5

I have over two subdomains in my site. such as:www.example.com, login.example.com, user.example.com, cart.example.com...

I setup the cookie_domain as .example.com in config.yml and php.ini

when I setCookies('test', 'value', '.example.com'), but the cookie is always not shared in the subdomain.

there is my config.yml

session:
    handler_id:  session.handler.native_file
    save_path:   "%kernel.root_dir%/../var/sessions/"
    cookie_domain: .example.com
    cookie_lifetime: 0
    name: TESTSESSIONID

in my security:

security:
    session_fixation_strategy:  none
yivi
  • 42,438
  • 18
  • 116
  • 138
Mike Zhang
  • 263
  • 6
  • 10

3 Answers3

2

i needed this to work for all subdomains, but the domain itself changed depending on whether i was developing or in production.

I use parameters_dev.yml and parameters.yml to define the 'domain', then added this in config.yml to allow cookies accross all subdomains.

framework:
session:
    cookie_domain: '.%domain%'
Mike Skinner
  • 191
  • 1
  • 7
1

You can configure the session key in the config.yml defining a cookie_domain. As example:

config.yml

session:
    cookie_lifetime: 0
    save_path: %kernel.root_dir%/var/sessions
    cookie_domain: .my-domain.com
    name: SFSESSID

Hope this help

Matteo
  • 37,680
  • 11
  • 100
  • 115
0

You need to set trusted hosts in your application because for security reason symfony application will respond to whitelisted hosts and subdomins. To do this you have couple of ways to fix it

  1. In your config.yml set trusted_hosts like below
#app/config/config.yml
framework:
    trusted_hosts:  ['example.com', 'login.example.com', 'user.example.com', 'cart.example.com']
  1. You can also set the trusted hosts in the front controller using the Request::setTrustedHosts() method like below.
//web/app.php 
Request::setTrustedHosts(array('.*\.?example.com$'));

Please find below documentation links are for reference purpose

reference 1

reference 2

reference 3

himeshc_IB
  • 853
  • 4
  • 10