Posted by Rik on 01/21/07 02:00

wombat wrote:
> I have a problem with a page that allows you to log into my site. The
> site is in a subdomain. However, to eliminate some of the problems
> I've had I link everything through http://www.***.com/home/index.php
> instead of using http://home.***.com/index.php.
>
> The problem I'm now encountering is this:
>
> The sessions appear to be dependent on the url. Testing the code on
> the first version (http://www.***.com/home) works and I can log in.
> While I'm logged in by accident I entered the site through the
> domain. Same page but the url is (http://home.***.com) - the session
> is gone. However, it still exists if I enter without the subdomain.
>
> Again, the code works..... it just appears to me that a session is
> depending on the url being the same.
>
> Are sessions url dependent? If so, is there a work-around?

Cookies are host dependant (with an optional path).
home.*.com is not the same host as www.*.com

Carrying on sessions between domains is therefor not possible by cookie.
The only workaround is carrying over the session_id by a POST or GET
variable, and it may be necessary to write your own session_handler,
instead of the default one in PHP, so you can still collect previously set
session-data. This is not recommended, but possible.

I'd say I'm interested what the 'certain problems' were that you had to use
this contruction, it may be easier to fix those :-)
--
Rik Wasmus

[Back to original message]