Nic
Nic

Reputation: 81

SESSION between subdomains and ini_set

I worked on a web tool that was great and working. I decided to change domain name, so I downloaded everything and uploaded everything on the new domain name.

My login system was really poor, but it worked as follows:

To keep the data between the subdomains, I placed this before assigning $_SESSION values:

ini_set("session.cookie_domain", "client.domain.com");
ini_set("session.cookie_domain", "mods.domain.com");
ini_set("session.cookie_domain", "domain.com");
ini_set("session.cookie_domain", "domain.com");
session_start();
$_SESSION['username'] = Other-code;

Of course, as I changed domain name, I changed "domain.com" with the new domain name.

Sadly, I noticed that it stopped working without any reason.. I already checked all the similar questions here, but even if I follow them and I do the things as I should.. $_SESSION is empty for the subdomain.

If you need any other info, let me know. Thanks in advance!

Upvotes: 0

Views: 251

Answers (1)

Cemal
Cemal

Reputation: 1579

ini_set("display_errors","on") on first line to see if there are any errors.

Of the first 4 lines, remove these 3 lines

ini_set("session.cookie_domain", "client.domain.com");
ini_set("session.cookie_domain", "mods.domain.com");
ini_set("session.cookie_domain", "domain.com");

and change the last line to

ini_set("session.cookie_domain", ".domain.com");

After login success and before login call session_regenerate_id() to change your session id. As suggested by jeroen in php-sessions-across-sub-domains you can also add the below 2 lines prior to session_start

$some_name = session_name("some_name");
session_set_cookie_params(0, '/', '.domain.com');

please keep in mind that if you are going to add the 2 line above, you also need to add them in your login page.

and as a final note, check if there's anything output to browser prior to session_start, if soyour setting for session will not be active and won't work

Upvotes: 1

Related Questions