I have a problem sharing the session between two subdomains, and I've read a lot of threads here and other places.

I have www.xx.com and sub.xx.com and I've set

session_name("PHPSESSXX");
session_set_cookie_params(0, '/', '.xx.com');

and the session.save_path is the same on both domains.

I get a cookie called PHPSESSXX on both domains, and it has the same value.

When I log on to www.xx.com I get a session with some details in it, and it stays that way until I go to sub.xx.com. Then the session on sub.xx.com is empty, and if I refresh www.xx.com, the session there is gone as well. So it does something, but it seems to be overwriting the session data each time I visit a different subdomain.

Any ideas anyone? - Can i debug this somehow?

Btw: I'm using ssl on both domains.

cheers

PHP session ids are saved in Cookies. To make a cookie available in all the sub-domains you need to assign it to the root domain. Then all the sub-domains will get the session id from cookie and PHP can find the session using passed session id.

As it turns out, You just need to set the session.cookie_domain to the root domain in php.ini file

session.cookie_domain = ".example.com" Also check manual for different approaches used to set an ini entry.

Your question is answered here

Sharing SESSION Variables Between Multiple Subdomains

My solution was to set a flag in .htaccess like this:

php_flag "suhosin.session.cryptdocroot" 0

And it now works perfectly ;o)

The problem was that Suhosin was installed on the system, and the ini variable

suhosin.session.cryptdocroot = On

encrypted the session files in such a way, that when a different subdomain tried to change the session, it deleted everything for security reasons.

It didn't work for me to set the variable to Off or [nothing] in the ini-file, though maybe I didn't find the right file.

I also tried setting it in PHP without any luck. Like this:

ini_set('suhosin.session.cryptdocroot', 0)

cheers