I am struggling to manage session between domain and sub-domain
my domain is example.com having own laravel(5.1) folder structure and other sub-domain having its own laravel(5.1) folder structure
domain and sub-domain access same database
below domain look like
example.com
forum.example.com
access same database "mydatabase"
session management occured only on example.com have numbers of user. I would like to access users same session in forum.example.com
To share session between your domain and sub domains you should:
Set the same value for domain in app/config/session.php as: .example.com
Make sure both of your Laravel applications share the same session storage, for ex. you better be using database or redis session driver
Make sure you have the same APP_KEY set in your .env file
Related
I have a Laravel 8 application. The session is not working if deployed on the subdomain.
For example, I have a domain "example.com" and we have created two subdomains testapp.example.com and app.example.com for testing and staging environments.
When deploying the application on testapp.example.com first we observed that session not working after that updated config/session.php to set session domain = ".example.com". Initially, it was working after this change but when again the application deployed on "app.example.com" session not working on testapp.example.com. It is working for "app.example.com". I want different sessions to be maintained on these different subdomains, dont want to share session between subdomain. Can anyone suggest?
Thanks.
You do not want to set that session domain, that is the session_domain configuration if you wish to share the sessions across subdomains. By default it will not. You need them to be set to app.example.com and testapp.example.com accordingly. This is the SESSION_DOMAIN in the .env file
Alternatively you can simply change the SESSSION_COOKIE for each application. This is best set in the .env file as SESSION_COOKIE=testexample.com or alternatively in config/session.php if you already modified the default laravel settings in there.
I have 2 Asp.Net Core 2.2 applications and I want to share session between them.
I've set up session in a SQL database and both connect ok.
They are on different sub domains.
I understand that I can set the Cookie.Domain the startup file, which would solve the problem at a basic level, so each application would create the cookie such that it can be accessed.
e.g.
Domain 1. "www.website.com"
Domain 2. "dashboard.website.com"
At present these sites can't access each others session cookie.
If I set the domain cookie to ".website.com", both should be able to access this.
The problem is that we have multiple domains that use this website, so it could be:
www.domain1.com
dashboard.domain1.com
www.domain2.com
dashboard.domain2.com
www.domain3.com
dashboard.domain3.com
I need to be able to inject the current host name into the startup cookie domain, in order to have it dynamically set, depending on the domain of the active website.
Is this at all possible?
Thanks in advance,
David
No, it's not possible. Cookies are domain-bound. You can set a wildcard for the subdomain portion on the cookie, which would then allow it to be seen by example.com, www.example.com, foo.example.com, etc. but you can cannot share with an entirely different domain altogether, such as example2.com.
Your only option in this case is an Identity provider like IdentityServer, Auth0, Azure AD, etc. The way these work is that the auth cookie is set at the provider, and then each individual app is authorized against that provider. As such, they can receive the user principal from the provider, without having the actual auth cookie or their own login functionality.
UPDATE
If you just need to share between sites on the same primary domain, then follow the instructions in the docs. That's focused on auth cookies. If you need to share sessions as well, the same procedure applies, but you must additionally have a true distributed cache setup (Redis, SQL Server, etc.). There's a distributed memory cache, but that's just a default implementation, and it's not actually distributed.
I am new to Laravel. I have created a domain and subdomain with a specific domain group.
domain.com
admin.domain.com
On my domain.com a user can login. And in the subdomain admin.domain.com an admin can login. The problem Im having is when a user is logged in the root domain the admin subdomain is also logged in. I want the root domain and subdomain to be of different sessions. Please help!
This problem is not on framework, I got this problem when I worked with Yii 2.0 too, the issue because sessions general from application key, the solution is make key different between root and subdomain.
The solution here is you have to general another Laravel Application key on your subdomain follow the document:
php artisan key:generate
Application key [Idgz1PE3zO9iNc0E3oeH3CHDPX9MzZe3] set successfully.
2 keys in root and subdomain have to different.
Hope this help.
Laravel by default uses a single cookie to keep session data and manage its authentication system, thats why your user keeps logged across your subdomains, because your cookie is still there.
In this case I think you have 2 options:
1st: Create a different auth system using middlewares for each subdomain group to manage sessions (lets say you create/read a different cookie for each subdomain, but this could be a little bit tricky if the same user want to use the app across different subdomains at the "same time").
2nd: Use a different session driver (lets say database e.g.)
I have a cpanel account with option for unlimited add-on domains. I have added a domain, say, example.org. For this, cpanel has also created a sub-domain for main hosting domain example.main-domain.com.
Now I have purchased another domain example.com. When I try to add it through addon domains option, cpanel gives an error that subdomain example.main-domain.com already exists.
Is there a way to add the second domain in this scenario?
The first part of the subdomain is determined by the Subdomain or FTP Username: you set when you add the subdomain.
Cpanel auto-fills this field with the first part of the domain name but you can enter anything you like.
So when you go to add example.com Cpanel will auto-fill the Subdomain or FTP Username: to example and try to create the subdomain example.main-domain.com which already exists from when you added example.org in the same way so it will throw an error like
(XID bqnr82) A DNS entry for the domain “example.main-domain.com” already exists.
Instead when you add example.com enter any unused value into the Subdomain or FTP Username: field, such as exampledotcom and the subdomain cpannel creates will be at
exampledotcom.main-domain.com
This is explained and discussed here
https://forums.cpanel.net/threads/addon-domains-differing-only-in-tld-extension.249141/
You can edit the sub-domain name to example1 while adding the other domain example.com. So, that the next sub-domain will be example1.main-domain.com.
When you create addon domain it also creates subdomain for the addon domain. Now you since create subdomain with name example already so when you attempt to add addon domain with name example.com it could not create subdomain example since it was already added. Just rename already created subdomain and attempt to add the server. It will fix the problem.
Suppose in a domain (app.domain.com) I have set a Session like this:
Session::put('test', 'value');
Then in different domain (ex. news.domain.com) I want to retrieve that session value. Note that the other domain is located ON DIFFERENT SERVER, but still same domain name.
My question is, will Session::get('test') is available in news.domain.com if I set the laravel config file to domain => '*.domain.com'?
If you have the subdomains hosted on different physical machines, setting the domain in app/config/session.php to this:
'domain' => '.domain.com'
will work as long as the two apps will be able to access a shared session data storage (for example using the database session driver and having a common database that stores the sessions).