studius Posted August 3, 2018 Posted August 3, 2018 (edited) Hello, I've done a lot of research but cannot figure out how to make session variables created on one subdomain or root domain accessible to all other subdomains of that root domain. For example, if I login to my account on https://valid.studius.gq, the login php script sets the session variable "logged_in" to true. This allows access to all pages that are protected within the subdomain. However, the same session variable is not valid at https://matic.studius.gq and it redirects back to the login page. Any and all suggestions are appreciated. Thank you. Edited August 3, 2018 by studius
wolstech Posted August 4, 2018 Posted August 4, 2018 There's a PHP function you can use right before the session_start to change the domain the session cookie gets assigned to, and it can be set for "all subdomains". I can't remember it off the top of my head, but when I get to a pc I'll add it to this post.I ran into this exact issue when building an SSO system for my website... EDIT: This is what I used: session_set_cookie_params(0, '/', ".raxsoft.com",false, false); Place before the session_start() command in all documents that should be affected. Change the domain name to yours and make sure you keep the leading period.
studius Posted August 4, 2018 Author Posted August 4, 2018 Hi wolstech, Thank you for the reply. I think I was looking for something like this. I added the above function to all my php documents but for some reason I am still getting the same result. Basically, each of the protected pages on my site has an if-else php script that says "if (user is logged in) {show content} else {echo error message}" and even with the cookie set, I am getting the error message when logged in. I am not sure if this has something to do with the problem, but my login PHP script itself is located on a subdomain (valid.studius.gq) while the page the I am trying to access is also on a subdomain (matic.studius.gq) similar to how Google logs users in at accounts.google.com and provides content at, for example, drive.google.com. Must I move my login to the root folder of the domain (studius.gq) for the cookie to work or is something else the issue? Please help, thank you.
wolstech Posted August 4, 2018 Posted August 4, 2018 Sound like a code issue of some form. My login system is sso.raxsoft.com with webapps.raxsoft.com and si3.raxsoft.com hosting the apps and they all work fine. You are checking some index of $_SESSION in that if statement right? That array is the only variable that persists across pages.
studius Posted August 4, 2018 Author Posted August 4, 2018 Hi wolstech, Yes, I'm checking $_SESSION['is_logged_in'] which is set to 'true' if login is successful. I've checked my code for syntax errors before and after adding that line and both come out clean. The logic checks out too, as everything on valid.studius.gq (the subdomain where login is located) is able to use all the $_SESSION variables. Only other subdomains are having trouble accessing the variables.
wolstech Posted August 5, 2018 Posted August 5, 2018 Weird...I know this gave me trouble too, and it ended up being to do with my login code and the cookie. Have you added a var_dump($_SESSION); right below the session_start() on a few pages to confirm that the variables are indeed not transferring? (If they're not, you'll see the contents of session on one subdomain's pages at the top, but array(0) { } on the other subdomain's pages. Have you cleared your cookies since adding the session cookie code? If not, do so and retest. Finally, make sure you don't use an incognito window for testing (it should work in this just fine if you use links to navigate between subdomains, but typing a new URL or opening a new tab or window to change the subdomain can clear an incognito window's cookies, a lot of things that most assume would carry over in a regular window don't in incognito mode).
studius Posted August 5, 2018 Author Posted August 5, 2018 Hi wolstech, It works!!! Clearing the browser cookies since adding the session cookie code did the trick. I was also able to modify the length of the cookie so that users were automatically logged out after 30 mins of inactivity. Good stuff, thank you for all your help!
Recommended Posts
Create an account or sign in to comment
You need to be a member in order to leave a comment
Create an account
Sign up for a new account in our community. It's easy!
Register a new accountSign in
Already have an account? Sign in here.
Sign In Now