Grow your CSS skills. Land your dream job.

Advanced php

  • # March 19, 2012 at 6:14 pm

    hi guys i’m new to css-tricks forum. I have a problem in php its some what advanced. I want my session to be accessible by all my sub domain. That is if a user login to http://www.example.com then the user should also be logged in sub.example.com . I used session_set_cookie_params(time() + 3600, ‘/’,’.domain.com’,false,false) it works fine in http://www.example.com and example.com but not in m.example.com . Can anyone help of out?

    # March 19, 2012 at 7:27 pm

    The only thing I can think of is if you use $_SESSION to store the data it should keep the person logged in across the main and sub domains.

    # March 19, 2012 at 7:36 pm

    As long as your subdomain is hosted on the same machine it should work
    You may need to specify the domain name when setting the cookie with this

    http://php.net/manual/en/session.configuration.php#ini.session.cookie-domain

    # March 20, 2012 at 12:36 am

    @karlpcrowley you mean to change php configuration. I tried it but after changing it the session is not even stored . So only i tried to do it via script

    @blackhawkso no it only works in the domain or sub domain where we store the session.

    Thanks for the replies.

    # March 20, 2012 at 12:46 am

    Set it with this

    < ?php
    session_set_cookie_params(0, '/', 'example.com');
    session_start();
    # March 20, 2012 at 1:21 am

    @karlpcrowley i tried to set it before but it failed . Now i use something like this
    < ?php session_name(log);
    session_set_cookie_params(time() + 3600,'/','.example.com');
    session_start();

    I tried to use example.com instead of .example.com but now i can’t even login.

    # March 20, 2012 at 7:28 am

    Sorry just posted a link but then found out that it don’t work in PHP so ignore me lol

    # March 20, 2012 at 1:07 pm

    I’ve just found this link for a tutorial on a way to get cookies to work cross domains

    http://www.phpbuilder.com/columns/chriskings20001128.php3

    # March 31, 2012 at 11:13 pm

    actually, you’re circumventing the cookie by doing that. It also makes XSS and session fixation attacks much easier. Session id’s should never be passed in the URL: only in the session cookie.

    mailmevenkat,
    the leading dot ( .example.com ) should work. (Works for me.)

    Is there any reason you’re using session_name()? If not, it’s better to let PHP generate a unique session name.

    Also, did you mean to use log or should it be "log"?

Viewing 9 posts - 1 through 9 (of 9 total)

You must be logged in to reply to this topic.

*May or may not contain any actual "CSS" or "Tricks".