PHP Sessions across sub domains

2018-12-31 07:21发布

站内问答 / PHP
1735 16 4

I am trying to set up the following:

auth.domain.com
sub1.domain.com
sub2.domain.com

where if the user visits sub1.domain.com or sub2.domain.com and they are not logged in, they get pushed over to auth.domain.com and can log in. sub1.domain.com and sub2.domain.com are two separate applications but use the same credentials.

I tried setting the following in my php.ini:

session.cookie_domain = ".domain.com"

but it doesn't seem to be passing the information from one domain to the other.

[Edit]

I tried the following:

sub1.domain.com/test.php

session_set_cookie_params(0, '/', '.domain.com');
session_start();
print session_id() . "<br>";
$_SESSION['Regsitered'] = 1;
echo '<a href="http://auth.domain.com/test.php">Change Sites</a>'

auth.domain.com/test.php

session_set_cookie_params(0, '/', '.domain.com');
session_start();
print session_id() . "<br>";
$_SESSION['Checked'] = 1;
print_r($_SESSION);

The session IDs are exactly the same but when I dump out the $_SESSION variable it doesn't show both keys, just whatever key I set under each domain.

[Edit 2]

I updated [Edit]

16条回答
查无此人
2楼-- · 2018-12-31 07:42

Simply try using following code just above session_start() method

$sess_life_time = 21600; //in seconds
$sess_path = "/";
$sess_domain = ".you-site-name.com";
$sess_secure = true; // if you have secured session
$sess_httponly = true; // httponly flag

session_set_cookie_params($sess_life_time, $sess_path, $sess_domain, $sess_secure, $sess_httponly);
查看更多
0人赞 添加讨论(0) 举报
明月照影归
3楼-- · 2018-12-31 07:43

I don´t know if the problem still exists, but I just ran into the same problem and solved it setting a session name before calling session_set_cookie_params():

$some_name = session_name("some_name");
session_set_cookie_params(0, '/', '.some_domain.com');
session_start();

I have changed nothing in my php.ini but now everything is working fine.

查看更多
0人赞 添加讨论(0) 举报
情到深处是孤独
4楼-- · 2018-12-31 07:43

Use this , it works: 

ini_set('session.cookie_domain', 
    substr($_SERVER['SERVER_NAME'],strpos($_SERVER['SERVER_NAME'],"."),100));
查看更多
0人赞 添加讨论(0) 举报
柔情千种
5楼-- · 2018-12-31 07:47

I know this is old but this works fine for me with multiple domains and sub domains on the same box.

<?php
define('site_domain','domain.com');
session_set_save_handler('_open',
                         '_close',
                         '_read',
                         '_write',
                         '_destroy',
                         '_clean');

function _open(){

    global $_sess_db;

$db_user = 'user';
$db_pass = 'pass';
$db_host = 'localhost';

if ($_sess_db = mysql_connect($db_host, $db_user, $db_pass)){

    return mysql_select_db('database', $_sess_db);

}

return false;

}

function _close(){

    global $_sess_db;
    return mysql_close($_sess_db);

}

function _read($id){

    global $_sess_db;
    $id = mysql_real_escape_string($id);
    $domain = mysql_real_escape_string(site_domain);
    $agent = mysql_real_escape_string(isset($_SERVER['HTTP_USER_AGENT']));

    $sql = "SELECT data
    FROM sessions
    WHERE id = '$id' AND domain = '$domain' AND agent = '$agent'";

     if ($result = mysql_query($sql, $_sess_db)){

         if (mysql_num_rows($result)){
             $record = mysql_fetch_assoc($result);
             return $record['data'];
        }

    }

    return '';

}

function _write($id, $data){

    global $_sess_db;
    $access = time();

    $id = mysql_real_escape_string($id);
    $access = mysql_real_escape_string($access);
    $data = mysql_real_escape_string($data);
    $domain = mysql_real_escape_string(site_domain);
    $agent = mysql_real_escape_string(isset($_SERVER['HTTP_USER_AGENT']));

    $sql = "REPLACE INTO sessions
    VALUES ('$id', '$access', '$data', '$domain', '$agent')";

    return mysql_query($sql, $_sess_db);

}

function _destroy($id){

    global $_sess_db;
    $id = mysql_real_escape_string($id);
    $domain = mysql_real_escape_string(site_domain);
    $agent = mysql_real_escape_string(isset($_SERVER['HTTP_USER_AGENT']));

    $sql = "DELETE FROM sessions
    WHERE id = '$id' AND domain = '$domain' AND agent = '$agent'";

    return mysql_query($sql, $_sess_db);

}

function _clean($max){

    global $_sess_db;
    $old = time() - $max;
    $old = mysql_real_escape_string($old);
    $domain = mysql_real_escape_string(site_domain);
    $agent = mysql_real_escape_string(isset($_SERVER['HTTP_USER_AGENT']));

    $sql = "DELETE FROM sessions
    WHERE  access < '$old' AND domain = '$domain' AND agent = '$agent'";

    return mysql_query($sql, $_sess_db);

}

?>

查看更多
0人赞 添加讨论(0) 举报
何处买醉
6楼-- · 2018-12-31 07:53

Use it on every domain/subdomain:

session_name('name');
ini_set('session.cookie_domain', '.example.com');
ini_set('session.save_path', '/var/lib/php/session');
session_start();

Path for session.save_path can be different for your case but it should be the same on every domain/subdomain. It is not always true by default.

查看更多
0人赞 添加讨论(0) 举报
孤独总比滥情好
7楼-- · 2018-12-31 07:54

I solved it like this

ini_set('session.cookie_domain', '.testdomain.dev');
session_start();

Because I was working on localhost 

ini_set('session.cookie_domain', '.localhost');

wasn't working, it sees .localhost as the toplevel instead of .com/.local/... (I suspect)

I also used .dev because working on OS X doesn't seem to resolve .com as first in HOSTS

查看更多
0人赞 添加讨论(0) 举报
上一页 1 2 3 下一页
登录 后发表回答
相关问题
查看全部
相关文章
查看全部
收藏的人(4)