I'm trying to set it up so if you log in to my website the session carries over to all sub-domains of my website. For example, if you go to domain.com and log in, then go to sub.domain.com, you'll already be logged in at sub.domain.com.
To my understanding, you would want to use ini_set('session.cookie_domain','.domain.com') and then session_start(), then set your session variables, but this isn't working.
Example of what I'm doing:
Code for domain.com:
<?php
ini_set('session.cookie_domain','.domain.com');
session_start();
$_SESSION['variable'] = 1;
?>
Code for sub.domain.com:
<?php
session_start();
echo $_SESSION['variable'];
?>
But $_SESSION['variable'] isn't set.
I've also tried using ini_set() in the sub.domain.com code, but it made no difference. I've verified that setting session.cookie_domain is working by using ini_get().
What am I doing wrong? Thanks!
Well, if all else fails, you could implement your own sessions - all
$_SESSION
is in PHP is a wrapper around a cookie set/get and a file-backed datastore. If you store a cookie manually with an identifier and then associate data with that identifier (say, in a DB, even), you can get essentially the same functionality (serialize()
may help if you want to store a bunch of varying session data).I know it's late after the question, but seeing this is the only proper answer I found and people are going to use it since the answer is voted up, I wanted to note that it is a session hack waiting to happen. So a solution for this:
To encrypt/decrypt (found it here somewhere, works like a charm):
This way nobody can read the session in the cookie. Cause you don't have to be a genius to insert a cookie in your browser. With this, people tend to forget that sessions are in fact readable from a server. If your browser can reach it, so can other programs.
First verify the ini_set
Update:
Just thought about it.. Did you also try:
Update 2: ALternate handling (manual cookie handling)
and in the subdomain file
Three lines you could add to every file to hand off / handle session info
What info are you passing through the session? Or are you using it to handle logins, etc?