Use a Single PHP Session across Multiple Subdomains

By default PHP Sessions are created per domain / sub-domain and are limited within this scope. However there are ways by which a single PHP session will be available in multiple sub-domains.

Our Scenario

Suppose we have a domain named website.com with the following sub-domains:
http://www.website.com
image.website.com
video.website.com etc.

All the sub-domains share the same user accounts. It would be annoying to ask the user to re-enter the login details every time he/she visits a different sub-domains. For example, Google just takes the login credentials once and then we are automatically logged in the accounts.

The Solution

Any two of the following approaches can be used:

  1. Changing the php.ini file
  2. Just by updating the php.ini file, the changes will take effect without doing anything else in the coding. This file can be found in /etc in Redhat/CentOS or Fedora and in /etc/php5/apache2 in Ubuntu and Debian. After opening php.ini file, locate the line with the text session.cookie_domain = and modify it as below:

    session.cookie_domain=.website.com

    The dot (.) is very important to sub-domain access. Save the file reload it using the command:

    For Redhat/CentOS/Fedora (as root)

    service httpd reload

    For Ubuntu/Debian

    sudo service apache2 reload

    This will effect the whole system and that’s not what you would like to see if you are running multiple sites with difference domains on the same server.

  3. Providing the Session Cookie parameters at run-time
  4. Just by calling the session_set_cookie_params method at the top before the session_start. But this approach requires that this should be written on top of every page on every sub-domain. Either of the following will serve the purpose:

    session_set_cookie_params(0, '/', '.website.com');

    or

    ini_set('session.cookie_domain', '.website.com'); 

Try it and it should work!

Advertisements