PHP $_SESSION not staying across localhost subdomains

Question

Possible Duplicate:
Allow php sessions to carry over to subdomains

Kind of complicated, but I've got 4 subversion repositories that I want to run side by side on my localhost for testing.

I set php.ini as so:

session.cookie_domain = ".localhost.com"

I setup my hosts file:

127.0.0.1   vader.localhost.com
127.0.0.1   luke.localhost.com

When I login, it sets the cookie correctly.

   Name: PHPSESSID
Content: b0d3h7nh5ff40sms26q04oasq3
 Domain: .localhost.com
   Path: /

I set the $_SESSION variable on login:

$_SESSION['authorized'] = true;

Reload the page, the headers are correct:

Cookie  PHPSESSID=b0d3h7nh5ff40sms26q04oasq3
Host    vader.localhost.com
Referer http://vader.localhost.com/

But the $_SESSION variable is empty.

This all works fine if I remove the subdomain.

Thoughts?

EDIT:

Suhosin is NOT installed.

Also, someone asked for the full code for the session setting:

if (authenticate($dat['username'], $dat['password'])) {
        session_start();
        $_SESSION['authorized'] = true;
        $_SESSION['username'] = $dat['username'];
        $_SESSION['userType'] = findId('t_user', 'username', $dat['username'], 'userTypeId');
        $_SESSION['userId'] = findId('t_user', 'username', $dat['username'], 'userId');
        $_SESSION['contactId'] = findId('t_user', 'username', $dat['username'], 'userContactId');
        array_push($reply, $reply);
        $reply['authorized'] = true;
    }

Is there any chance you could post more of your code which sets / reads the session? — cmbuckley, Jan 30 '12 at 21:31
Edited my post to add more code. Also, I checked php.ini, Suhosin is not installed. — Dramatological, Jan 30 '12 at 21:52
@user1178991, checking in php.ini won't tell you. You need to check the PHP binary or create a file with just ` — Xeoncross, Jan 30 '12 at 22:55

score 1 · Answer 1 · edited May 23 '17 at 09:59

1

Found this answer from PHP Sessions across sub domains, it shall helps :)

I don´t know if the problem still exists, but I just ran into the same problem and solved it setting a session name before calling session_set_cookie_params():
$some_name = session_name("some_name");
session_set_cookie_params(0, '/', '.some_domain.com');
session_start();
I have changed nothing in my php.ini but now everything is working fine.

edited May 23 '17 at 09:59

Community

1
1

answered Jan 30 '12 at 21:58

Cyril N.

38,875
36
142
243

I tried setting the name alone, and setting the name + the parameters. Neither worked. – Dramatological Jan 30 '12 at 22:10

score 1 · Answer 2 · answered Jan 30 '12 at 22:58

1

You might need to call session_write_close() to force a cookie to save before the script ends (or you redirect).
Check the default cookie storage place and see what is in the files. This is usually the /tmp directory on linux.
Stop storing cookies in files. Start storing them in encrypted cookies which will free you're server from the unneeded I/0 requests.

answered Jan 30 '12 at 22:58

Xeoncross

55,620
80
262
364

I checked the tmp files. The session with my ID has nothing at all in it. I deleted it and tried again. The session variables are not getting written to the files. – Dramatological Jan 30 '12 at 23:19
There is your problem - the files aren't being written too. Have you added the call to `session_write_close()` after you set the session variables? – Xeoncross Jan 30 '12 at 23:45

PHP $_SESSION not staying across localhost subdomains

2 Answers2