Reputation: 48963
PHPSESSID Cookies on Sub-domains are having conflicts with each other
We are having some issues with PHP Session Cookies not allowing us to log into our *SugarCRM** application which is open source PHP application.
The problem is we have the same application installed on 2 sub-domains like below...
Main site
www.domain.com
Dev site
dev.www.domain.com
Now after logging into one, it will not allow you to login to the other!
Please view the image below to see the Cookie problem...
In the image above you can see that there is 2 PHPSESSID Cookies competing for the Session!
If I now delete one of them, it allows me to login as normal without an issue!
Because this is SugarCRM, I am hoping I can resolve this issue without making really any core file modifications to the application. But if I have to, then we will.
So does anyone have any ideas on a good solution?
Right now my idea for a "Nasty Dirty Hack" which I really do NOT want to have to do. It is to make a button on the login form, this button will use JavaScript to clear/delete the PHPSESSID Cookies but again I would really like to find a proper solution.
If anyone has any ideas, please share? Thank you
UPDATE
Thanks for the answers so far. Please do take into acocunt that this is not a simple PHP application that I built where I can easily do code changes. THis is SugarCRM which is a massive large application with thousands of files
Upvotes: 4
Views: 4262
Answers (5)
Reputation: 21
It has been a while since I had this issue but I think all you have to do is write each instances session file to a different directory by editing the config.php in each SugarCRM's file system and change the line
'session_dir' => '',
to point at a different directory.
Upvotes: 0
Reputation: 3058
Its actually not the domain you need to change, but the "session name" (name of the cookie parameter). Both apps seem to be using the default "phpsessid" and need to be made to differ, otherwise the apps will see eachother sessions, see the wrong session, or try to unserialize classes only defined in the other project.
You need to change the cookie parameter its storing the session ID in. It can be controlled from an environment variable (php.ini, .htaccess, etc.): https://www.php.net/manual/en/session.configuration.php#ini.session.name
This way you can have multiple PHP sessions on the same domain. For example if you had example.com/sugarcrm and example.com/foo You could have sugarCRM store it's session ID in a cookie param called "sugarsession" (instead of the default phpsessid)
Upvotes: 0
Reputation: 1652
Try to use function (http://php.net/manual/en/function.session-set-cookie-params.php):
session_set_cookie_params ( $lifetime, $path, $domain, $secure, $httponly)
And set one $domain = '.domain.com'
Or if you setting session cookie manually by setcookie, then setting the same domain too
Upvotes: 0
Reputation: 183
to set the session from the subdomain, on the principal domain.
Upvotes: 0
Reputation: 809
Try to setup in .htaccess parameter on subdomain
php_value session.cookie_domain .domain.com
or use in php code, but before "session_start()"
ini_set('session.cookie_domain', '.domain.com' );
Upvotes: 0
Related Questions
- Using same cookie across selective subdomains
- PHP session is getting reset between subdomains
- php cookie is set for whole domain even if it is set for sub directory
- Sessions not being set on different subdomains
- Cross subdomain PHPSESSID on localhost
- PHP cookies not accessible from www. subdomain
- $_COOKIE not working when cookie set on subdomain - and read on same subdomain
- Using same cookies with differents subdomains in Wordpress
- How do I resolve conflicting session cookies on specific subdomain?
- Subdomain Session Issue