views:

90

answers:

2

We have a CentOS 5.4 server serving a number of our websites. The server is managed by Plesk 9.2.3. Our websites are developed in php.

We have our main domain ourapplication.co.uk in /var/www/vhosts/ourapplication.co.uk/httpdocs, and our subdomain api.ourapplication.co.uk in /var/www/vhosts/ourapplication/subdomains/api/httpdocs

The following pages are in BOTH locations:

davidstest1.php

<?php
session_start();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"&gt;
<html xmlns="http://www.w3.org/1999/xhtml"&gt;
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<meta http-equiv="X-UA-Compatible" content="IE=7" />
<title>Code Blue Stats</title>
<link rel="stylesheet" type="text/css" href="css/style.css" />
</head>
<body>
<?php
echo "This is Davids Test 1. It will set SESSION['davids']='davids variable set' and then link
to davidstest2.php<br />
davidstest2 wil then do a session_start() call, and attempt to display SESSION['davids'] <br />";
$_SESSION['davids']='davids variable set';
?>
<a href="davidstest2.php">davidstest2.php</a>
</body>
</html>

davidstest2.php

<?php
session_start();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"&gt;
<html xmlns="http://www.w3.org/1999/xhtml"&gt;
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<meta http-equiv="X-UA-Compatible" content="IE=7" />
<title>Code Blue Stats</title>
<link rel="stylesheet" type="text/css" href="css/style.css" />
</head>
<body>
<?php
echo "This is Davids Test 2. It will do a session_start() call, and attempt to display SESSION['davids'] <br />";
$r=print_r($_SESSION, true);
echo "<pre>Session in <br />";
echo $r;
echo "<br /></pre>";
?>
<a href="davidstest2.php">davidstest2.php</a>
</body>
</html>

in the MAIN domain, davidstest2 returns

This is Davids Test 2. It will do a session_start() call, and attempt to display SESSION['davids'] 
Session in 
Array
(
    [siteMode] => none
    [davids] => davids variable set
) 
davidstest2.php

in the api SUBDOMAIN, davidstest2 returns

This is Davids Test 2. It will do a session_start() call, and attempt to display SESSION['davids'] 
Session in 
Array
(
)
davidstest2.php

Obviously, something in the Apache config or the Php config is wrong, as the session variable should be stored for both domains

Relevant phpinfo() reports:
Session Support enabled
Registered save handlers    files user
Registered serializer handlers  php php_binary wddx
session.auto_start  Off Off
session.bug_compat_42   Off Off
session.bug_compat_warn On  On
session.cache_expire    180 180
session.cache_limiter   nocache nocache
session.cookie_domain   no value    no value
session.cookie_lifetime 0   0
session.cookie_path /   /
session.cookie_secure   Off Off
session.entropy_file    no value    no value
session.entropy_length  0   0
session.gc_divisor  1000    1000
session.gc_maxlifetime  1440    1440
session.gc_probability  1   1
session.hash_bits_per_character 5   5
session.hash_function   0   0
session.name    PHPSESSID   PHPSESSID
session.referer_check   no value    no value
session.save_handler    files   files
session.save_path   /var/lib/php/session    /var/lib/php/session
session.serialize_handler   php php
session.use_cookies On  On
session.use_only_cookies    Off Off
session.use_trans_sid   0   0

Any ideas where to start looking?

+1  A: 

session.cookie_domain should be set according to cookie domain setting explained in http://php.net/setcookie

session_set_cookie_params() function is often used for this

Col. Shrapnel
+3  A: 

Set session.cookie_domain to .ourapplication.co.uk (note the dot at the begin) to have the session cookies be valid for ourapplication.co.uk and all its subdomains.

Gumbo
Not sure about implications for this. Our web server hosts at least 4 domains, all separate, served by apache virtual domains (for some reason on different IP, but not my area). All developed in php and all use cookies. So, say we hadbusiness1.co.uk, api.business1.co.uk, sellingstuff.com, werereallygreat.co.uk, anotherbusiness.com, session.cookie_domain would be wrong for most sites. There's only one php.ini. Also, sessions work for all top domains, just not for plesk-generated subdomainsCan you explain further?
WaveyDavey
@WaveyDavey: *session.cookie\_domain* is changeable in any context (see http://php.net/configuration.changes.modes). So you can change it within a .htaccess file using `php_value` (see http://php.net/configuration.changes) or you can use the already mentioned `session_set_cookie_params` function.
Gumbo
Wish that had worked! At start of each page I putini_set('session.cookie_domain', '.myapplication.co.uk'); and an ini_get shows this had taken. But still no session info passed between pages when I access api.myapplication.co.uk/davidstest1.php and davidstest2.php . Now *really* stuck.
WaveyDavey
@WaveyDavey: Oh, if each site is running as its own virtual host, they probably don’t share the same session storage. You might want to switch from file based session storage to a database (see http://php.net/session_set_save_handler) that can be accessed from every site.
Gumbo
Thanks for that Gumbo, but am I right to think that looking at the handler shoudl come secondary to the subdomain actually saving any session state? Problem is that api.blah has a completely empty $_SESSION. I still think I've got something misconfigred somewhere.
WaveyDavey
@WaveyDavey: PHP’s default session handler stores the data associated with a session in files located in the directory specified in *session.save\_path*. And that is probably different among the virtual hosts. So one virtual host can not access the data that is saved by another virtual host. You could try to change the paths (you probably also have to modify access privileges). Otherwise a storage location that can be accessed by all virtual hosts (like a database) is the way to go. But that requires to use a custom session handler; otherwise you can’t use `session_start` or `$_SESSION`.
Gumbo