ID: 43682
User updated by: k dot andris at gmail dot com
Reported By: k dot andris at gmail dot com
-Status: No Feedback
+Status: Closed
Bug Type: Session related
Operating System: Debian Sarge
PHP Version: 5.2.4
New Comment:
Actually Suhosin's suhosin.session.cryptdocroot option was the problem.
If the session encryption key is based on the DocRoot it causes the
problem described here (if the base domain and the subdomains are served
from different directories).
Previous Comments:
------------------------------------------------------------------------
[2008-02-21 01:00:00] php-bugs at lists dot php dot net
No feedback was provided for this bug for over a week, so it is
being suspended automatically. If you are able to provide the
information that was originally requested, please do so and change
the status of the bug back to "Open".
------------------------------------------------------------------------
[2008-02-13 18:39:55] [EMAIL PROTECTED]
I don't see how this is PHP bug at all. More like lighttpd bug if a bug
at all. Check these: What host PHP script gets from ligttpd
($_SERVER['SERVER_NAME'] and what is tried to be set for the cookie.
------------------------------------------------------------------------
[2008-02-10 18:29:19] k dot andris at gmail dot com
I found it! The problem only occours if you serve the base domain and
the subdomains from different sections of lighttpd config file, like
this:
$HTTP["host"] =~ "^mysite\.com" {
server.document-root = "/var/www/mysite/"
}
$HTTP["host"] =~ "(.+)\.mysite\.com$" {
server.document-root = "/var/www/mysubdomains/"
}
------------------------------------------------------------------------
[2008-02-10 18:17:20] k dot andris at gmail dot com
It seems to work on another server. I'll try to find out what was wrong
with the first one. Sorry..
------------------------------------------------------------------------
[2008-02-10 17:21:06] k dot andris at gmail dot com
Did you try getting the session variable set on a subdomain at the
root? Like apple.mydomain.com/echo.php sets $_SESSION['apple'] =
'fruit', but mydomain.com/echo.php will not see it. Or does it in your
tests? BTW, session_set_cookie_params lack parameter docs, but I guess
lifetime is in seconds.
------------------------------------------------------------------------
The remainder of the comments for this report are too long. To view
the rest of the comments, please view the bug report online at
http://bugs.php.net/43682
--
Edit this bug report at http://bugs.php.net/?id=43682&edit=1
