Categories

JavaScriptPHPHTMLCssPythonWordPressWeb developmentLinuxMySQLAndroidWindowsJavaC++ / C#LayoutReactUbuntuYiiDjangoProgramming1C-BitrixLaravelSystem administrationTelegramJSONDebianPostgreSQLIOSGoogleHtaccessWindows ServerGitMacOSGoogle ChromeCMSWooСommerceBootstrapNginxSQLUnityAPI
Make a leaderReport
A
A
akdes2015-03-15 21:46:21
PHP
akdes, 2015-03-15 21:46:21

Session on different subdomains, how?

Hello.
A request is sent from the example.com domain to api.example.com/?login, and a user session is created on api.example.com.
you need to have this session on api.example.com, but also check for it on example.com and example.com/my to control whether it's logged in or not.
I tried to insert before opening the session: What, in theory, should work on api. and www. but doesn't work. even on api. on a subsequent call, the session is lost. The explanation is "lost": when there is a login from the domain, the api successfully creates a session, and sends me the session ID for debugging. If I open the api directly, a new session is created with a different id. I tried it too . Thanks in advance. ini_set('session.cookie_domain', '.example.com' );
session_set_cookie_params(0, '/', '.example.com');

Reply
Answer the question

Answer the question

In order to leave comments, you need to log in

4 answer(s)
Report
X
xmoonlight, 2015-03-15
@xmoonlight

I read it, well ... and the chest just opens)
In .htaccess we insert on all subdomains:
The session handler for all subdomains in this case must be the same
or it is necessary to configure session transfer between different hosts.

Report
P
Puma Thailand, 2015-03-15
@opium

session_regenerate_id(true);
php.net/manual/en/function.session-regenerate-id.php

Report
E
Evgeny Bukharev, 2015-03-15
@evgenybuckharev

I recently solved this kind of issue.
It is necessary that cookies with the session id be available for subdomains, that is, .example.com, as you wrote, then when sending a request from example.com to api.example.com, it is better to use curl and insert cookies with the name PHPSESSID and the value from the cookie into the request body which is generated on api.example.com and available to example.com

Report
M
Max, 2017-12-25
@w_the_h

define('SITE_SES_DOMAIN', '.exemple.ru');//domain name for sessions and subdomains
define('SITE_SES_TIME',60*120);// session lifetime, 30 minutes (60*30)
It worked for me when such parameters + sessions are stored in the database
ini_set('session.gc_maxlifetime', SITE_SES_TIME);
ini_set('session.cookie_lifetime', 0); // 0 - the cookie dies when the browser is closed
ini_set('session.cookie_domain',SITE_SES_DOMAIN);
session_set_cookie_params(SITE_SES_TIME,"/",SITE_SES_DOMAIN);
setcookie('PHPSESSID',session_id(),0,"/",SITE_SES_DOMAIN);

Similar questions
E
Eugene2019-10-15 23:20:51
What engine does snik.co run on? 2Reply
G
GRO242019-10-20 17:02:09
Writing a loop to a variable? 2Reply
J
Jam Zey2021-04-22 09:57:02
Where is the best place to store config files of applications in AWS? 2Reply
P
pqgg7nwkd42019-10-30 16:25:50
How to switch to team development? 3Reply
V
Vlad Osadchyi2019-10-30 17:12:17
Why would in_array(1.7, range(0, 2, 0.1)) return false? 2Reply

Didn't find what you were looking for?

Ask your question

Ask a Question

731 491 924 answers to any question