0

I am using CI. I want to share session over subdomains And I'm using database to store sessions

I've tried this

ini_set('session.cookie_domain', substr($_SERVER['SERVER_NAME'],strpos($_SERVER['SERVER_NAME'],"."),100));

if(session_id ==''){session_start();}

That means x.y.com and z.y.com will use common session help me, pls

Mazhar Ahmed
  • 1,523
  • 2
  • 24
  • 41
  • 5
    can you print out `substr($_SERVER['SERVER_NAME'],strpos($_SERVER['SERVER_NAME'],"."),100)`, maybe you're doing it wrong there. I recommend you to use `*.abc.com` or `.abc.com` right there. (manually) – ahmet alp balkan Jun 11 '11 at 20:55
  • What is the question? This solution seems like it should work. – Halcyon Jun 11 '11 at 22:08
  • Check out the function i use Its working http://stackoverflow.com/questions/2835486/php-session-shared-with-subdomain/17638102#17638102 – boksiora Jul 14 '13 at 09:24

3 Answers3

5

Considering the fact that you already know your domain name, is there a reason why you use substr to determine it? You could would be much more readable if you just used:

ini_set('session.cookie_domain', '.domain.tld');

For cookies to work across multiple subdomains, the cookie domain must start with a dot (.) followed by the common part of all the sub-domains (most likely domain.tld.)

Also, the second line of your post, the one where you check if the session needs to be started is wrong. You're missing a set of parentheses after session_id because it's a function and not a constant. The conditional statement (if) would always fail causing session_start() to be called every time.

if ( empty(session_id()) ) session_start();
Francois Deschenes
  • 24,816
  • 4
  • 64
  • 61
  • 2
    In your config file, add `$config[‘cookie_domain’] = ".domain.tld";` CodeIgniter will take care of handling session for you. Make sure to change ".domain.tld" to your domain name (and make sure it starts with a dot.) – Francois Deschenes Jun 14 '11 at 01:06
  • Bro, if I want to share session to http://x.com and http://y.x.com What should I do ? – Mazhar Ahmed Jun 19 '11 at 20:00
  • @Mazhar Ahmed - And what would your domain name be? If both of those are third party domain, you won't be able to unless the browser makes a request to those domains itself. – Francois Deschenes Jun 19 '11 at 20:16
  • domain names are http://stsbd.com and http://x.stsbd.com, I did as you told but not working for this 2 places – Mazhar Ahmed Jun 19 '11 at 22:15
  • @Mazhar Ahmed - So you added `ini_set('session.cookie_domain', '.stsbd.com');` and `$config['cookie_domain'] = '.stsbd.com';` (with the leading dot) in your CodeIgniter config where the cookie is set? On the receiving end, you can try `print_r($_COOKIES);` to output what it's receiving. – Francois Deschenes Jun 19 '11 at 22:39
5

Set a new session.name before changing other session settings and starting a new session. See Notes Below:

//Name your session for changes to be applied to.
session_name('my_session'); //Any arbitrary short name. Must have at least on letter char.

//Force a common cookie domain to apply to all subdomains.
ini_set('session.cookie_domain', '.domain.com'); //Change '.domain.com' accordingly.

//Start the Session if session_id() returns nothing.
if( empty( session_id() ) ) { session_start(); }

This has consistently worked for me. The php.net documentation on this is minimal, but, it appears to be the consensus with many in the community.

David Carroll
  • 2,491
  • 1
  • 15
  • 4
1

I am assuming that this above would go into the login file that processes the login and starts the session?

I have the code below in my log in file. Yes, I am a cut and paste coder :)

Does this mean it should work across subdomains since it says it's persistent sessions?

@session_start();
                    $usersession = generate_session(100);
                    $host_name = '.'.str_replace('www.','',$_SERVER['HTTP_HOST']);
                    if($_POST['persistent'] == 'yes'){                                
                            setcookie("usersession", $usersession, time()+    ($_POST['persistentFor']*7*24*60*60), "/", $host_name, 0);
                    }
                    $_SESSION['usersession'] = $usersession;
                    $user_ip = get_ip();
                    $insert_session = @mysql_query("INSERT INTO `memb_usersessions` 
                            (`session_id`,`user_id`,`session_date`) VALUES     ('$usersession','$get_user[user_id]',NOW())");
Robert
  • 11
  • 2