm too cheap to get a certificate for every domain I own).

JCalhoun
  • 91
  • 1
  • 2
  • `I'm too cheap to get a certificate for every domain I own` https://letsencrypt.org/ – tkausl May 12 '17 at 02:23
  • See: http://stackoverflow.com/questions/14611545/preserving-session-variables-across-different-domains http://stackoverflow.com/questions/1064243/php-sessions-across-sub-domains http://stackoverflow.com/questions/13806701/secure-and-flexible-cross-domain-sessions – rafrsr May 12 '17 at 02:49
  • 1
    Possible duplicate of [Preserving session variables across different domains](http://stackoverflow.com/questions/14611545/preserving-session-variables-across-different-domains) – cosmoonot May 12 '17 at 04:16

0 Answers0