0

On my homepage www.website.com I have a login form and it registers a session:

ini_set('session.gc_maxlifetime', 7200);//set cookie lifetime to 2 hours
ini_set("session.cookie_lifetime", 7200);
ini_set("session.cookie_httponly", 1);//set cookie httponly
ini_set("session.cookie_domain", ".website.com");
session_start();
$_SESSION['login']='yes';
header('Location: http://panel.website.com/');

So the user will be redirected to http://panel.website.com. There I have the following code:

ini_set('session.gc_maxlifetime', 7200);//set cookie lifetime to 2 hours
ini_set("session.cookie_lifetime", 7200);
ini_set("session.cookie_httponly", 1);//set cookie httponly
ini_set("session.cookie_domain", ".website.com");
session_start();
if (!isset($_SESSION['login'])) {
    header('Location: http://www.website.com/error.php' );
    exit();
}

So the problem is: the subdomain doesnt have access to the session, and the user is always redirected to website.com/error.php.

What should I change? I tried session.cookie_domain, but it doesn't work. Please tell me if you need more info (like phpinfo data).

Thanks!

hakre
  • 193,403
  • 52
  • 435
  • 836
Jordy
  • 4,719
  • 11
  • 47
  • 81

1 Answers1

0

From here: PHP Sessions across sub domains Setting a session name seems to fix it.

$some_name = session_name("some_name");
session_set_cookie_params(0, '/', '.website.com');
session_start();
Community
  • 1
  • 1
aurbano
  • 3,324
  • 1
  • 25
  • 39
  • Session name shouldn't make a difference, so I wonder why it was suggested as an answer. The linked question doesn't tell that from what I read there. – hakre Mar 18 '12 at 16:45
  • Problem solved: idiots of host disabled write and read permissions for the session save path:S – Jordy Mar 18 '12 at 17:30