I know this issue's been raised by others before, but sadly I can't get it working still. My site has many subdomains, and I want members to stay logged in no matter which subdomain they visit. However, even after following advice to put this session_set_cookie_params line before session_start() at the top of each file, the session is still only recognized in the root domain. <?php session_set_cookie_params(0, '/', '.mydomain.com'); session_start(); Code (markup): I've also heard of removing the dot before mydomain.com in the above code, but that doesn't work either. Can anyone please tell me what I'm doing wrong? If it helps, here's how the member's cookie is set when they log in: setcookie("username", $login_username, time()+60*60*24*365, "/", ".mydomain.com", FALSE, TRUE); Code (markup):
setcookie("username", $login_username, time()+60*60*24*365, < good "/" << this is asking you to pt something, maybe the host name or port "subdomain.com" should be no dots at the begining, and it shouldnt have http:// or www. at the start.
Thanks for the replies so far, I hope we can get to the bottom of this. If I understand the following correctly, then the "/" just means I'm not restricting the cookie's availability to any particular directory: Is that a better way of doing it? I get the impression that the approach I've been taking should work, if not for some annoying but hopefully fixable problem. I'm already running quite a lot of database queries on each page, so I'd rather avoid having to use it for sessions too if at all possible.
To work the session for all domains, you must set this session in a page which is running on top level domain. This will not work if you set session in this way in a subdomain and try to access on top level domain or in other subdomains.
mwasif, the login page is on the top level domain, so the original problem remains. However, you raise an interesting (and concerning) point. Once the original problem is solved - getting ahead of myself here! - am I still going to have issues with members who have logged in via the top level domain, then closed their browser (with a cookie to remember them), and come back the next day directly to a subdomain? Are you saying the new session wouldn't remember them from the previous day, as their existing cookie can't be accessed from their landing page? eg: 1) Log in via http://domain.com/login.php 2) Receive cookie as detailed in first post 3) Leave site, close browser, get some sunshine 4) Return straight to http://banana.domain.com/index.php The new session won't be able to retrieve their cookie to remember them?
Can you try this before session_start()? ini_set ( 'session.cookie_domain', '.mysite.com' ); Code (markup):