ID: 39107 User updated by: misc05 at blueyonder dot co dot uk Reported By: misc05 at blueyonder dot co dot uk Status: Open Bug Type: Session related Operating System: Linux PHP Version: 4.4.4 New Comment:
No eric - the issue is neither complicated nor is it bogus. Try the simple code I placed in the first message and you will see 2 sessions started if the site in not originally accessed using www. pre-pended to the address instead of one session. QUOTE: When accessing "example.com", the same session will be available at "www.example.com". This is not true and is exactly what I'm reporting. Connect to "example.com" and the second file above (store.php) will have a different session to the first file. Previous Comments: ------------------------------------------------------------------------ [2006-10-17 11:48:46] eric at footsteps dot nl Nigel, I'm not sure wether I understand your issue, but it seems to be a bogus. When accessing "example.com", the same session will be available at "www.example.com". Hoewever. When accessing "www.example.com", the sessions cookie set there, is outside the scope for "example.com" which is fixed by the session_set_cookie_params function call. Which takes similar parameters as setcookie. With this function you should set the cookie domain scope to "example.com" instead of the default current domain. If the PHPSESSID cookie would be correct for both domains but the session is just "lost" (which prob. trigger php to regenerate a session id) you should check what "session_save_path" both sites use. Your server may be using different save paths for both subdomains. Good luck and regards, Eric ------------------------------------------------------------------------ [2006-10-11 14:42:32] misc05 at blueyonder dot co dot uk Technically I'm intregued but its way over the top surely tony? There must be a better way to prevent a spurious sessionID than having two copies of everything running? I doubt my ISP would like the idea too much either... Do we know where PHP gets the host value to put in the PHPSESSID in the first place? Could I perhaps just change the value in there before the first session is created ? (I did try changing $_SERVER['HTTP_HOST'] but that didnt do it.) nigel. ------------------------------------------------------------------------ [2006-10-11 09:53:40] [EMAIL PROTECTED] You don't have to touch a working site or a working Apache. PHP can be installed locally or using different Apache on different port. ------------------------------------------------------------------------ [2006-10-11 07:29:51] misc05 at blueyonder dot co dot uk Thanks tony but like I said - "I would appreciate a work-around if anyone can supply one as I use an ISP and can't update PHP." If I could I'd upgrade (My development system uses the latest release) but like many thousands of sites I can't upgrade my live site. Perhaps a modification of the versions drop-down to this bug system to take this into account would help others too. Also CVS would be out of the question for a live eCommerce site anyway. I would only consider stable releases marked as such. Public access to CVS is a massive mistake. Huge. Whatever happens I'm going to need a work-around for this. I could use suggestions - thanks nigel. ------------------------------------------------------------------------ [2006-10-10 13:45:58] [EMAIL PROTECTED] Please try using this CVS snapshot: http://snaps.php.net/php5.2-latest.tar.gz For Windows: http://snaps.php.net/win32/php5.2-win32-latest.zip ------------------------------------------------------------------------ The remainder of the comments for this report are too long. To view the rest of the comments, please view the bug report online at http://bugs.php.net/39107 -- Edit this bug report at http://bugs.php.net/?id=39107&edit=1
