I have a website www.example.com. That will have multiple subdomains that work with a single application or program. For an example, login.example.com will allow the user to log in to the site while system.example.com will allow the user to access an information system, while forums.example.com will allow the user to access forums.

We may need to pass information between the subdomains such as a user id, or a user preference, etc. How do we go about passing information between the sudomains using SESSION variables?

EDIT: I like this idea:

As the first thing in your script:

ini_set('session.cookie_domain', '.example.com' ); 

PHP session ids are saved in Cookies. To make a cookie available in all the sub-domains you need to assign it to the root domain. Then all the sub-domains will get the session id from cookie and PHP can find the session using passed session id.

As it turns out, You just need to set the session.cookie_domain to the root domain in php.ini file

session.cookie_domain = ".example.com"

Also check manual for different approaches used to set an ini entry.

1) the subdomains should use the same path to save session files

2) modify your

php.ini session.cookie_domain = ".example.com"

or .htaccess php_value session.cookie_domain .example.com

or inside of the script ini_set('session.cookie_domain', '.example.com' );

I found a solution to my problem:

session_name("2620368ghwahw90w");
session_set_cookie_params(0, '/', '.mydomain.com');
session_start();

This appears to work with no problem. Is this a good method with low security risk?

Before you create your session in php file, add this line at first line :

<?php
//session cross to sub domain
ini_set('session.cookie_domain', substr($_SERVER['SERVER_NAME'],strpos($_SERVER['SERVER_NAME'],"."),100));

you can use cookies. check the path parameter in setcookie() which makes that cookie available for he entire domain. drawbacks to this are people who turn off cookies (private browsing modes)

another method would be by passing the sessionID around using links or hidden <input> fields (for forms).

since separate websites don't share sessions (as far as i know, since subdomains are technically "different places" from eachother), don't use sessions to store on the server side. instead, use a database to handle your sessions. that way, multiple sites can share the same session tracking table.

To share the session cookie among subdomains, you have to set the cookie's domain to .example.org (mind the dot).

http://www.php.net/manual/en/session.configuration.php#ini.session.cookie-domain

I have been going round with this for a while now and what worked for me is placing the code below:

session_name("some_session_name"); session_set_cookie_params(0, '/', '.some_domain.com'); session_start();

across all the sub-domains that will use the session variables. I set this at the beginning of my index php file and it works. Hope this will make it clear.