1

How do I use session variables with domain.com and sub.domain.com?

This question has been asked several times but they lack an explanation I can understand. I have a user login on domain.com that when submitted creates session variables. When they are redirected to sub.domain.com those variables are inaccessible.

I have tried to edit htaccess and adding an ini_set to the top of my script. I have also tried to send domain.com to sub.domain.com's login script but the variable is only saved for domain.com. The htaccess technique I found here ended with server 500.

No only do I want a solution, but preferably if someone can explain why it is happening. I would like to know what the best practice for this is. Thanks in advance.

DavidG
  • 665
  • 7
  • 19
  • 1
    This has to do with how [cookies](https://developer.mozilla.org/en-US/docs/Web/HTTP/Cookies#Scope_of_cookies) work. If the session cookie is out of scope, the browser won't even send it to the server. – msg Sep 22 '18 at 23:59
  • 1
    @DavidG You can use $_GET, or $_POST to move variables from one domain to another instead. – cmprogram Sep 23 '18 at 00:10
  • 1
    Possible duplicate of [Share cookie between subdomain and domain](https://stackoverflow.com/questions/18492576/share-cookie-between-subdomain-and-domain) – Mike Sep 23 '18 at 00:10
  • @cmprogram Putting the session ID in GET is not a good idea since it will then appear in the log files and is then susceptible to session hijacking. And POST wouldn't work if you want a simple link from one domain to the other. – Mike Sep 23 '18 at 00:13
  • 1
    @Mike you're absolutely right, GET is not particularly secure, but it performs the function that SESSION does not, which is why I included it. POST would be suitable as defined in the question, as it's about carrying values over rather than just a simple link. – cmprogram Sep 23 '18 at 00:16

0 Answers0