PHP Sessions across sub domains

dragonmantank picture dragonmantank · Jun 30, 2009 · Viewed 85.8k times · Source

I am trying to set up the following:

auth.example.com
sub1.example.com
sub2.example.com

If the user visits sub1.example.com or sub2.example.com and they are not logged in, they get redirected over to auth.example.com and can log in.

sub1.example.com and sub2.example.com are two separate applications but use the same credentials.

I tried setting the following in my php.ini:

session.cookie_domain = ".example.com"

but it doesn't seem to be passing the information from one domain to the other.

[Edit]

I tried the following:

sub1.example.com/test.php

session_set_cookie_params(0, '/', '.example.com');
session_start();
print session_id() . "<br>";
$_SESSION['Regsitered'] = 1;
echo '<a href="http://auth.example.com/test.php">Change Sites</a>'

auth.example.com/test.php

session_set_cookie_params(0, '/', '.example.com');
session_start();
print session_id() . "<br>";
$_SESSION['Checked'] = 1;
print_r($_SESSION);

The session IDs are exactly the same but when I dump out the $_SESSION variable it doesn't show both keys, just whatever key I set under each domain.

Answer

jeroen picture jeroen · Sep 22, 2009

I do not know if the problem still exists, but I just ran into the same problem and solved it setting a session name before calling session_set_cookie_params():

$some_name = session_name("some_name");
session_set_cookie_params(0, '/', '.example.com');
session_start();

I have changed nothing in my php.ini but now everything is working fine.