We have a CentOS 5.4 server serving a number of our websites. The server is managed by Plesk 9.2.3.
Our websites are developed in php.
We have our main domain ourapplication.co.uk in /var/www/vhosts/ourapplication.co.uk/httpdocs, and
our subdomain api.ourapplication.co.uk in /var/www/vhosts/ourapplication/subdomains/api/httpdocs
The following pages are in BOTH locations:
davidstest1.php
<?php
session_start();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<meta http-equiv="X-UA-Compatible" content="IE=7" />
<title>Code Blue Stats</title>
<link rel="stylesheet" type="text/css" href="css/style.css" />
</head>
<body>
<?php
echo "This is Davids Test 1. It will set SESSION['davids']='davids variable set' and then link
to davidstest2.php<br />
davidstest2 wil then do a session_start() call, and attempt to display SESSION['davids'] <br />";
$_SESSION['davids']='davids variable set';
?>
<a href="davidstest2.php">davidstest2.php</a>
</body>
</html>
davidstest2.php
<?php
session_start();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<meta http-equiv="X-UA-Compatible" content="IE=7" />
<title>Code Blue Stats</title>
<link rel="stylesheet" type="text/css" href="css/style.css" />
</head>
<body>
<?php
echo "This is Davids Test 2. It will do a session_start() call, and attempt to display SESSION['davids'] <br />";
$r=print_r($_SESSION, true);
echo "<pre>Session in <br />";
echo $r;
echo "<br /></pre>";
?>
<a href="davidstest2.php">davidstest2.php</a>
</body>
</html>
in the MAIN domain, davidstest2 returns
This is Davids Test 2. It will do a session_start() call, and attempt to display SESSION['davids']
Session in
Array
(
[siteMode] => none
[davids] => davids variable set
)
davidstest2.php
in the api SUBDOMAIN, davidstest2 returns
This is Davids Test 2. It will do a session_start() call, and attempt to display SESSION['davids']
Session in
Array
(
)
davidstest2.php
Obviously, something in the Apache config or the Php config is wrong, as the session variable should be stored for both domains
Relevant phpinfo() reports:
Session Support enabled
Registered save handlers files user
Registered serializer handlers php php_binary wddx
session.auto_start Off Off
session.bug_compat_42 Off Off
session.bug_compat_warn On On
session.cache_expire 180 180
session.cache_limiter nocache nocache
session.cookie_domain no value no value
session.cookie_lifetime 0 0
session.cookie_path / /
session.cookie_secure Off Off
session.entropy_file no value no value
session.entropy_length 0 0
session.gc_divisor 1000 1000
session.gc_maxlifetime 1440 1440
session.gc_probability 1 1
session.hash_bits_per_character 5 5
session.hash_function 0 0
session.name PHPSESSID PHPSESSID
session.referer_check no value no value
session.save_handler files files
session.save_path /var/lib/php/session /var/lib/php/session
session.serialize_handler php php
session.use_cookies On On
session.use_only_cookies Off Off
session.use_trans_sid 0 0
Any ideas where to start looking?
2
Answers
session.cookie_domain should be set according to cookie domain setting explained in http://php.net/setcookie
session_set_cookie_params() function is often used for this
Set session.cookie_domain to
.ourapplication.co.uk
(note the dot at the begin) to have the session cookies be valid for ourapplication.co.uk and all its subdomains.