Preserving Session Variables Across Different Domains

Preserving session variables across different domains

Cross-domain session ids

Session ids are passed around using cookies by default. Since your websites are on different domains the session cookie does not transfer over, so that's one thing that prevents cross-domain sessions from working.

One technique to have the session ids transfer over is to append them to the query string of all your requests (PHP even has some degree of built-in support for this). However, this way of doing things has many drawbacks -- the most important being that people copy/paste URLs all the time, with all that implies about revealing valid and reusing invalid session ids -- and therefore is not recommended.

A much better approach would be to use Javascript to make cross-domain requests across all of the interested domains (which would need to be cooperating in this of course). This way you can seamlessly transfer your session id across as many servers as you need to.

Shared session data

Even if the cookie were not a problem, you would need to have the session data on some storage commonly accessible by all your servers. The default storage is the local filesystem, so again this is something that needs to change if you want cross-domain sessions.

A simple solution to this problem would be to use a custom session handler that stores the data on a database or other globally accessible store.

How a session variable in php multi domain?

I found a solution at once!
I check on the index of the site if user_id session exists, whether it is connected so it's ok if it does not exist so I made ​​a redirect to the main site.
If the session is I go through this url key user and connect the member with respect to this key (encrypt). But if it has not been found I did just a redirect to the site desired by the user! :)
Easy as pie (French term ^^) and functional!
thank you for your answer!

If you want to ask me the code.

Sharing session variables in PHP between subdomains

The only way I can think of to do this would be to save the session data to a cookie, then open the cookie when the other domain is accessed. You can read how to do this here: http://www.depiction.net/tutorials/php/cookies-session-variables.php

Out of curiosity, why do you want to do this?

Shared Session Across Domains

This is a security feature of web browsers - a session uses a cookie that is attached to a domain, and the browser will not send this cookie to another domain.

As you control both domains, you can achieve this by including auth information in the URL. This is a complicated topic. You could homebrew something that would work, but if you aren't familiar with the security problems you would be better using an off the shelf single sign on solution.

Sharing php Session ($_SESSION) across multiple domain

Considering your original question and your answers to Logan and myself in the comments of the original question I understand:

1 - you want to pass the session variables among a domain and its subdomains; and

2 - CI and Symfony load the session before you have a chance to do the ini_set command.

I believe you have two options:

1 - include the php configuration command in the php.ini file

session.cookie_domain=".foo.com"

If you try including it in the .htaccess it will not work if you are running php as a CGI module, which seems to be fairly common among shared hosting services.

2 - you can prepend a file to all php scripts in your site. Those will be put on top of every single php script your site runs, even the ones inside CI and Symfony. For example:

phpprepend.php file

<?php
ini_set('session.cookie_domain', '.foo.com');
?>

include the following line in your php.ini file:

auto_prepend_file = "/path/to/file/phpprepend.php"

Please let us know if this solves the problem.

Good luck!

---

Related Topics