Using PHP sessions across subdomains

PostDec 20th, 2007 | Comments (9)
By default, PHP uses the 'PHPSESSID' cookie to propagate session data across multiple pages, and by default it uses the current top-level domain and subdomain in the cookie declaration.

Example: www.domain.com

The downside to this is that the session data can't travel with you to other subdomains. So if you started a session on www.domain.com, the session data would become unavailable on forums.domain.com. The solution is to change the domain PHP uses when it sets the 'PHPSESSID' cookie.

Assuming you have an init file that you include at the top of every PHP page, you can use the ini_set() function. Just add this to the top of your init page:

ini_set('session.cookie_domain',
substr($_SERVER['SERVER_NAME'],strpos($_SERVER['SERVER_NAME'],"."),100));

This line of code takes the domain and lops off the subdomain.

Example: forums.domain.com -> .domain.com

Now, every time PHP sets the 'PHPSESSID' cookie, the cookie will be available to all subdomains!

Comments

JeremyJul 27, 2008
thanks for the tip. although i think this means you have to always use "www" in your main domain.
Les BrownJan 3, 2009
I think Jeremy is incorrect. The whole point of this is to make sessions available across ALL sub-domains, and www is one of them.
PERR0_HUNTERJan 16, 2009
Will this work even if the servers are on different machines ? example1.domain.com and example2.domain.com are separated and I'd like em to manage the same session, is it possible ?
JayApr 2, 2009
@ PERRO_HUNTER:

Well, yes, the browser will send the session cookie to both servers. But, the session info is only stored on one server. The only way to overcome this would be to store session data in a database that both servers can access.
RizMay 26, 2009
Its not working for me.
I have added

ini_set('session.cookie_domain', '.my-domain.com');
session_start();

at the beginning of my config file which is included in every page but If I login on one sub-domain, I can not access session data on other sub-domains or www.

Am I missing something ???
HelperJun 14, 2009
I'd just like to add if you're working locally, you can't make the session work accross all subdomains of localhost, as it sees localhost as a top level domain. So basically...

This will NOT work:

ini_set('session.cookie_domain', '.localhost');

sub1.localhost and sub2.localhost will not share the same session but...

This will work:

ini_set('session.cookie_domain', 'example.localhost');

Now sub1.example.localhost and sub2.example.localhost will both work with the same session.

Hope that makes sense.
Sourabh NarayankarApr 22, 2010
Hey Helper your comment helped me a lot. To get the subdomain sessions working in local environment... Thanks very much...
gladiiJun 7, 2010
Thanks for the code.Its Working fine and thnks to Helper Too...
ShaneAug 26, 2010
There's also a session_set_cookie_params() function that does the same thing, in case you'd prefer to use that instead of the direct ini_set call.

Post a comment

Name
URL
Email
Comment