Set the session cookie to the top level domain
Posted by primeminister | Filed under Cake-Toppings
I have an app that uses multiple sub domains besides the www.domain.com like computer.domain.com and books.domain.com, etc.
What I wanted is to set the session cookie to the higher level domain ‘domain.com’ so the session cookie will be valid through all sub domains.
In the CakeSession class (which is the parent of the SessionComponent) you can set the path but not the domain.
After talking with ADmad, Jurian and kabturek on IRC we found out that the session.cookie.domain is never set by the CakeSession handler so you can set it yourself!
ini_set('session.cookie_domain', '.domain.com');
So set the top domain through ini set in your APP/config/bootstrap.php and all will be set but not without settings the Session.security level to ‘low’ otherwise the referer_check will be set to the current HTTP_HOST in the CakeSession object line 441.
So in the APP/config/core.php:
Configure::write('Security.level', 'low');
Now the session cookie will be valid for all your subdomains and the top level domain.
Cheers!
p.s. Sharing the same session between multiple APPs? http://teknoid.wordpress.com/2008/10/05/sharing-cakephp-session-with-another-app/
October 4th, 2008 at 13:19
Welldone!
October 19th, 2008 at 01:42
hi, i want to know whether a cake app and a non cake subdomain app can work well if cake app is example.com and non cake part is services.example.com. Is it possible? What precuations are needed to take to make both work well?
Both will be using same database.
October 19th, 2008 at 09:21
@Kiran: As far as I know it will not bite eachother. But you are trying to share the Sessions? Because CakePHP handles the session a bit differently
October 19th, 2008 at 10:14
@primeminister: On the main domain app which is a cake app, i have a login form. User can select ’service center’ and then enter his id and password which should take it to subdomain. Is that posible?
October 21st, 2008 at 08:05
@Kiran: Sorry, but try to find help in the IRC channel. I will be there regularly
December 25th, 2008 at 03:21
I tried to set up the session in bootstrap (because i need it there already).
but i did not succeed.
i wonder how this could be accomplished
without loosing the session content in the controller/model/view etc..
June 8th, 2009 at 07:21
Some keywords for related problems with redirects I’ve seen people having…… Quite a deep dig to find this issue when dealing with 3rd party redirects or cross-domain cookies….
cakephp cookie missing, domain, redirect, cookie, session, renew, reset, lost, broken, problem, openid
December 10th, 2009 at 18:52
Brilliant, absolutely brilliant. Maybe in 1.3 they will incorporate that into the core so you don’t have to hack away at it? That would be fantastic.