cookies shared across subdomains?

Regular Joined: Jan 14, 2005 Posts: 93

I'm using subdomains on my site for regional areas. They are all actually using the same PHPNuke db as my root domain.

QUESTION - how can I set the users browser cookie so that they don't need to login to each subdomain?

For example, if the user logs onto WWW.DOMAIN.COM how can the cookie be set to recognize them when they visit STATE.DOMAIN.COM or any other subdomain under DOMAIN.COM?

Thanks as always for your help!

Site Admin/Owner Joined: Aug 27, 2002 Posts: 17088

You might search google for 'sharing cookies across subdomains'.

Posted: Mon Apr 18, 2005 11:09 am

actually I did Google it first. From the PHP manual...

To make the cookie available on all subdomains of example.com then you'd set it to '.example.com'.

I'm confused about where I set the domain variable .MYDOMAIN.COM for the cookie in PHP Nuke.

I found a field cookie_domain in the mysql database. I changed it from DOMAIN.COM to .DOMAIN.COM and it does not preserve the session across my subdomains.

Any help on what I'm doing wrong would be greatly appreciated.

Posted: Mon Apr 18, 2005 4:18 pm

Update...

OK it appears that it IS working, but only if someone logs on from http://domain.com is the cookie is preserved across all subdomains.

However if the user logs on from a subdomain, the session is not preserved across the sub domains.

What is the best course of action for this? Do I need to force all logins from a login page at http://domain.com and if so, what is the best course of action for that? (I use the site visitors block on my site which allows the user to log in from any page.)

Thanks...

Posted: Mon Apr 18, 2005 7:15 pm

modify each PHP file that uses http://php.net/setcookie

Posted: Tue Apr 19, 2005 12:21 am

djmaze wrote:

modify each PHP file that uses http://php.net/setcookie

I've searched thru all the files in my site and cant find any using that.

Again, this is working now, but only when signing in from DOMAIN.COM

Session cookies all have the alias (WWW.DOMAIN.COM STATE.DOMAIN.COM, etc) added to them and are not shared across subdomains.

So the question now I suppose is how I can get cookies issued from subdomains to ignore the subdomain alias and simply use DOMAIN.COM ?

Thanks.

registered · Useless Joined: Aug 23, 2002 Posts: 213 Location: Chicago

This will require modifying of all setcookie functions throughout phpNuke. This should allowed shared cookies on same domain names and multiple phpNuke on the same domain to function correctly.

Credit: Evaders99 for 6.9
Me: 7.4, 7.3 and 7.2.

Code:

--- [EDIT admin.php] ---





AFTER





<?php





ADD





if (isset($_COOKIE["YOURCOOKIENAME_admin"]))


{


    $admin = $_COOKIE["YOURCOOKIENAME_admin"];


}





--- [EDIT mainfile.php] ---





AFTER


if (!ini_get("register_globals")) {


    import_request_variables('GPC');


}





ADD


if (isset($_COOKIE["YOURCOOKIENAME_user"]))


{


    $user = $_COOKIE["YOURCOOKIENAME_user"];


}


if (isset($_COOKIE["YOURCOOKIENAME_admin"]))


{


    $admin = $_COOKIE["YOURCOOKIENAME_admin"];


}


if (isset($_COOKIE["YOURCOOKIENAME_lang"]))


{


    $lang = $_COOKIE["YOURCOOKIENAME_lang"];


}





AFTER





$tipath = "images/topics/";


$mtime = microtime();


$mtime = explode(" ",$mtime);


$mtime = $mtime[1] + $mtime[0];


$start_time = $mtime;





ADD





   $row = $db->sql_fetchrow($db->sql_query("SELECT config_value FROM ".$prefix."_bbconfig WHERE config_name=


'cookie_name'"));


   $cookiename = $row['config_value'];


   $row = $db->sql_fetchrow($db->sql_query("SELECT config_value FROM ".$prefix."_bbconfig WHERE config_name='cookie_path'"));


   $cookiepath = $row['config_value'];


   $row = $db->sql_fetchrow($db->sql_query("SELECT config_value FROM ".$prefix."_bbconfig WHERE config_name='cookie_domain'"));


   $cookiedomain = $row['config_value'];


   $row = $db->sql_fetchrow($db->sql_query("SELECT config_value FROM ".$prefix."_bbconfig WHERE config_name='cookie_secure'"));


   $cookiesecure = $row['config_value'];





function setcookie2($cname,$cdata=0,$ctime=0)


{


    global $cookiename,$cookiepath,$cookiedomain,$cookiesecure;





    setcookie($cookiename . "_" . $cname, $cdata,$ctime,$cookiepath,$cookiedomain,$cookiesecure);


}








--- [FOLLOWING FILES] ---


in


mainfile.php


admin.php


auth.php (for phpNuke 7.4 and early, ignore for 7.5+)


includes/asfunc.php (if you have Admin Secure)


includes/usercp_register.php (still uses phpNuke code)


modules/News/article.php


modules/News/index.php


modules/Your_Account/index.php








Ignore (already includes correct forums code)


includes/sessions.php


modules/Forums/index.php


modules/Forums/posting.php


modules/Forums/viewforum.php


modules/Forums/viewtopic.php











FIND ALL INSTANCES OF


setcookie(





INLINE REPLACE WITH


setcookie2(





--- [EDIT includes/asfunc.php] ---


(For Admin Secure 1.7 users only!)





FIND





function asec_getRequestC($name){global$HTTP_COOKIE_VARS;$ret="";if($name==""){return$ret;}if(isset($_COOKIE[$name])){$ret=$_COOKIE[$name];}else if(isset($HTTP_COOKIE_VARS[$name])){$ret=$HTTP_COOKIE_VARS[$name];}return$ret;}





REPLACE WITH





function asec_getRequestC($name){global$HTTP_COOKIE_VARS;$ret="";if($name==""){return$ret;}global $cookiename;$name=$cookiename."_".$name;if(isset($_COOKIE[$name])){$ret=$_COOKIE[$name];}else if(isset($HTTP_COOKIE_VARS[$name])){$ret=$HTTP_COOKIE_VARS[$name];}return$ret;}

This has been tested with version 7.4 and below, might see some problems if you are using Admin Secure as your security tool. It's not 100% stable but works so far. Maybe if Raven, chatserv or Bob have some time in their hands, they can help us make this code better.