Allow php sessions to carry over to subdomains
Here are 4 options.
Place this in your php.ini:
session.cookie_domain = ".example.com"
Or in your .htaccess:
php_value session.cookie_domain .example.com
Or as the first thing in your script:
ini_set('session.cookie_domain', '.example.com' );
Or in your php-fpm pool configuration for your site:
php_value[session.cookie_domain] = .example.com
if(isset($_COOKIE['session_id'])) session_id($_COOKIE['session_id']); Zend_Session::start(); //or session_start(); if(!isset($_COOKIE['session_id'])) setcookie('session_id', session_id(), 0, '/', '.yourdomain.com');
security be damned, if you are as frustrated with incomplete or bad answers as I am, this is your savior. It just works.
change the session name at the top of the core functions filelike
session_name('mysession');
then use the following code into the php page
session_set_cookie_params(0,"/",".example.com",FALSE,FALSE); setcookie(session_name(), session_id(),0,"/","example.com"); session_start();
finally change the default session name of the subdomain and remove the default cookie in subdomain's core functions filelike:
/*default session name*/ session_name("mysession"); /*remove the PHPSESSID and default session name from subdomain's cookie*/ setcookie( "mysession", "",1,"/" ); setcookie( "PHPSESSID", "",1,"/" );
if you continue with using your cookie name as PHPSESSID ,just remove all the functions with
"mysession" string like session_name('mysession'), setcookie( "mysession", "",1,"/" );
then check your browser's existing cookies, just remove all the cookies of domain and subdomain, and repeat the process.