session_set_cookie_params on multi-domain sites
I'm currently developing for an application (www.domain.se, .eu) where we're experiencing problems with sessions not propagating across domains. Internet Explorer is the root cause of this, as it will differentiate se开发者_运维百科ssions depending on whether we're typing in "domain.se" or "www.domain.se". Due to some unfortunate redirecting, we're not able to keep the user on the same address the user typed in, instead we're always redirecting to www.domain.se on login. Needless to say, IE users can not login when typing "domain.se".
To make this error go away, we implemented a function to try and set the session to be valid across all possible domains by doing the following:
if($_SERVER['HTTP_HOST'] == "domain.se")
{
session_set_cookie_params(3600, '/', '.domain.se', true);
}
There are basically a few if:s that we go through depending on what address the user typed in, but the third argument stays the same.
This, however, results in no-one being able to log in, regardless of domain. I've tried reading up on how session_set_cookie_params() works but to no avail.
Any help is greatly appreciated!
well you have it wrong with parameters. the rule of the thumb is: do not touch parameter you don't know. so, make it just
session_set_cookie_params(0, '/', '.domain.se');
without any conditions.
精彩评论