{var%20f='http://v.t.sina.com.cn/share/share.php?appkey=1515056452',u=z||d.location,p=['&url=',e(u),'&title=',e(t||d.title),'&source=',e(r),'&sourceUrl=',e(l),'&content=',c||'gb2312','&pic=',e(p||'')].join('');function%20a(){if(!window.open([f,p].join(''),'mb',['toolbar=0,status=0,resizable=1,width=440,height=430,left=',(s.width-440)/2,',top=',(s.height-430)/2].join('')))u.href=[f,p].join('');};if(/Firefox/.test(navigator.userAgent))setTimeout(a,0);else%20a();})(screen,document,encodeURIComponent,'','','https://www.manongdao.com/data/attach/logo/logo.png', '推荐 明月照影归 的问题《PHP Sessions across sub domains》','https://www.manongdao.com/q-4437.html','页面编码gb2312|utf-8默认gb2312'));){kind=link}
I am trying to set up the following:
auth.domain.com
sub1.domain.com
sub2.domain.com
where if the user visits sub1.domain.com or sub2.domain.com and they are not logged in, they get pushed over to auth.domain.com and can log in. sub1.domain.com and sub2.domain.com are two separate applications but use the same credentials.
I tried setting the following in my php.ini:
session.cookie_domain = ".domain.com"
but it doesn't seem to be passing the information from one domain to the other.
[Edit]
I tried the following:
sub1.domain.com/test.php
session_set_cookie_params(0, '/', '.domain.com');
session_start();
print session_id() . "<br>";
$_SESSION['Regsitered'] = 1;
echo '<a href="http://auth.domain.com/test.php">Change Sites</a>'
auth.domain.com/test.php
session_set_cookie_params(0, '/', '.domain.com');
session_start();
print session_id() . "<br>";
$_SESSION['Checked'] = 1;
print_r($_SESSION);
The session IDs are exactly the same but when I dump out the $_SESSION variable it doesn't show both keys, just whatever key I set under each domain.
[Edit 2]
I updated [Edit]
I had a similar problem, however, this solution was good for me, perhaps will help others in the future
edit the php.ini
the magic is here
https://www.sitepoint.com/community/t/sessions-across-subdomains-domain-com-phpsessid-changes/3013/19
Try using:
Instead of:
Note the missing period.
Be careful using this, though, because it is not supported by all browsers.
I have read all answers above, I think my answer is helpful for people googling this.
* Make sure the browsers send session cookie back to servers (of domain and sub-domains), set session cookie domain as ".example.com".
* Make sure php find the right "target" to restore session var - If domain and subdomains point to the same machine (maybe different virtual hosts), make sure "session_save_path" is the same for all (I tested) - If domain and subdomains point to different machines, the common storage (like database) is best for saving and restoring session data (I didn't test yet). Use "session_set_save_handler" to do that.
I get the idea that you don't want something like OpenID, like Joel is suggesting, but that you want to have access to the session data across multiple domains.
The only possibility that I can think of as a solution for that problem is to store the sessiondata in a database, and pull it out of that database.