Home/ Questions/Q 7934451
In Process

The Archive Base Latest Questions

Editorial Team
  • 0
Asked: 2026-06-03T21:39:04+00:00

I am working with Cakephp and I have an issue maintaining session across subdomains.

  • 0

I am working with Cakephp and I have an issue maintaining session across subdomains. My problem is as follows:

  • Users login on ‘localhost/login’
  • If authenticated they are redirected to ‘customer.localhost/home’.

Currently Cake is creating a cookie for each domain ie localhost and customer.localhost.
This means that I cannot keep the session working for the user. Is there a way to make all cookies domain fixed to the parent domain with the goal of keeping the session working across subdomains?

I have tried entering this in my bootstrap but it has no effect:
ini_set(‘session.cookie_domain’, ‘.localhost’);

If you think this cannot be done please feel free to let me know so that I can move on from this frustrating problem.

Many thanks,

kSeudo

Share

Leave an answer

You must login to add an answer.

Need An Account,

1 Answer

  1. Editorial Team

    Sessions (CakePHP 2.x):

    To make the session cookie valid for all your subdomains and the top level domain, you actually need to set it yourself in your APP/config/bootstrap.php file:

    ini_set('session.cookie_domain', '.domain.com');

    Then, in your APP/config/core.php file, set Security to low:

    Configure::write('Security.level', 'low');

    “otherwise the referer_check will be set to the current HTTP_HOST in
    the CakeSession object line 441.”

    Sessions (CakePHP 3.x)

    The session cookie path defaults to app’s base path. To change this
    you can use the session.cookie_path ini value. For example if you want
    your session to persist across all subdomains you can do:

    Configure::write('Session', [
    'defaults' => 'php',
    'ini' => [
        'session.cookie_path' => '/',
        'session.cookie_domain' => '.yourdomain.com'
    ]
]);

    Cookies (CakePHP 2.x):

    On this page it explains that you can use the ‘domain’ variable:

    The domain name allowed to access the cookie.
    e.g. Use ‘.yourdomain.com’ to allow access from all your subdomains.

    Per their example code:

    <?php
public $components = array('Cookie');
public function beforeFilter() {
    parent::beforeFilter();
    $this->Cookie->name = 'baker_id';
    $this->Cookie->time =  3600;  // or '1 hour'
    $this->Cookie->path = '/bakers/preferences/';
    $this->Cookie->domain = 'example.com';
    $this->Cookie->secure = true;  // i.e. only sent if using secure HTTPS
    $this->Cookie->key = 'qSI232qs*&sXOw!';
    $this->Cookie->httpOnly = true;
}

    Cookies (CakePHP 3.x):

    Read here.

    The domain that the cookie is available. To make the cookie available
    on all subdomains of example.com set domain to ‘.example.com’.

    • 0