skip to Main Content

We have a CentOS 5.4 server serving a number of our websites. The server is managed by Plesk 9.2.3.
Our websites are developed in php.

We have our main domain ourapplication.co.uk in /var/www/vhosts/ourapplication.co.uk/httpdocs, and
our subdomain api.ourapplication.co.uk in /var/www/vhosts/ourapplication/subdomains/api/httpdocs

The following pages are in BOTH locations:

davidstest1.php

<?php
session_start();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<meta http-equiv="X-UA-Compatible" content="IE=7" />
<title>Code Blue Stats</title>
<link rel="stylesheet" type="text/css" href="css/style.css" />
</head>
<body>
<?php
echo "This is Davids Test 1. It will set SESSION['davids']='davids variable set' and then link
to davidstest2.php<br />
davidstest2 wil then do a session_start() call, and attempt to display SESSION['davids'] <br />";
$_SESSION['davids']='davids variable set';
?>
<a href="davidstest2.php">davidstest2.php</a>
</body>
</html>

davidstest2.php

<?php
session_start();
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<meta http-equiv="X-UA-Compatible" content="IE=7" />
<title>Code Blue Stats</title>
<link rel="stylesheet" type="text/css" href="css/style.css" />
</head>
<body>
<?php
echo "This is Davids Test 2. It will do a session_start() call, and attempt to display SESSION['davids'] <br />";
$r=print_r($_SESSION, true);
echo "<pre>Session in <br />";
echo $r;
echo "<br /></pre>";
?>
<a href="davidstest2.php">davidstest2.php</a>
</body>
</html>

in the MAIN domain, davidstest2 returns

This is Davids Test 2. It will do a session_start() call, and attempt to display SESSION['davids'] 
Session in 
Array
(
    [siteMode] => none
    [davids] => davids variable set
) 
davidstest2.php

in the api SUBDOMAIN, davidstest2 returns

This is Davids Test 2. It will do a session_start() call, and attempt to display SESSION['davids'] 
Session in 
Array
(
)
davidstest2.php

Obviously, something in the Apache config or the Php config is wrong, as the session variable should be stored for both domains

Relevant phpinfo() reports:
Session Support enabled
Registered save handlers    files user
Registered serializer handlers  php php_binary wddx
session.auto_start  Off Off
session.bug_compat_42   Off Off
session.bug_compat_warn On  On
session.cache_expire    180 180
session.cache_limiter   nocache nocache
session.cookie_domain   no value    no value
session.cookie_lifetime 0   0
session.cookie_path /   /
session.cookie_secure   Off Off
session.entropy_file    no value    no value
session.entropy_length  0   0
session.gc_divisor  1000    1000
session.gc_maxlifetime  1440    1440
session.gc_probability  1   1
session.hash_bits_per_character 5   5
session.hash_function   0   0
session.name    PHPSESSID   PHPSESSID
session.referer_check   no value    no value
session.save_handler    files   files
session.save_path   /var/lib/php/session    /var/lib/php/session
session.serialize_handler   php php
session.use_cookies On  On
session.use_only_cookies    Off Off
session.use_trans_sid   0   0

Any ideas where to start looking?

2

Answers


  1. session.cookie_domain should be set according to cookie domain setting explained in http://php.net/setcookie

    session_set_cookie_params() function is often used for this

    Login or Signup to reply.
  2. Set session.cookie_domain to .ourapplication.co.uk (note the dot at the begin) to have the session cookies be valid for ourapplication.co.uk and all its subdomains.

    Login or Signup to reply.
Please signup or login to give your own answer.
Back To Top
Search