Single session for more than one 3rd level domain

tanis

I noticed something that I absolutely want to fix but I do not have a clue of how to do it.

I have a set of domains like:

www.example.com
tanis.example.com
dummy.example.com

When the user does the login procedure he gets logged on the site he's currently on and session variables are set accordingly.

Then there is a check on each domain to see if the user has a cookie and if so, he gets the session started on that domain too.

I would like to do this differently and have a single session valid throughout the whole *.example.com domain. Is there any way to do that?

dalecosp

Hmm, I've been curious about this, too. I've been meaning to look into the PHPSESSID variable.......

tanis

In fact that's how I solved it.

The login page stores in a cookie the session id.

On all the domains there is an included block of code that checks for the cookie before initializing the session.
If the cookie with the session id is found, it is used as the session id so that it retains all the session data previously used.

ednark

thats kinda a fix for a problem that doesn't exist

your solution is good. your solution is so good that php already uses it. 🙂

php should already store a cookie with the session id in it... and use that cookie

look in your php.ini file... you should be able to set properties about the cookie php uses to store the session id in..

; The path for which the cookie is valid.
session.cookie_path = /

; The domain for which the cookie is valid.
session.cookie_domain =

you could just set those in your php.ini and then you don't need to put in your extra script on each page since php takes care of it for you.

tanis

Heh! You're right. But I do not have access to php.ini nor httpd.conf on the server I'm working on, so I cannot really do that.

But that's realy funny anyway 🙂

ednark

you may have access to the

ini_set and ini_get functions

if fo you can simply say

ini_set( 'session.cookie_domain', '.my.domain' )

see if you can do that