Reputation: 1527
PHP session interfering with sub-domain session
I have a few websites on the same server with the following domains with the PHP session domain set to '.example.com' so the cookie is shared between the two websites:
- example.com
- shop.example.com
I also have a separate server with the following domain admin.example.com and want it to use its own session/cookie. But when there is a .example.com cookie, the admin.example.com website tries using that value instead of its .admin.example.com cookie value, causing session issues...
If I were to delete the .example.com cookie, the website works as intended by using the correct .admin.earlowen.com value.
I have set session.cookie_domain to .admin.example.com to no avail. Am I missing anything? Or is just not possible.
Upvotes: 0
Views: 74
Answers (1)
Reputation: 1922
Since they share the same domain, they are the same site and share a session.
You can manually override this by using session_name in your admin section.
Something like this:
<?php
//this forces the admin page to recognize a different cookie as it's session id
session_name('PHPADMINSESSID');
//start the session normally
session_start();
There are a few other tricky ways to do this, but you should generally avoid tricky, because you can easily forget what you did and not be able to figure it out later. I will explain some of those also for reference though:
Dual subdomains alter the expected hostname if they can be used, and will cause two different inherent sessions. For example
subdomain.example.comandexample.comwill share a session, butsubdomain.username.example.comandexample.comwill not, and will use separate sessions. You should avoid this, because if you decide to implement some backend logic to manage the session and expect them to be shared, this will become very difficult to work around.You can also force different sessions using session_id, but this requires that you manually track the id's and will get quite convoluted, and will also require you to set up some sort of data store to keep track of which sessions go to what, which adds a lot of unnecessary overhead.
Easiest way is to just use different session_name values for each session.
Upvotes: 1
Related Questions
- PHP: SESSION lost on SUBDOMAIN
- Different session variables between Domain and Subdomain
- PHP session shared with subdomain
- PHP Session fails on sub-domains
- PHP Sessions across subpages of same domain
- PHP Session variable not being set, possibly because subdomain on different server?
- php cross domain session problem
- Subdomain Session Issue
- Session on subdomains still not working
- PHP Subdomain session disappearing