Home >Backend Development >PHP Tutorial >Summary of PHP session cross-subdomain issues_PHP tutorial

Summary of PHP session cross-subdomain issues_PHP tutorial

WBOY
WBOYOriginal
2016-07-13 17:54:031419browse

Today, I encountered a problem while working on a project. When making things before, the session was usually stored directly in the database so that cross-domain issues could be solved

Not just across subdomains, but the problem I encountered today was that I had to make modifications to other people’s existing things. Since it’s just a subdomain

It worked at that time. There must be a simple solution. It took me more than 10 minutes to get it done:

Session is mainly divided into two parts:
One is Session data, which is stored in the tmp file of the server by default and exists in the form of a file
The other is the Session Id that marks the Session data. The Session ID is the file name of the Session file. The Session ID is randomly generated, so it can ensure uniqueness and randomness and ensure the security of the Session. Generally, if the Session life cycle is not set, the Session ID is stored in the memory. After closing the browser, the ID is automatically logged out. After re-requesting the page, a new session ID is registered. If the client does not disable cookies, the cookie plays the role of storing the Session ID and Session lifetime when starting the Session session.
If two websites with different domain names want to use the same Session, it involves Session cross-domain issues!
By default, each server will generate a SESSION ID for the same client. For example, for the same user browser, the SESSION ID generated by server A is 11111111111, while the SESSION ID generated by server B is 222222. In addition, PHP's SESSION data are stored separately in the file system of this server. If you want to share SESSION data, you must achieve two goals:
One is that the SESSION ID generated by each server for the same client must be the same and can be passed through the same COOKIE, which means that each server must be able to read the same COOKIE named PHPSESSID; the other is the storage method of SESSION data The / location must be accessible to all servers. Simply put, these two goals are that multiple servers (A and B servers) share the client's SESSION ID, and they must also share the server's SESSION data.

There are three solutions:
1. Just make the following settings at the very beginning of the php page (before any output and before session_start())
ini_set('session.cookie_path', '/');

ini_set('session.cookie_domain', '.mydomain.com');

ini_set('session.cookie_lifetime', '1800');

2. Set in php.ini

session.cookie_path = /
session.cookie_domain = .mydomain.com

session.cookie_lifetime = 1800

3. Call the function at the beginning of the php page (same condition as 1)

session_set_cookie_params(1800, '/', '.mydomain.com');

My solution is to add the following code to the entrance:

ini_set('session.cookie_path', '/');

ini_set('session.cookie_domain', '.domain.com'); //Note that domain.com is replaced with your own domain name

ini_set('session.cookie_lifetime', '1800');

Pictured:

Site 1

Site 2

You can see that the PHPSESSID of the two sites are the same, which of course solves the problem of cross-subdomain names

www.bkjia.comtruehttp: //www.bkjia.com/PHPjc/477987.htmlTechArticleToday, I encountered a problem while working on a project. When making things in the past, the session was usually stored directly in the database, so that cross-domain and not just cross-subdomains could be solved, but today I encountered this problem...
Statement:
The content of this article is voluntarily contributed by netizens, and the copyright belongs to the original author. This site does not assume corresponding legal responsibility. If you find any content suspected of plagiarism or infringement, please contact admin@php.cn