treehouse : what would you like to learn today?
Web Design Web Development iOS Development

Forums

Illustration by Nick Sirotich

Advanced php

  • mailmevenkat
    Permalink to comment #
    hi guys i'm new to css-tricks forum. I have a problem in php its some what advanced. I want my session to be accessible by all my sub domain. That is if a user login to www.example.com then the user should also be logged in sub.example.com . I used session_set_cookie_params(time() + 3600, '/','.domain.com',false,false) it works fine in www.example.com and example.com but not in m.example.com . Can anyone help of out?
  • Blackhawkso
    Permalink to comment #
    The only thing I can think of is if you use $_SESSION to store the data it should keep the person logged in across the main and sub domains.
  • karlpcrowley
    Permalink to comment #
    As long as your subdomain is hosted on the same machine it should work
    You may need to specify the domain name when setting the cookie with this
    http://php.net/manual/en/session.configuration.php#ini.session.cookie-domain
  • mailmevenkat
    Permalink to comment #
    @karlpcrowley you mean to change php configuration. I tried it but after changing it the session is not even stored . So only i tried to do it via script

    @blackhawkso no it only works in the domain or sub domain where we store the session.

    Thanks for the replies.
  • karlpcrowley
    Permalink to comment #
    Set it with this
    <?php 
    session_set_cookie_params(0, '/', 'example.com'); 
    session_start();
  • mailmevenkat
    Permalink to comment #
    @karlpcrowley i tried to set it before but it failed . Now i use something like this
    <?php session_name(log);
    session_set_cookie_params(time() + 3600,'/','.example.com');
    session_start();

    I tried to use example.com instead of .example.com but now i can't even login.
  • Blackhawkso
    Permalink to comment #
    Sorry just posted a link but then found out that it don't work in PHP so ignore me lol
  • Blackhawkso
    Permalink to comment #
    I've just found this link for a tutorial on a way to get cookies to work cross domains

    http://www.phpbuilder.com/columns/chriskings20001128.php3
  • traq
    Permalink to comment #
    actually, you're circumventing the cookie by doing that. It also makes XSS and session fixation attacks much easier. Session id's should never be passed in the URL: only in the session cookie.

    mailmevenkat,
    the leading dot ( .example.com ) should work. (Works for me.)

    Is there any reason you're using session_name()? If not, it's better to let PHP generate a unique session name.

    Also, did you mean to use log or should it be "log"?
Add a Comment