subdomain doesn't recognize PHP sessions

Question

I have a website with a user database and a login form. This system has worked 100% flawlessly. I have a main site with the name= www.example.com and a subdomain called accounts.example.com. When a user logs in, he or she logs in on the main site, www.example.com/login.php.

To view their profile and make edits, they click a link that takes them to accounts.example.com/profile.php?user=theirusername. When the page loads, an edit button is suppose to show if they are viewing their own account. I go about doing this like so, <?php if($user == $dbusername){ echo"<a href='edit.php'>EDIT</a>";}. This feature works fine if I go to www.example.com/Accounts/profile.php?user=theirusername, but on the subdomain it doesn't work. The accounts.example.compoints to the same path that www.example.com/Account/ does.

I have no clue why this is happening and I'm using the standard php SESSIONS. When I look inside the Cookies tab in the Safari Inspector it shows 1 SESSION, accounts.example.com.

Is there a way to "carry" a cookie to another sub domain? Any help would be great! Thanks!

Answer 1

If you need to use cookie in both subdomains www.example.com and accounts.example.com, you need to set it on the root domain example.com. You need to change the PHP setting session.cookie_domain to ".example.com".

1. In php.ini you could have session.cookie_domain = ".example.com"
2. .htaccess variant: php_value session.cookie_domain .example.com
3. Or inside the PHP scripts: ini_set('session.cookie_domain', '.example.com' );

This is the preferred order: if you have access to the server configuration, you should do this in php.ini of the VirtualHosts involved. The third option is the worst, since you have to change it separately on every PHP script.