Logo Questions Linux Laravel Mysql Ubuntu Git Menu
HTML CSS JAVASCRIPT SQL PYTHON PHP BOOTSTRAP JAVA JQUERY R React Kotlin
 

Maintaining Session Variables across Subdomains

Tags:

php

session-variables

subdomain

session-cookies

I have been trying to maintain session vars between two subdomains and found it impossible. I ended up creating 2 minimal PHP web pages as a test bed, one I call 'test 1' just sets 

$_SESSION['test'] = "Fred";

and has a hyperlink to 'test 2' which simply tries to echo the value of $_SESSION['test'] to prove it's worked, or not. I place 'test 1' in my www domain and 'test 2' in my sub domain. I try various version of what should go in the header, from various sources. Here are the main 3 (and of course their variants):

ini_set('session.cookie_domain',substr($_SERVER['SERVER_NAME'],strpos($_SERVER['SERVER_NAME'],"."),100));
session_start();

or

ini_set('session.cookie_domain','mydomain.com');
session_start();

or

ini_set('session.cookie_domain', PHP_INI_ALL);
session_start();

or

session_set_cookie_params(0, "/", ".mydomain.com", false);
session_start();

I find that I get an identical result in every case. The session is not carried across the subdomains and page test 2 has no idea what value I set $_SESSION['test'] to. Yet there seems to be plenty of certainty around the 'net that one of the above methods should work. Any idea what could be going on, especially since I am using minimal pages to test the mechanism (no side effects that I can see)? By the way I am on a shared server, if that's pertinant here.

Thank you for your thoughts. Frank.

Edit. I fixed it. The problem was caused by Suhosin. See detailed answer at the foot of this page.

like image 842
Frankie Avatar asked Feb 16 '12 19:02

Frankie

1 Answers

Ok I nailed it and it was a stinker.

Suhosin's suhosin.session.cryptdocroot option was the entire cause of the problem. When the session encryption key is based on the DocRoot it causes the subdomains to fail to see each other's session variables when the base domain and the subdomains are served from different directories. This leads to the session vars on the server being stored in different folders and hence they are not visible to each of the corresponding domains.

Solution. Simply add these 2 lines in your php.ini file:

suhosin.session.cryptdocroot=Off
suhosin.cookie.cryptdocroot=Off

A 48 hour nightmare to track down, 4.8 seconds to fix.

like image 80
Frankie Avatar answered Oct 18 '22 11:10

Frankie
Sign in to Comment

Related questions

Upgrading Zend Framework - Steps & Guidance
Cut-off a string after the fourth line-break
In PHP, is there a way to get all declared classes in a specific namespace?
Analyzing a PHP program [closed]
How to add Captcha in Zend Form?
htmlspecialchars ampersand
Simple? Increase Field/Box Size
Automatic Soundcloud PHP Api authentication without user interaction
Using PHPUnit to mock a programatically determined method not specified in the class under test
Trouble saving an xml file using DOMDocument->save('filename')
How to avoid file deadlocks when PHP process/server crashes?
PHP+CSS Obfuscation - PHP ord THEN PHP strrev + CSS reverse text, how to get the special chars validated backwards?
Easiest way to build / obtain php_memcache.dll for PHP 5.4
How to calculate the difference between two days as a formatted string?
Send php email from contact form
DDD - Entity creation and validation responsibility
How can I enable PHP errors on OSX Lion?
PHP cli micro-framework?
Turning off Deprecation warnings in PHP.ini file WAMP
How Do I Create Returning Page Setting with WorldPay?

Donate For Us

If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!