The Elgg Community: Make session cookie visible regardless of subdomain

Home Plugins Groups Discussion

Elgg Technical Support

Get support from other Elgg users

Subscribe to feed

Group discussion

Group discussion > Make session cookie visible regardless of subdomain

Make session cookie visible regardless of subdomain

Paul in Boise

Paul in Boise
103 days ago

I have discovered that the session cookie set by Elgg at login can only be read by the subdomain where it was created. I am using Elgg 1.8.3

If I go to www.mydomain.com/elggdir/ and log in, then change the URL in my browser to just mydomain.com/elggdir/ it doesn't see me as logged in.

Additionally, a separate microsite will be tightly linked to my Elgg installation, and it lives at myproject.mydomain.com so it also can't see the Elgg cookie.

I tried creating a new php.ini file in the Elgg root directory with this line:
session.cookie_domain=.mydomain.org
, and logged in. My browser's cookie library showed that Elgg did properly set the cookie to be owned by .mydomain.com instead of mydomain.com as previously.

However, login now fails totally. When I try to log in, Elgg shows a red bar in the upper right corner saying 'you have to be logged in to see this file.' I had to disable my php.ini file to get my site back.

My research has only turned up one good discussion about cross-subdomain Elgg sessions. Can anyone provide input on this?

Thank you for your time.

Paul

Steve Clay

Steve Clay
103 days ago

Hmm, I would've suggested the session.cookie_domain change, too. You're sure you've deleted all your cookies before trying again?

Paul in Boise

Paul in Boise
103 days ago

As far as I can tell, yes. I tried in several browsers. Here are the results:

with the .mydomain.com php.ini in place:
PC:
    IE8:
        www: logs in, routes to http://mydomain
        no sub: logs in.
    Chrome 16:
        www: routes to http://mydomain, reloads login screen
        no sub: reloads login screen
    Opera 11.61:
        www: logs in, routes to http://mydomain
        no sub: logs in.
    Firefox 9.0.1
        www: routes to http://mydomain, reloads login screen
        no sub:reloads login screen

Mac
    Firefox 9.0.1
        www: routes to http://mydomain, reloads login screen
        no sub: reloads login
        one time, it logged me in, maybe due to some inconsistent cookie deletion?
    Safari 5.1.2
        www: routes to http://mydomain, reloads login screen
        no sub: reloads login
    Opera
        www: routes to http://mydomain, logs in successfully.
        no sub: logs in

Opera works on both PC and Mac, and IE8 works on the PC. I wonder if those handle cookies differently?

Update: I disabled the php.ini file again, deleted cookies in Firefox on both PC and Mac. Then I tried logging into Elgg, and got in, no problem, on both machines.

Steve Clay

Steve Clay
103 days ago

You should try setting session.cookie_domain in your config file:

ini_set('session.cookie_domain', '.mydomain.com');

Steve Clay

Steve Clay
103 days ago

My hunch is that your host (like Site5.com) requires PHP settings to be set in a php.ini file in every directory where PHP scripts are called by Apache. Setting in engine/settings.php makes this this is always set.

Paul in Boise

Paul in Boise
100 days ago

Steve, Thank you for sticking with me on this. I tried placing the ini_set line in engine/settings.php, and got the same behavior as when I tried setting the subdomain access in the .htaccess file. Can't log in in Firefox, but can in IE. I disabled the ini_set line, and now can log in with Firefox.

I have been considering multiple aspects of this project over the weekend and have decided to simply move my Elgg installation into the same subdomain as the current project that will use it. That should clear up this problem and other issues I have been working on.

Paul

| About | Terms | Privacy |