PHP: session_cookie over subdomains?

Question

I'm rather new to PHP and sessions. I've actually never worked with them before and I'm having quite a few problems working with them with AJAX over a subdomain.

I'm on http://www.example.com/whatever and I'm setting the cookie with:

session_set_cookie_params(0, '/', '.example.com');
session_start();
if(!isset($_SESSION['password']) ) {
    $_SESSION['password'] = $_POST['password']; 
}
var_dump(ini_get_all('session')); //seems like it doesn't save the cookie???

Then I'm using jQuery (load()) to reload a certain part of the page. I'm loading somefile.php from http://subdomain.example.com/subdomain/somefile.php. I want to retrieve the session information inside this somefile.php. I'm using

var_dump(ini_get_all('session')); //can't find the cookie!??

if(isset($_SESSION['password']) ) {
    $user_pass = $_SESSION['password'];
    echo "Password: " . $user_pass . "<br>";
} else {
    print "can't find cookie!";
}

But I can't get the information! Any idea what I could have done wrong? Did I miss anything?

Answer 1

Even within the structure of the relevant RFCs getting cookies to work across sub-domians is far from trivial. Add to that the complication of the variation in different implementations by different browser suppliers - it's just not worth the hassle.

Use SSO instead. This has been discussed many times on Stack Overflow

C.

Answer 2

If the subdomain is run on a different server then... the session simply isn't there! This is because session data is by default saved somewhere in /tmp.

If you want to share session data across multiple servers, you'll need to write your own session handler and save them, for example, in a database. Session_set_save_handler()