PHPsession cross-subdomain problem summary

Today, I encountered a problem during the project. When I was doing something before, the session usually exists directly in the database so that it can solve the cross-domain problem, not just cross-subdomain. But today, this problem is that I have to make changes on what others already have. Because it was just a subdomain, there must be simple... SyntaxHighlighter. all ();

Today, I encountered a problem during the project. When I was doing something before, the session usually exists directly in the database to solve the cross-domain problem.

This is not just cross-subdomain, but today we have to make changes on what others have. Because it is only a subdomain

At that time, there must be a simple solution. du Niang spent more than 10 minutes:

Sessions are divided into two parts:
One is Session data, which is stored in the tmp file of the server by default and exists as a file
The other is the Session Id of the Session data. the Session ID is the name of the Session file. the Session ID is generated randomly. Therefore, the uniqueness and randomness can be ensured to ensure the security of the Session. Generally, if the Session life cycle is not set, the Session ID is stored in the memory. when the browser is closed, the ID is automatically deregistered. after the page is requested again, a session ID is re-registered. If the client does not disable the Cookie, the Cookie plays the role of storing the Session ID and Session lifetime when the Session is started.
If you want to use the same Session for two different domain name websites, the cross-domain Session issue is involved!
By default, each server generates a session id for the same client. for example, for the same user browser, the session id generated by server A is 11111111111, server B generates 222222. In addition, the SESSION data of PHP is stored in the file system of the current server. To share SESSION data, you must achieve the following two goals:
One is that the SESSION IDs generated by each server on the same client must be the same and can be passed through the same COOKIE. that is to say, each server must be able to read the same phpsessid cookie; the other is the storage mode/location of SESSION data, which must be accessible to all servers. The two goals are simply to share the session id of the client with multiple servers (server A and server B) and the SESSION data of the server.

There are three solutions:
1. make the following settings at the beginning of the php page (before any output and before session_start ()
Ini_set ('session. cookie_path ','/');

Ini_set ('session. cookie_domain ',' .mydomain.com ');

Ini_set ('session. cookie_lifetime ', '123 ');

2. set in php. ini

Session. cookie_path =/
Session. cookie_domain = .mydomain.com

Session. cookie_lifetime = 1800

3. call the function at the beginning of the php page (condition 1)

Session_set_cookie_params (1800, '/', '.mydomain.com ');

My solution is to add the following code in the portal:

Ini_set ('session. cookie_path ','/');

Ini_set ('session. cookie_domain ',' .domain.com '); // replace domain.com with your own domain name.

Ini_set ('session. cookie_lifetime ', '123 ');

Site 1

Site 2

 

We can see that the PHPSESSID of the two sites is the same. of course, the problem of cross-subdomain names is also solved.