sharing session across subdomains 1

[jemminger]

hi all,

i'm trying to get php to share sessions across my subdomains.

the user logs in to "main.site.com", and should be allowed to visit "sub.site.com" with the same session variables intact.

per the manual, i'm setting session cookies like so:

ini_set("session.cookie_domain", ".site.com");
session_set_cookie_params(0 , '/', ".site.com");

i'm getting strange results:
if you open the browser and log in to main.site.com, sub.site.com will not share the session.

if you log out / log back in without closing the browser, the session will be shared.

anyone have experience with this?

-jeff

http://www.jeffemminger.com

try { succeed(); } catch(E) { tryAgain(); } finally { rtfm(); }
i like your sleeves...they're real big

 

[sleipnir214]

Is your script invoking those two functions before or after invoking session_start()?

Want the best answers? Ask the best questions!

TANSTAAFL!!

 

[jemminger]

after... i've got a file that's included at the top of every page that calls session_start()


-jeff

http://www.jeffemminger.com

try { succeed(); } catch(E) { tryAgain(); } finally { rtfm(); }
i like your sleeves...they're real big

 

[sleipnir214]

That's the reason why.

The PHP online manual entry for session_set_cookie_params() states:

Thus, you need to call session_set_cookie_params() for every request [red]and before session_start() is called[/red].

(emphasis mine)

I'll bet the same is true for ini_set() when you're tweaking session behavior.

Want the best answers? Ask the best questions!

TANSTAAFL!!

 

[jemminger]

doh - glossed over that. thanks

-jeff

http://www.jeffemminger.com

try { succeed(); } catch(E) { tryAgain(); } finally { rtfm(); }
i like your sleeves...they're real big