* Thus wrote Blaine ([EMAIL PROTECTED]):
>
> I also read that ini_set() can be used in an .htaccess in the root
> directory of each domain, subdomain and directory where pages may use
> sessions. It would look something like:
>
> php_value session.cookie_domain .domain.com
>
> Setting the value in an .htaccess would be a lot easier than including
> ini_set("session.cookie_domain", ".domain.com");
> on each page that uses sessions.
Yes, this is a wiser choice vs. setting it system wide.
You do have another alternative which would be to use the 5th
argument in set cookie:
bool setcookie ( string name [, string value [, int expire [,
string path [, string domain [, int secure]]]]])
>
> I have not tested any of these options as I am now gathering info in
> order to make a decision. I would appreciate any feedback on organizing
> the site, using subdomains, and passing session values from domain to
> domain. Is this more trouble than it is worth? Should I just use
> directories to organize the site?
In general allowing subdomains (.yourdomain.com) is safe. But as a
hosting company you might perhaps allow that cookie to be modified
by other people if say you set up a simple hosting site for a user:
user.yourdomain.com/
or
yourdomain.com/~user/
But from what it looks like you arn't planing on using that
methodology, for users.
I tend to stay away from directories and use subdomains to
distinguish between different aspects of the site as per some
examples:
domain.com main web pages for domain
www.domain.com main web pages for domain
dbadmin.domain.com Database interface
logs.domain.com View my logs.
Now going back to your cookie issue, you really dont want dbadmin
and logs to be using the same cookie namespace. The only namespace
you would want to share would be the www.domain.com and domain.com,
because they are pointing to the same place.
You could also opt out of using the cookie method of passing
session id around and use the php SID query paramater. But you
then have to be careful at which domains you going to pass your SID
too. On the other hand you have more control and it is expected to
work even if the user refuses your cookies.
HTH,
Curt
--
"I used to think I was indecisive, but now I'm not so sure."
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
