PHP Session cross-subdomain issues

Source: Internet
Author: User
Tags session id php session tmp file subdomain

Today, there is a problem when doing the project. Before you do something, the session usually exists directly in the database so that you can solve the cross-domain

Not just across subdomains, but the problem today is that you have to make changes to what other people already have. Because only the subdomain

At that time there must be a simple solution, the mother of more than 10 minutes to fix:

The session is divided into two main parts:
One is session data, which is stored in the server's TMP file by default, and is in the form of a file
The other is the session Id,session ID that indicates session data, that is, the file name of the session file, the session Id is randomly generated, so it can guarantee uniqueness and randomness, ensure the security of the session. In general, if the lifetime of the session is not set, the session ID is stored in memory, the ID is automatically logged off after the browser is closed, and a session ID is re-registered after the page is re-requested. If the client does not disable cookies, the cookie plays the role of storing the session ID and session lifetime when the session is started.
Two different domain name website, want to use the same session, is involved in the session cross-domain problem!
By default, each server generates SESSIONID for the same client individually, for example, for the same user browser, the SESSION ID generated by a server is 11111111111, while the B server generates 222222. In addition, the session data of PHP is stored separately in the file system of this server. To share SESSION data, you must achieve two goals:
One is that each server generates the same session ID for the same client and can be passed through the same cookie, which means that each server must be able to read the same cookie named Phpsessid, and the other is how the session data is stored The location must ensure that each server has access to it. These two goals are simply the session ID of the multi-server (A, b Server) shared client, and must also share the session data on the server side.

There are three ways to solve this problem:
1. The following settings are provided at the beginning of the PHP page (to be preceded by any output and before session_start ())
Ini_set (' Session.cookie_path ', '/');

Ini_set (' Session.cookie_domain ', '. mydomain.com ');

Ini_set (' Session.cookie_lifetime ', ' 1800 ');

2. Set in php.ini

Session.cookie_path =/
Session.cookie_domain =. mydomain.com

Session.cookie_lifetime = 1800

3. Call the function at the beginning of the PHP page (condition same as 1)

Session_set_cookie_params (1800, '/', '. mydomain.com ');

My workaround is to add the following code to the entry:

Ini_set (' Session.cookie_path ', '/');

Ini_set (' Session.cookie_domain ', '. domain.com '); Notice that domain.com replaced your own domain name.

Ini_set (' Session.cookie_lifetime ', ' 1800 ');

Site One

Site Two

Can see the phpsessid of two sites is the same, of course, also solves the problem of cross-sub-domain name

PHP Session cross-subdomain issues

Contact Us

The content source of this page is from Internet, which doesn't represent Alibaba Cloud's opinion; products and services mentioned on that page don't have any relationship with Alibaba Cloud. If the content of the page makes you feel confusing, please write us an email, we will handle the problem within 5 days after receiving your email.

If you find any instances of plagiarism from the community, please send an email to: info-contact@alibabacloud.com and provide relevant evidence. A staff member will contact you within 5 working days.

A Free Trial That Lets You Build Big!

Start building with 50+ products and up to 12 months usage for Elastic Compute Service

  • Sales Support

    1 on 1 presale consultation

  • After-Sales Support

    24/7 Technical Support 6 Free Tickets per Quarter Faster Response

  • Alibaba Cloud offers highly flexible support services tailored to meet your exact needs.