Why can't I pass user sessions between subdomains?
I suspect the cookies are being set for .foo.example.com instead of .example.com. Try installing the Live HTTP Headers add-on for Firefox and checking what the cookies are getting set as.
To do this, open Live HTTP Headers and with the window open, go to the page that sets the cookie. In the window, there should be a line that looks like this.
Set-Cookie: lng=en-US; path=/; domain=.example.com;
If the cookie is set for domain=.foo.example.com; then you know what the problem is. However, if the domain is .example.com, something else is going on.
Also, if the cookies are getting set for .example.com on foo.example.com, check to see if the browser is sending cookies to bar.example.com. This should help track down where the problem is.
Can't share PHP sessions between subdomain and main
It is a limitation on Dremhost managed VPS, that don't allow sharing php sessions between virtual hosts (Subdomains). I have switched to another provider and everything works
Correct way to share login sessions across subdomains in Rails 3?
update: the suggested solution is not that ugly after all, ad-exchanges and DSPs/SSPs use the same technique to exchange a visitor's session ID so they can better target the visitor with ads (the next time that visitor pops up in their network again)
If you can circumvent the browser cross-domain barrier, you can do it. For example, JSONP is specifically built for this purpose. And yes, session info is always stored centrally, otherwise if you get a request with a session ID of "zigzag", how can you check if it is valid?
"Those" sites that authenticate on login.domain.com might use an ajax proxy, or use other method to get through the cross-domain problem.
The oldest "trick" is to create a hook in your application that looks like an image, as images can be loaded from everywhere.
For example, on login.domain.com you authenticate the user, sent to the server and back with a response, and a cookie will be stored under login.domain.com with the session ID (which is stored in the server as well). Then - from Javascript - you GET an image, with the session ID attached, like http://any.domain.com/path/image.jpg?sessionID=abcd -> any cookies sent back in the response will be stored under any.domain.com
Another solution - which is as ugly as the previous - is to use a hidden iframe to call to any.domain.com (when a successful authentication happens), that request will return a response, and its cookies will be written under the any.domain.com domain.
If you have a multitudes of subdomains, and you can complicate your architecture a bit, I highly advise that you create a proxy, and make it available to every subdomain on the same IP address. Then no matter where the user comes in, the authentication process will always be the same, for every subdomain.
Share session on subdomains in php
My solution was to set a flag in .htaccess
like this:
php_flag "suhosin.session.cryptdocroot" 0
And it now works perfectly ;o)
The problem was that Suhosin was installed on the system, and the ini variable
suhosin.session.cryptdocroot = On
encrypted the session files in such a way, that when a different subdomain tried to change the session, it deleted everything for security reasons.
It didn't work for me to set the variable to Off or [nothing] in the ini-file, though maybe I didn't find the right file.
I also tried setting it in PHP without any luck. Like this:
ini_set('suhosin.session.cryptdocroot', 0)
cheers
Related Topics
PHP Static Method Call with Variable Class Name and Namespaces
Phpdoc for Variable-Length Arrays of Arguments
How to Remove Empty Values from Multidimensional Array in PHP
How to Create a New Page in Prestashop Admin Panel
When Should I Use Closecursor() for Pdo Statements
How to Store a Class Instance in a $_Session Space
Replace Multiple New Lines with a Single Newline
.Htaccess Rewriterule: Two Domains Using Same Server and Directory
How to Remove Values from an Array in PHP
JavaScript or Jquery Doesn't Work in Dynamically Generated Content