Today, I encountered a problem while working on a project. When making things before, the session was usually stored directly in the database so that cross-domain issues could be solved
Not just across subdomains, but the problem I encountered today was that I had to make modifications to other people’s existing things. Since it’s just a subdomain
It worked at that time. There must be a simple solution. It took me more than 10 minutes to get it done:
Session is mainly divided into two parts:
One is Session data, which is stored in the tmp file of the server by default and exists in the form of a file
The other is the Session Id that marks the Session data. The Session ID is the file name of the Session file. The Session ID is randomly generated, so it can ensure uniqueness and randomness and ensure the security of the Session. Generally, if the Session life cycle is not set, the Session ID is stored in the memory. After closing the browser, the ID is automatically logged out. After re-requesting the page, a new session ID is registered. If the client does not disable cookies, the cookie plays the role of storing the Session ID and Session lifetime when starting the Session session.
If two websites with different domain names want to use the same Session, it involves Session cross-domain issues!
By default, each server will generate a SESSION ID for the same client. For example, for the same user browser, the SESSION ID generated by server A is 11111111111, while the SESSION ID generated by server B is 222222. In addition, PHP's SESSION data are stored separately in the file system of this server. If you want to share SESSION data, you must achieve two goals:
One is that the SESSION ID generated by each server for the same client must be the same and can be passed through the same COOKIE, which means that each server must be able to read the same COOKIE named PHPSESSID; the other is the storage method of SESSION data The / location must be accessible to all servers. Simply put, these two goals are that multiple servers (A and B servers) share the client's SESSION ID, and they must also share the server's SESSION data.
There are three solutions:
1. Just make the following settings at the very beginning of the php page (before any output and before session_start())
ini_set('session.cookie_path', '/');
ini_set('session.cookie_domain', '.mydomain.com');
ini_set('session.cookie_lifetime', '1800');
2. Set in php.ini
session.cookie_path = /
session.cookie_domain = .mydomain.com
session.cookie_lifetime = 1800
3. Call the function at the beginning of the php page (same condition as 1)
session_set_cookie_params(1800, '/', '.mydomain.com');
My solution is to add the following code to the entrance:
ini_set('session.cookie_path', '/');
ini_set('session.cookie_domain', '.domain.com'); //Note that domain.com is replaced with your own domain name
ini_set('session.cookie_lifetime', '1800');
Pictured:
Site 1
Site 2
You can see that the PHPSESSID of the two sites are the same, which of course solves the problem of cross-subdomain names
![[Web front-end] Node.js quick start](https://img.php.cn/upload/course/000/000/067/662b5d34ba7c0227.png)
