I am working with Cakephp and I have an issue maintaining session across subdomains. My problem is as follows:
Currently Cake is creating a cookie for each domain ie localhost and customer.localhost. This means that I cannot keep the session working for the user. Is there a way to make all cookies domain fixed to the parent domain with the goal of keeping the session working across subdomains?
I have tried entering this in my bootstrap but it has no effect: ini_set('session.cookie_domain', '.localhost');
If you think this cannot be done please feel free to let me know so that I can move on from this frustrating problem.
Many thanks,
kSeudo
Sessions (CakePHP 2.x):
To make the session cookie valid for all your subdomains and the top level domain, you actually need to set it yourself in your APP/config/bootstrap.php
file:
ini_set('session.cookie_domain', '.domain.com');
Then, in your APP/config/core.php
file, set Security to low:
Configure::write('Security.level', 'low');
"otherwise the referer_check will be set to the current HTTP_HOST in the CakeSession object line 441."
Sessions (CakePHP 3.x)
The session cookie path defaults to app’s base path. To change this you can use the session.cookie_path ini value. For example if you want your session to persist across all subdomains you can do:
Configure::write('Session', [
'defaults' => 'php',
'ini' => [
'session.cookie_path' => '/',
'session.cookie_domain' => '.yourdomain.com'
]
]);
Cookies (CakePHP 2.x):
On this page it explains that you can use the 'domain' variable:
The domain name allowed to access the cookie. e.g. Use ‘.yourdomain.com’ to allow access from all your subdomains.
Per their example code:
<?php
public $components = array('Cookie');
public function beforeFilter() {
parent::beforeFilter();
$this->Cookie->name = 'baker_id';
$this->Cookie->time = 3600; // or '1 hour'
$this->Cookie->path = '/bakers/preferences/';
$this->Cookie->domain = 'example.com';
$this->Cookie->secure = true; // i.e. only sent if using secure HTTPS
$this->Cookie->key = 'qSI232qs*&sXOw!';
$this->Cookie->httpOnly = true;
}
Cookies (CakePHP 3.x):
Read here.
The domain that the cookie is available. To make the cookie available on all subdomains of example.com set domain to ‘.example.com’.
There is a config in app/Config/core.php to change session cookie domain:
Configure::write('Session', array(
'defaults' => 'php',
'ini' => array(
'cookie_domain' => '.example.com'
)
));
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With