PHP - Sharing session between multiple subdomains
Problem found:
My subdomains are on different apache servers so sessions vars can't be shared. I'll use database storage with unique vars in cookies to share my variables.
Sharing session variables in PHP between subdomains
The only way I can think of to do this would be to save the session data to a cookie, then open the cookie when the other domain is accessed. You can read how to do this here: http://www.depiction.net/tutorials/php/cookies-session-variables.php
Out of curiosity, why do you want to do this?
Sharing session between multiple subdomains
To share sessions across sub-domains, you need to configure two things.
You need the proper cookie settings for the session cookie so that the browser will send the same session cookie to both sub-domains. This involves setting the
domain
attribute on the cookie to the root domain. You can set this in the cookie options for the express-session configuration.You need to make sure that the server for each sub-domain has access to the same session store. If it's actually the same server for each sub-domain, then that's easy. But, if it's a different server, then you will need a shared session store, using some type of shared database (redis, mongodb, etc...). There are session store implementations for many different databases.
Maintaining Session Variables across Subdomains
Ok I nailed it and it was a stinker.
Suhosin's suhosin.session.cryptdocroot option was the entire cause of the problem. When the session encryption key is based on the DocRoot it causes the subdomains to fail to see each other's session variables when the base domain and the subdomains are served from different directories. This leads to the session vars on the server being stored in different folders and hence they are not visible to each of the corresponding domains.
Solution. Simply add these 2 lines in your php.ini file:
suhosin.session.cryptdocroot=Off
suhosin.cookie.cryptdocroot=Off
A 48 hour nightmare to track down, 4.8 seconds to fix.
Share session on subdomains in php
My solution was to set a flag in .htaccess
like this:
php_flag "suhosin.session.cryptdocroot" 0
And it now works perfectly ;o)
The problem was that Suhosin was installed on the system, and the ini variable
suhosin.session.cryptdocroot = On
encrypted the session files in such a way, that when a different subdomain tried to change the session, it deleted everything for security reasons.
It didn't work for me to set the variable to Off or [nothing] in the ini-file, though maybe I didn't find the right file.
I also tried setting it in PHP without any luck. Like this:
ini_set('suhosin.session.cryptdocroot', 0)
cheers
Share session data between 2 subdomains
Set the sessionCookieDomain
attribute of <Context>
element of the webapp in question to .mydomain.com
(note the leading dot, this is very important). This will allow the webbrowser to share cookies among all subdomains.
If you actually have multiple webapp contexts and you want to share the session between them as well, then you also need to set sessionCookiePath
attribute of <Context>
element of the webapps in question to /
.
In a nutshell:
<Context sessionCookieDomain=".mydomain.com" sessionCookiePath="/">
See also:
- Tomcat 7 configuration reference - The Context container
For Tomcat 6 users: note that this was introduced in Tomcat 6.0.27. For those who can't upgrade, you would need a Valve
to modify the cookie domain, eventually in combination with emptySessionPath
attribute in <Connector>
element in /conf/server.xml
for the case that you've multiple webapp contexts for which you'd like to share the session.
Related Topics
Turn Database Result into Array
Token Must Be a Short-Lived Token and in a Reasonable Timeframe
Why Should I Fix E_Notice Errors
File_Get_Contents - Failed to Open Stream: Http Request Failed! Http/1.1 404 Not Found
Apache Rewrite - Get Original Url in PHP
How to Display Image from Database Using PHP
Check for Consecutive Dates Within a Set and Return as Range
How to Call a Model from a View
How to Extract Query Parameters from a Url String in PHP
Error While Using Pdo Prepared Statements and Limit in Query
How to Pass Variables Received in Get String Through a PHP Header Redirect