sessions et subdomains

Do you have a question? Post it now! No Registration Necessary.  Now with pictures!

Threaded View

I have the domain "". I want to keep my session also on and
If I'm putting

Keeps only on and

And if I'm puting

I have only on

Thanks in advance

Re: sessions et subdomains

Quoted text here. Click to load it

Its not easy - using cross domain cookies is not a good idea - the
solution is to implement some sort of single sign on where you create
a cookie in the other domains referencing the same session as where
the logon was validated.

This has been documented elsewhere bu briefly:

have the session generation (login) page only on one domain, say When a user acces a page which requires a session
in any domain, redirect them to the page passing the URL originally
requested as a $_GET var.

In the login page, check if they have a session, if not present a
login page. Once a valid session is established redirect back to the
requested URL with the session id encrypted as a GET parameter:

define ('MAGIC_COOKIE', 'Mazgalici');
$original_url='goto=' . urlencode($_GET['users_url']);
if ($_SESSION['validated_username']) {
    $sess_id='sessid=' . urlencode(encrypt((session_id() . '|' .

... then at the other end of the redirection set a cookie for the
session pointing back to the original session:

define ('MAGIC_COOKIE', 'Mazgalici');
list($decrypted, $validate)=explode('|', decrypt($_GET['sess_id']));
if ($validate==MAGIC_COOKIE) {
   set_cookie(session_name(), $decrypted);
// session now exists at the original domain, proceed to the
$_GET['goto'] url


Re: sessions et subdomains

Quoted text here. Click to load it

Solution: force on them (by webserver config/redirect). No  
people accessing directly by http anymore, a redirect for the lazy  
types (like myself), and you're done.
Rik Wasmus

Site Timeline