tags:

views:

338

answers:

5
+2  Q: 

How can I preserve session information when redirecting from one subdomain to another?

I'm programming with PHP.

I want to redirect https://abc.example.com/blah1/blah2 to https://www.example.com/blah1/blah2 but I don't want to redirect https://abc.example.com redirect to https://www.example.com

Is it possible while preserving session information across the redirections?

Thank you.

A: 

Use a javascript redirect.

Janie  2009-07-14 20:02:25
What happens when a user has Javascript disabled?
MitMaro  2009-07-14 20:04:17
+1  A: 

If you’re using a cookie for the session ID, then you need to set the cookie for a common domain. If you are using www.example.com and foobar.example.com, you need to set the cookie for example.com to have it valid for both www.example.com and foobar.example.com.

Gumbo  2009-07-14 20:03:56
A: 

If you can use apache's Redirect you can try

RedirectMatch /(.+) https://www.domain.com/$1

with PHP it would be

<?php


    if ($_SERVER['REQUEST_URI'] != "/") {
        header("Location: ".$_SERVER['REQUEST_URI']);
        exit;
    }

?>

About session being invalidated, like Gumbo says, have the cookie issued for the main domain name instead of the specific ones.

Vinko Vrsalovic  2009-07-14 20:05:30
`REQUEST_URI` is *never* empty. It always starts with at least `/`.
Gumbo  2009-07-14 20:07:07
Are you certain of that? I edited accordingly.
Vinko Vrsalovic  2009-07-14 20:07:47
And also it seems I misunderstood the question.
Vinko Vrsalovic  2009-07-14 20:33:00
+3  A: 

You can continue using the redirects as you have them now, but adjust your session.cookie_domain to use the top-level domain (e.g. example.com). You can do this by using session_set_cookie_params or setting session.cookie_domain in your php.ini file (or in a .htaccess file after php_value directive). That should allow your session information to persist across all sub-domains of your site.

tj111  2009-07-14 20:16:44
what if I just use session without cookie?
Yc Zhang  2009-07-16 17:58:13
Sessions in PHP by default use cookies to store the *session id*. Then when the visitor loads a page, PHP uses that ID to fetch the data associated with that session. So when you create a session, you are also creating a cookie, although the only data it contains is the session id. It is possible to use sessions without a cookie, however it passes the session id around as a query parameter which has some serious security flaws.
tj111  2009-07-16 18:27:06
A: 

I'd say you can redirect by posting (POST) your sessionid to a new domain and store your session data in mysql with your own session handler.

 2009-07-14 20:52:48

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases