Original: http://www.2cto.com/kf/201209/154013.html
The session is divided into two main parts:
One is session data, which is stored in the server's TMP file by default, and is in the form of a file
The other is the session Id,session ID that indicates session data, that is, the file name of the session file, the session Id is randomly generated, so it can guarantee uniqueness and randomness, ensure the security of the session. In general, if the lifetime of the session is not set, the session ID is stored in memory, the ID is automatically logged off after the browser is closed, and a session ID is re-registered after the page is re-requested. If the client does not disable cookies, the cookie plays the role of storing the session ID and session lifetime when the session is started.
Two different domain name website, want to use the same session, is involved in the session cross-domain problem!
By default, each server generates SESSIONID for the same client individually, for example, for the same user browser, the SESSION ID generated by a server is 11111111111, while the B server generates 222222. In addition, the session data of PHP is stored separately in the file system of this server. To share SESSION data, you must achieve two goals:
One is that each server generates the same session ID for the same client and can be passed through the same cookie, which means that each server must be able to read the same cookie named Phpsessid, and the other is how the session data is stored The location must ensure that each server has access to it. These two goals are simply the session ID of the multi-server (A, b Server) shared client, and must also share the session data on the server side.
There are three ways to solve this problem:
1. The following settings are provided at the beginning of the PHP page (to be preceded by any output and before session_start ())
Ini_set (' Session.cookie_path ', '/');
Ini_set (' Session.cookie_domain ', '. mydomain.com ');
Ini_set (' Session.cookie_lifetime ', ' 1800 ');
2. Set in php.ini
Session.cookie_path =/
Session.cookie_domain =. mydomain.com
Session.cookie_lifetime = 1800
3. Call the function at the beginning of the PHP page (condition same as 1)
Session_set_cookie_params (1800, '/', '. mydomain.com ');
My workaround is to add the following code to the entry:
Ini_set (' Session.cookie_path ', '/');
Ini_set (' Session.cookie_domain ', '. domain.com '); Notice that domain.com replaced your own domain name.
Ini_set (' Session.cookie_lifetime ', ' 1800 ');
Site One
Site Two
Can see the phpsessid of two sites is the same, of course, also solves the problem of cross-sub-domain name
Summary of PHP session cross-subdomain issues