tags:

views:

90

answers:

2
Q: 

PHP not saving sessions on subdomain, ok on domain

We have a CentOS 5.4 server serving a number of our websites. The server is managed by Plesk 9.2.3. Our websites are developed in php.

We have our main domain ourapplication.co.uk in /var/www/vhosts/ourapplication.co.uk/httpdocs, and our subdomain api.ourapplication.co.uk in /var/www/vhosts/ourapplication/subdomains/api/httpdocs

The following pages are in BOTH locations:

davidstest1.php

<?php
session_start();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"&gt;
<html xmlns="http://www.w3.org/1999/xhtml"&gt;
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<meta http-equiv="X-UA-Compatible" content="IE=7" />
<title>Code Blue Stats</title>
<link rel="stylesheet" type="text/css" href="css/style.css" />
</head>
<body>
<?php
echo "This is Davids Test 1. It will set SESSION['davids']='davids variable set' and then link
to davidstest2.php<br />
davidstest2 wil then do a session_start() call, and attempt to display SESSION['davids'] <br />";
$_SESSION['davids']='davids variable set';
?>
<a href="davidstest2.php">davidstest2.php</a>
</body>
</html>

davidstest2.php

<?php
session_start();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd"&gt;
<html xmlns="http://www.w3.org/1999/xhtml"&gt;
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<meta http-equiv="X-UA-Compatible" content="IE=7" />
<title>Code Blue Stats</title>
<link rel="stylesheet" type="text/css" href="css/style.css" />
</head>
<body>
<?php
echo "This is Davids Test 2. It will do a session_start() call, and attempt to display SESSION['davids'] <br />";
$r=print_r($_SESSION, true);
echo "<pre>Session in <br />";
echo $r;
echo "<br /></pre>";
?>
<a href="davidstest2.php">davidstest2.php</a>
</body>
</html>

in the MAIN domain, davidstest2 returns

This is Davids Test 2. It will do a session_start() call, and attempt to display SESSION['davids'] 
Session in 
Array
(
    [siteMode] => none
    [davids] => davids variable set
) 
davidstest2.php

in the api SUBDOMAIN, davidstest2 returns

This is Davids Test 2. It will do a session_start() call, and attempt to display SESSION['davids'] 
Session in 
Array
(
)
davidstest2.php

Obviously, something in the Apache config or the Php config is wrong, as the session variable should be stored for both domains

Relevant phpinfo() reports:
Session Support enabled
Registered save handlers    files user
Registered serializer handlers  php php_binary wddx
session.auto_start  Off Off
session.bug_compat_42   Off Off
session.bug_compat_warn On  On
session.cache_expire    180 180
session.cache_limiter   nocache nocache
session.cookie_domain   no value    no value
session.cookie_lifetime 0   0
session.cookie_path /   /
session.cookie_secure   Off Off
session.entropy_file    no value    no value
session.entropy_length  0   0
session.gc_divisor  1000    1000
session.gc_maxlifetime  1440    1440
session.gc_probability  1   1
session.hash_bits_per_character 5   5
session.hash_function   0   0
session.name    PHPSESSID   PHPSESSID
session.referer_check   no value    no value
session.save_handler    files   files
session.save_path   /var/lib/php/session    /var/lib/php/session
session.serialize_handler   php php
session.use_cookies On  On
session.use_only_cookies    Off Off
session.use_trans_sid   0   0

Any ideas where to start looking?

+1  A: 

session.cookie_domain should be set according to cookie domain setting explained in http://php.net/setcookie

session_set_cookie_params() function is often used for this

Col. Shrapnel  2010-07-28 10:22:21
+3  A: 

Set session.cookie_domain to .ourapplication.co.uk (note the dot at the begin) to have the session cookies be valid for ourapplication.co.uk and all its subdomains.

Gumbo  2010-07-28 10:25:08
Not sure about implications for this. Our web server hosts at least 4 domains, all separate, served by apache virtual domains (for some reason on different IP, but not my area). All developed in php and all use cookies. So, say we hadbusiness1.co.uk, api.business1.co.uk, sellingstuff.com, werereallygreat.co.uk, anotherbusiness.com, session.cookie_domain would be wrong for most sites. There's only one php.ini. Also, sessions work for all top domains, just not for plesk-generated subdomainsCan you explain further?
WaveyDavey  2010-07-28 10:35:56
@WaveyDavey: *session.cookie\_domain* is changeable in any context (see http://php.net/configuration.changes.modes). So you can change it within a .htaccess file using `php_value` (see http://php.net/configuration.changes) or you can use the already mentioned `session_set_cookie_params` function.
Gumbo  2010-07-28 11:02:33
Wish that had worked! At start of each page I putini_set('session.cookie_domain', '.myapplication.co.uk'); and an ini_get shows this had taken. But still no session info passed between pages when I access api.myapplication.co.uk/davidstest1.php and davidstest2.php . Now *really* stuck.
WaveyDavey  2010-07-28 12:37:06
@WaveyDavey: Oh, if each site is running as its own virtual host, they probably don’t share the same session storage. You might want to switch from file based session storage to a database (see http://php.net/session_set_save_handler) that can be accessed from every site.
Gumbo  2010-07-28 12:43:00
Thanks for that Gumbo, but am I right to think that looking at the handler shoudl come secondary to the subdomain actually saving any session state? Problem is that api.blah has a completely empty $_SESSION. I still think I've got something misconfigred somewhere.
WaveyDavey  2010-07-28 13:10:58
@WaveyDavey: PHP’s default session handler stores the data associated with a session in files located in the directory specified in *session.save\_path*. And that is probably different among the virtual hosts. So one virtual host can not access the data that is saved by another virtual host. You could try to change the paths (you probably also have to modify access privileges). Otherwise a storage location that can be accessed by all virtual hosts (like a database) is the way to go. But that requires to use a custom session handler; otherwise you can’t use `session_start` or `$_SESSION`.
Gumbo  2010-07-28 13:23:41

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases