Session handling, login across all subdomains

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View
I run a Joomla website and am familiar with php in some but not all
aspects. Currently I am trying to find some solutions related to
session handling.

Am I correct in saying that "login" is kept in sessions? I can see
active sessions in my mysql database, but is that the only place this
information is stored? Sessions and cookies I know are related also,
but how specifically (session info stored in cookies?)?

Right now, when users login at, and then visit, they are not logged in at the subdomain. I am
trying to change this so that users logged in on the main site or any
subdomain are also logged in across all other subdomains and the main
site. I know sites like livejournal successfully accomplish this.

I have read some stuff about mod_rewrite solutions, but I don't think
this is really what I need. From what I can tell, the domain is stored
in a session, and I may need to generalize it somehow, but I don't
know how to test this.

Any ideas?

Re: Session handling, login across all subdomains

Quoted text here. Click to load it
Besides the name of the session cookie and the place where the session
information is stored, both the sites also need to share the idea of who a
"user" is. That would generally mean that both the sites use the same database,
or at least the users information comes from the same table.

That might be question of setup or installing additional modules etc. I don't
know specifics of Joomla.


Re: Session handling, login across all subdomains

Josh wrote:
Quoted text here. Click to load it

Your problem is the session id is kept in a cookie. However, the browser
will not normally send a cookie from one website to a different website.
  And even though they are subdomains of the same domain, they are
different sites.

To get them to work with all of your subdomains, in your php.ini file set

session.cookie_domain =

where is your main domain.  The leading period is important.

Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.

Re: Session handling, login across all subdomains

Quoted text here. Click to load it

...but test it first - particularly with MSIE 8 and FF3.

A better solution might be to look at single sign on - or at least
rebinding the session id at runtime.


Site Timeline