Hello,
I'm not an php expert. I'm working on some php application and need help regarding php sessions or possibly something else.
description application 1:
On the apache server I have 1 php application/domain hosted in vhosts environment. Application has some protected pages and bulit in authentication logic, asks for username and password, retrives from mysql ans stores data into sessions. Application is hosted as virtual dir, it has its own domain1.com - This application is working fine, everything is ok.
application2:
On the same aoache/php server, as a vhost is hosted 2nd application, it has it's own domain2.com. It has the same builtin logic, but I expirience some wierd problems with sessions.
Sessions values are lost once I call header("location: some_page.php"); , or if I refresh the same page - so for example once user logs in, if page is refreshed, session value user_id is lost and user is logged out.
On every page, i 1st call the same sec_session_start() function, the same i use in Apllication1 which is working fine, but only with altered $session_name = 'sms_sess_sid' variable:
function sec_session_start() {
$session_name = 'sms_sess_sid'; // Set a custom session name
$secure = false; // Set to true if using https.
$httponly = true; // This stops javascript being able to access the session id.
ini_set('session.use_only_cookies', 1); // Forces sessions to only use cookies.
$cookieParams = session_get_cookie_params(); // Gets current cookies params.
//session_set_cookie_params($cookieParams["lifetime"], $cookieParams["path"], $cookieParams["domain"], $secure, $httponly);
session_set_cookie_params(3600, $cookieParams["path"], $cookieParams["domain"], $secure, $httponly);
session_name($session_name); // Sets the session name to the one set above.
session_start(); // Start the php session
//session_regenerate_id(true); // regenerated the session, delete the old one.
session_regenerate_id(); // regenerated the session, delete the old one.
}
On the start of every other page i call sec_session_start() like this:
require_once('functions.php');
sec_session_start();
.
In vhost.conf of second application i have added the line:
php_value session.cookie_domain ".example-domain2.com"
Problem: The problem is that in application2, on page refresh, or when navigating between pages, sessions and session_values are lost.
Why is this happening ? Is there something that has to be configured specificly for multi application/domains/vhosts environment. What am I missing here ?
Thank You in advanced.