PHPsession cross-subdomain problem summary _ PHP Tutorial

Source: Internet
Author: User
Tags tmp file subdomain
PHPsession cross-subdomain problem summary. Today, I encountered a problem during the project. When I was doing something before, the session usually exists directly in the database so that it can solve the cross-domain problem, not just cross-subdomain.

Today, I encountered a problem during the project. When I was doing something before, the session usually exists directly in the database to solve the cross-domain problem.

This is not just cross-subdomain, but today we have to make changes on what others have. Because it is only a subdomain

At that time, there must be a simple solution. du Niang spent more than 10 minutes:

Sessions are divided into two parts:
One is Session data, which is stored in the tmp file of the server by default and exists as a file
The other is the Session Id of the Session data. the Session ID is the name of the Session file. the Session ID is generated randomly. Therefore, the uniqueness and randomness can be ensured to ensure the security of the Session. Generally, if the Session life cycle is not set, the Session ID is stored in the memory. when the browser is closed, the ID is automatically deregistered. after the page is requested again, a session ID is re-registered. If the client does not disable the Cookie, the Cookie plays the role of storing the Session ID and Session lifetime when the Session is started.
If you want to use the same Session for two different domain name websites, the cross-domain Session issue is involved!
By default, each server generates a session id for the same client. for example, for the same user browser, the session id generated by server A is 11111111111, server B generates 222222. In addition, the SESSION data of PHP is stored in the file system of the current server. To share SESSION data, you must achieve the following two goals:
One is that the SESSION IDs generated by each server on the same client must be the same and can be passed through the same COOKIE. that is to say, each server must be able to read the same phpsessid cookie; the other is the storage mode/location of SESSION data, which must be accessible to all servers. The two goals are simply to share the session id of the client with multiple servers (server A and server B) and the SESSION data of the server.

There are three solutions:
1. make the following settings at the beginning of the php page (before any output and before session_start ()
Ini_set ('session. cookie_path ','/');

Ini_set ('session. cookie_domain ',' .mydomain.com ');

Ini_set ('session. cookie_lifetime ', '123 ');

2. set in php. ini

Session. cookie_path =/
Session. cookie_domain = .mydomain.com

Session. cookie_lifetime = 1800

3. call the function at the beginning of the php page (condition 1)

Session_set_cookie_params (1800, '/', '.mydomain.com ');

My solution is to add the following code in the portal:

Ini_set ('session. cookie_path ','/');

Ini_set ('session. cookie_domain ',' .domain.com '); // replace domain.com with your own domain name.

Ini_set ('session. cookie_lifetime ', '123 ');

Site 1

Site 2

We can see that the PHPSESSID of the two sites is the same. of course, the problem of cross-subdomain names is also solved.

Bytes. When I was doing something before, the session usually exists directly in the database so that it can solve the cross-domain problem, not just cross-subdomain, but today I encountered this question...

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.