Welcome Guest, Not a member yet? Register   Sign In
Subdomain Sessions
#1

[eluser]Aaron L.[/eluser]
I have a subdomain such as http://jp.domain.com. My secure payment page is at the regular domain, however (https://domain.com). My problem is that when a user moves from the subdomain to the regular domain, it seems that their session is not recognized.

I am using the Native Session library for my session control.

My config file is set-up as follows:
Code:
|--------------------------------------------------------------------------
| Cookie Related Variables
|--------------------------------------------------------------------------
|
| 'cookie_prefix' = Set a prefix if you need to avoid collisions
| 'cookie_domain' = Set to .your-domain.com for site-wide cookies
| 'cookie_path'   =  Typically will be a forward slash
|
*/
$config['cookie_prefix'] = "";
$config['cookie_domain'] = ".domain.com";
$config['cookie_path']  = "/";

Why is my session not being read even though I have ".domain.com" in my config file? Any tips or ideas?
#2

[eluser]esra[/eluser]
One method of solving the problem.

http://ellislab.com/forums/viewthread/47523/
#3

[eluser]Aaron L.[/eluser]
Hi Esra,

Thanks for the reference. I looked at it and it seems to be discussing how there can be multiple domains/subdomains (but not multiple installs). This is all good information, but I already have this successfully working on my site.

The problem is that when a user logs-in to one site (say the sub.domain.com), then goes over to the main domain (domain.com which is the exact same ci install), the session isn't recognized.

I noticed one post saying that xml-rpc might need to be used. Is this correct?
#4

[eluser]Rick Jolly[/eluser]
According to the php manual, that should work. You could try setting the domain to an empty string which should make the cookie available to any application on the server.

EDIT: The Native Session library doesn't use the config session variables. You could edit the library and add the domain with the php function "session_set_cookie_params()" before "$this->_sess_run();" in the constructor.
#5

[eluser]esra[/eluser]
[quote author="Aaron L." date="1185271121"]Hi Esra,

Thanks for the reference. I looked at it and it seems to be discussing how there can be multiple domains/subdomains (but not multiple installs). This is all good information, but I already have this successfully working on my site.

The problem is that when a user logs-in to one site (say the sub.domain.com), then goes over to the main domain (domain.com which is the exact same ci install), the session isn't recognized. [/quote]

Are you using the same session table for all sites on the same server? If so and if the config files for all sites used the same cookie and session names, it should work. I believe that this is the basic methodology used to support a multisite feature on a CMS like Mambo/Joomla and some of the Nukes.

[quote author="Aaron L." date="1185271121"]I noticed one post saying that xml-rpc might need to be used. Is this correct? [/quote]

I believe that there is an XML-RPC library available called Incutio XML-RPC which includes a sample showing how sites could support authentication. The sites had to be both XML-RPC servers and clients for the solution to work. I have not tried it, but see no reasons why a third-party XML-RPC library could not be used with CI.

If you go to the old Mambo forums and do a search for RAMBO, you should find mention of an earlier experimental version of Mambo (5.0) dating back about three years which used a single Admin to administer multiple sites both on the same server and external servers (across the web). In this case, the Admin was a an XML-RPC client and the sites were servers. The Admin could authenticate on all sites using the same session. Work on that project stopped when Robert Castley resigned as project head about 3 years ago. I would imagine that Joomla could actually support such a feature as it is now in the 1.5 versions, but it probably has not been advertised because the core team probably wants to do this on their own. That is, the basic systems are in place but not used.

Another example of authenticating via XML-RPC might be the use of a desktop XML-RPC client that could be used to edit and create content on a CMS or Blog site. You might find some third-party contributions of this nature for both Mambo and Joomla on the web. I believe that one of Joomla's Google sponsored Summer of Code projects was based on this approach. A few years back, someone wrote something similar for Postnuke using a Java-based client.

In any case, an XML-RPC approach is feasible, but if its possible to use the same database tables for sessions and user authentication, that should work also.
#6

[eluser]Unknown[/eluser]
I am running the native/DB hybrid Session library on CI 1.7.2. Manually adding one line to the library and updating my config.php file did the trick.

In the Session.php library, I changed what used to be lines 46 through 48 to:

// Sessions, start your engines!
ini_set("session.gc_maxlifetime", $this->sess_expiration);
ini_set("session.cookie_domain", $this->CI->config->item('cookie_domain'));
session_start();

And in my config.php file, I updated

$config['cookie_domain'] = "";

to
$config['cookie_domain'] = ".your-domain.com";

NOTE: Cookies will be shared between sub1.your-domain.com and sub2.your-domain.com with no problem. But you could run into an issue here with cookies being shared between dev.your-domain.com and live.your-domain.com




Theme © iAndrew 2016 - Forum software by © MyBB