I have been working on converting my websites session information over from flatfiles to database sessions for a variety of reasons, the main reason being I use the same database of users for both the Administration panel and user panels.
The administration panel is set on a subdomain of our main domain, i.e;
domain.com
staff.domain.com
Both of the domains use the exact same session handler, however when it comes to actually creating the session on the sub-domain and normal domain, two different session_ids are created for the same computer / person.
Is this behavior normal? Is there a way I can make it so logging in the User Panel will also allow me to use the staff panel without logging in as the session is already created?
Thank you
I assume you’re using cookies to transport the session id. The cookie will not get passed to the other part of the website because it is on a different (sub) domain. Thefore PHP generates a new session id.
However, if you manage that both parts have the same session-name and you manage to pass the session-id, then everything should just work.
You can for example create a special script that accepts the session id as parameter and you then take over that session data.
But be careful here so that this can not be easily misused to steal sessions. So probably using a cookie that works for both sites might be a more simple solution.
session.use_only_cookiessession.cookie_domainDocssession_set_cookie_paramsDocs