PHP Sessions through subdomains when not allowed to edit php.ini

Question

My host (one) is not allowing me to change the php.ini file and nor can I find it (I probably don't have read access to it even). When I am trying to make session variables go across subdomains I can't since the session cookie is set for the main domain only (example.com). I would like it to be set for .example.com

I have tried to set the php ini file to allow this.

ini_set('session.cookie_domain', '.example.com');

That did not work because I am not allowed to run the ini_set() function. I also tried finding the php.ini file but could not find it in my FTP client. Using phpinfo() wields me it is in /etc/php but I don't have access to that directory.

I expect this to work but clearly it does not. Checking the developer console in Firefox the domain path for the PHPSESSID cookie is still example.com and not .example.com

Is there any workaround other than setting the session variables on the correct subdomain from the start?

No sane shared hosting service allows customers to fiddle with the system-wide PHP settings but it's almost always unnecesary given that you can use `.htaccess`, `.user.ini` or `ini_set()` for most purposes. However, if `ini_set()` itself has been banned (that's what you mean, don't you?), it's a clear indication that they don't want you to customise anything. If so, finding a way may result in account termination due to violation of terms of use. Probably it's not even a multi-site plan. Just my two cents. — Álvaro González, Dec 28 '18 at 12:12

score 1 · Answer 1 · answered Dec 28 '18 at 12:18

1

Session cookie params can also be set with session_set_cookie_params(). The domain is the third argument.

answered Dec 28 '18 at 12:18

Álvaro González

142,137
41
261
360

ttrasn · Answer 2 · 2018-12-28T16:18:47.863

You can set ini variable like this before session_start()

ini_set('session.cookie_domain', '.example.com' );

or for that question you can set in htaccess file like this:

php_value session.cookie_domain .example.com

and from this answer:

    if(isset($_COOKIE['session_id']))
        session_id($_COOKIE['session_id']);
    Zend_Session::start(); //or session_start();
    if(!isset($_COOKIE['session_id']))
        setcookie('session_id', session_id(), 0, '/', '.yourdomain.com');

at the end if any of this ways doesn't work, you can change the session_name

 session_name('example_name');

then use the following code into the php page

session_set_cookie_params(0,"/",".example.com",FALSE,FALSE);
setcookie(session_name(), session_id(),0,"/","example.com");
session_start();

for more information see this question

Clearly you did not read my post. I am not allowed to run the `ini_set` function. The .htaccess method does not work either. — Samuel Andersson, Dec 28 '18 at 12:09

score 0 · Answer 3 · answered Dec 28 '18 at 12:32

This is not the best solution !

Regarding your situation and if you cannot set it using .htaccess, you can make a redirect to your subdomain(s), create the session and redirect back to the URL where you want to be,

EX : example.com -> any action -> go to sub1.example.com -> create session -> go to sub2.example.com -> create session -> ... -> go to example.com

Or : You can also create pixel image with links to your subdomains if you don't want to use redirect

For this two solutions to work, you need to set sessions separately for each subdomain.

PHP Sessions through subdomains when not allowed to edit php.ini

3 Answers3