Configure _Session to work on applications that are deployed over multiple servers, different subdomain

Question

I have a website that consists of 2 applications:

1. Front end application
2. Backend application

The front end has the www domain, whereas the backend has the job subdomain. For example, my front end application has the domain www.example.com/*, whereas my backend as the job.example.com/*. My front end application can locate on one server, whereas the back end can locate on another server. Or they are both stored on the same server.

The question now is whether the session variables I stored in the super global _Session ( PHP) can work across different sub domain. If I set _Sesssion["SessionID"] in www.example.com/*, can I retrieve the same _Sesssion["SessionID"] from job.example.com/*? Do I need to do special configuration to work?

Answer 1

Session data is saved in the path given by the session_save_path function, so you need to make that directory accessible to both applications. If they're on the same server, you probably don't need to do anything, but if they're on different servers, you'll have to use some kind of networked filesystem like NFS and mount it such that the session save path is on the networked filesystem for both servers.

Answer 2

You can write your own session handler that saves the session data to a database, which you can then access from any server that has access to that database.

Answer 3

Write your own session handler: http://de.php.net/manual/en/function.session-set-save-handler.php

Use a central database or a memcache server.

Answer 4

Subdomains only affect your cookie, which has to be set properly (as domainwide) to keep your session id by navigating from www.* to jobs.*.

For session persistance you can use a memcache server and use the php_memcache session handler. You don't need to write your own session handler.

Answer 5

For using the same sessions on multiple domains/servers, you have to take care of two aspects:

• where the session data is stored so that both domains/servers can access it, and
• how the session identifier is carried along both domains/servers so that.

Storage
For different servers you could write your own session save handler that both servers can use. This could for example be a database that both have access to.

Session ID sharing
If you want to share a session ID for multiple domains (might be on the same server or different) and want to use cookies to transport the session ID, you have to modify the session ID cookie settings so that the cookie is valid for both domains. But this is only possible if both domains share the same higher level domain. For www.example.com and jobs.example.com that share example.com, the $domain parameter for session_set_cookie_params() has to be set to .example.com.