Reputation: 99
PHP Session Across Subdomains
I have a PHP 7 app running on Azure where clients move between multiple subdomains on the app but access the same web site. The subdomains differentiate companies, with one user associated with multiple companies. The user's info is tracked across those domains using a cookie.
My issue is, despite having the same cookie ID present on both subdomains, if I store info in the cookie on a.example.com, and then load the same page and cookie on b.example.com, it doesn't show that information. Inline with previous answers on SO, I am setting the cookie to be valid for / on .example.com.
I did having instance scaling turned on for my application, and thinking perhaps that was causing issues, I turned it off. But even with one instance, Azure still has two different hosts serving requests for different domains - although the same instance and thus should be the same shared session.
I'm using the code below on as a page I access on both subdomains that should be printing out all the subdomains I've visited with the cookie, but it only shows the current domain.
$currentCookieParams = session_get_cookie_params();
$serverParts = explode('.', $_SERVER['HTTP_HOST']);
$serverPartsCount = sizeof($serverParts);
session_set_cookie_params(
time() + 315360000, //(10 * 365 * 24 * 60 * 60),
'/',
'.'.$serverParts[$serverPartsCount-2].'.'.$serverParts[$serverPartsCount-1], //equates to '.mydomain.com'
TRUE,
$currentCookieParams["httponly"]
);
session_start();
//use an array to track every subdomain we visit with this cookie
if (!isset($_SESSION['visitedDomains']))
{
$_SESSION['visitedDomains'] = [];
}
$_SESSION['visitedDomains'][$_SERVER['HTTP_HOST']] = 'visited';
//show the cookie id
var_dump(session_id());
echo '<br><br>';
//the hostname of the machine serving this request
var_dump(gethostname());
echo '<br><br>';
//what should be a list of all domains visited using this cookie
var_dump($_SESSION['visitedDomains']);
echo '<br><br>';
//cookie params
var_dump(session_get_cookie_params());
Upvotes: 0
Views: 151
Answers (1)
Reputation: 9950
You'd need to set session.cookie_secure to FLASE. Make it like so:
session_set_cookie_params(
time() + 315360000, //(10 * 365 * 24 * 60 * 60),
'/',
'.'.$serverParts[$serverPartsCount-2].'.'.$serverParts[$serverPartsCount-1], //equates to '.mydomain.com'
FLASE,
$currentCookieParams["httponly"]
);
It works fine for me:
I'm using the code below:
<?php
$currentCookieParams = session_get_cookie_params();
$serverParts = explode('.', $_SERVER['HTTP_HOST']);
$serverPartsCount = sizeof($serverParts);
echo '.'.$serverParts[$serverPartsCount-2].'.'.$serverParts[$serverPartsCount-1];
echo '<br><br>';
session_set_cookie_params(
time() + 315360000, //(10 * 365 * 24 * 60 * 60),
'/',
'.'.$serverParts[$serverPartsCount-2].'.'.$serverParts[$serverPartsCount-1], //equates to '.mydomain.com'
FALSE,
$currentCookieParams["httponly"]
);
session_start();
//use an array to track every subdomain we visit with this cookie
if (!isset($_SESSION['visitedDomains']))
{
$_SESSION['visitedDomains'] = [];
}
$_SESSION['visitedDomains'][$_SERVER['HTTP_HOST']] = 'visited';
//show the cookie id
var_dump(session_id());
echo '<br><br>';
//the hostname of the machine serving this request
var_dump(gethostname());
echo '<br><br>';
//what should be a list of all domains visited using this cookie
var_dump($_SESSION['visitedDomains']);
echo '<br><br>';
//cookie params
var_dump(session_get_cookie_params());
Upvotes: 0
Related Questions
- PHP Sessions across sub domains
- Allow PHP sessions to carry over to subdomains
- PHP session shared with subdomain
- PHP cross subdomain session for subdomain on different server
- Share user session between SPA (subdomain) and API in main domain
- Sharing PHP session from subdomain to TLD
- Sessions and subdomains
- Maintaining Session Variables across Subdomains
- $_SESSION across subdomains
- Assigning and Passing Sessions Variables Between Subdomains