set php session on only www.website.tld and www.apps.website.tld
I only want the session cookie on www.website.tld and www.apps.website.tld, using ini_set if possible. Also i need to set all cookies i write to both subdomains only. I do not want www.imgs.website.tld to have the cookies. the php session one i'm kinda unsure of. The cookies i set my self my idea was to call SetBothCookie($name,$value,$time) a custom function.
function SetBothCookie($name,$value,$time)
{
setcookie($name, $value, $time, "", "www.website.tld", 1);
setcookie($name, $value, $time, "", "www.apps.website.tld", 1);
}
So i think i have the SetBothCookie part down, but wanted to see what others think of that code. The开发者_开发问答 part i'm stuck on is having php set the session cookie on both sub domains. I'm using session_set_save_handler
to override the default php session storage to store sessions in the database, so both servers can use the same session data. From my understanding is if i put Javascript that does http requests on the www.apps.website.tld to www.website.tld it won't allow them to happen, and i want that added security, so thats my reason of running only a part of the site on a subdomain.
This function should work but...
Using secure
parameter in set_cookie() according to PHP manual
Indicates that the cookie should only be transmitted over a secure HTTPS connection from the client. When set to TRUE, the cookie will only be set if a secure connection exists. On the server-side, it's on the programmer to send this kind of cookie only on secure connection (e.g. with respect to $_SERVER["HTTPS"]).
So I suggest to remove 6th parameter of set_cookie() function.
Also, you can call this function before any output or it will throw a warning like
Warning: Cannot modify header information - headers already sent by (output started at ...) in ... on line XX
Using session_set_save_handler() is good solution to take control over session variables.
If you want cookies for entire domain just use "/"
or ".website.tld"
(with initial dot according to RFC 2109 standard) for domain
parameter (5th in a row). Parameter path
should be ""
(empty string; 4th).
精彩评论