different session with url's with-www and without-www

Question

I have a interactive web site that has authors. When an author enters the site on www.mysite.com and logs in, the session varible becomes

$_SESSION[loggedid]=true;

and site-theme changes.

But when he enters mysite.com (without www's) even he is logged in, he sees the default theme, can't write etc. I think they are different sessions, am i right? Is it depends on my server or browser or what? How can i make this 2, same sessions or redirect the user's from one to one?

Answer 1

It's RewriteRule

^(.*)$ http://www.mysite.com/$1 [R=permanent,L]

and not

$1 [R=permanent,L].

If you add .com$1 [R=permanent,L] in php.ini and you try mysite.com/index.php?id=934 it redirects you to mysite.comindex.php/?id934

Answer 2

session.cookie_domain =

php.ini directive

try using

session_set_cookie_params(0, '/', '.yourdomain.com');

that leading dot means session will affect every domain. Be aware of SUHOSHIN! Sometimes it restricts this function!

Answer 3

Set your session.cookie_path to the domain .yourdomainname.tld, note the starting dot (.).

Answer 4

Use this: https://www.php.net/session_set_cookie_params To set the domain to match all subdomains do this:

session_set_cookie_params($lifetime, '/', '.domain.com');

You need to use that before a calling session_start().

You could use this code example taken straight from the link above, which let's you keep all the current settings except the domain:

$currentCookieParams = session_get_cookie_params(); 

$rootDomain = '.example.com'; 

session_set_cookie_params( 
    $currentCookieParams["lifetime"], 
    $currentCookieParams["path"], 
    $rootDomain, 
    $currentCookieParams["secure"], 
    $currentCookieParams["httponly"] 
); 

session_name('mysessionname'); 
session_start(); 

Answer 5

Add this to your .htaccess file:

RewriteEngine on
RewriteBase /
RewriteCond %{HTTP_HOST} ^mysite\.com
RewriteRule ^(.*)$ http://www.mysite.com$1 [R=permanent,L]