zend-frameworksessionzend-session

Zend Session: Common session at multi apps


I want to my users from one service at sub-domain/domain can login to the rest at once.

This is my structure:

Domains

All of them are using one database for accounts, sessions etc.
I have tried to put Session_Db_Adpater to work when someone enters one of the apps and save his ip to database.
Then when he enters another one script (in that other, ofc.) should check if he has in table record, and if he does, script should make active session to that one or if he doesn't create new one.


Trial 1: I have tried to simple update session_data to new id from the old one, but session_data refuse to update although $db->update() return true.

Trial 2 I turned off Session_SaveHandler_DbTable and tried this, because in the end they are in the same domain :

  Zend_Session::setOptions(array('cookie_domain' => '.example.com'));
    Zend_Session::start();

Still nothing.

Trial 3 I used Zend_Session::setId();

    $db = Zend_Registry::get('users_db');    
    $test = $db->select()->from('session')->where('ip = ?', $_SERVER['REMOTE_ADDR']);
    $row = $db->fetchRow($test);
    if($row) {            
        Zend_Session::setId($row['session_id']);
    } else {
        Zend_Session::start();
        $db->update('session', array('ip'=>$_SERVER['REMOTE_ADDR']), 'session_id = "'. Zend_Session::getId() .'"');
    }

And it works for 2-5 min and then throws up this error: The session has already been started. The session id must be set first.

I noticed that when I enters by for example app3.example.com , session doesn't inserting row to database. Adapter is working good, because I have checked some testing query's and it works.

I put in SessionHandler configuration something like this:

    $config = array(
        'db' => Zend_Registry::get('users_db') ,  //or alone 'main_db' 

The rest of config is default as in reference.

Please, help.


Solution

  • You do not need to set anything from Zend. Just set the following in your php.ini file

    ; The path for which the cookie is valid.
    session.cookie_path = /
    
    ; The domain for which the cookie is valid.
    session.cookie_domain =
    

    Now all your applications from the subdomains can access the same SESSION IDs created from the main application and vice versa.