Why are my sessions randomly not saving?

We fixed an issue we had with a browser from not being able to log in on subdomains by adding the following line of code.

ini_set('session.cookie_domain', '.'.get_domain('http://'.$_SERVER['SERVER_NAME']));

The get_domain function gets the domain of a site so that "sub.sub.domain.com" will return "domain.com". We prepend a "." so that our sessions are good across all subdomains.

That fixed the issue of not being able to login but the problem now is that ever since we added this line of code we will randomly not开发者_如何转开发 be able to login because the sessions aren't created and are just NULL.

I say randomly because I can't figure out what's causing it. One day a user is able to login, they try to login the next day and it doesn't work. Clearing the cookies will usually solve the issue. Any idea what I might be doing wrong? I've tried googling but haven't found anything that has helped, our users are getting frustrated and I'm running out of ideas. Any help is really appreciated.

Clearing the cookies will usually solve the issue.

Looks like there is a caching problem to me but this is only an assumption.

From your description alone it's hard to tell whether the problem lies on the browser-side or the server-side.

The best suggestion I can give to you is to implement a cookie test on the login form. Before the user actually enters his/her credentials your're setting a test-cookie and redirect to the same page with an additional test get-parameter. If the page is requested with this additional test parameter it's checked if the test cookie was successfully set.

Only allow to login if the test passed. Otherwise give an error message and inform the user about the technical problem.

This might help you to identify when the problem actually occurs. Additionally you can even add more information from the server-side in case of an error that might help you to debug the problem.

Just to rule it out please try setting the domain with a constant string rather than deriving it with get_domain() something like this:

ini_set('session.cookie_domain', '.foo.com');

Have a good look in your browser for cookies both set on .foo.com and any old ones that might be set (or being set) on sub.foo.com

I've seen some problems similar to the one that you've described due to some cookies not being visible to different servers. The problem is along the lines that sub.foo.com might have a cookie entry already defined that you didn't remove and only it will be able to see it. A new cookie is set from www.foo.com on .foo.com as www.foo.com is unable to see the sub.foo.com cookie.

I hope that made sense...

Turns out I had forgotten to change this setting in one of the headings which was throwing everything out of whack.

(Sorry for answering my own question, up voted everyone for the help)