We have a site with many subdomains, hence the main site has a session cookieParams of ".sitename.com".
However, we have one special admin subdomain that has a different user system and login mechanism, so we have a separate session cookieParam of "subdomain.sitename.com".
The problem is, if someone gets a session cookie from the main site, logging into the admin site fails, because the main site’s “.sitename.com” cookie appears to be taking precedence. Deleting the cookie for the main site fixes the issue temporarily until the browser visits the main site again.
Is there any way around this, or is there a better way to set the cookieParam?
I’m still having this issue, and I think my question is now more specific.
I’ve tried everything I’ve seen here in the forums, but to no avail. No matter what I do, Yii is storing the user’s login in a PHP session named “PHPSESSID”. Even if I set the sessionName to something custom, Yii writes both my custom session name and the “PHPSESSID”, and login fails.
Any idea on how to completely change the sessionName so the system does not default to the "PHPSESSID" sessionName?
Just had the same issue. Didn’t go to deep, but what is happening is that firstly session with default name is called and afterwards your session name is set.
The way I resolved it isn’t to beautiful but works. I simply override php.ini setting in .htaccess file of the project.
php_value session.name mySessionName
On this way default session name is the name you wanna use and you don’t need to set it additionally in your config file because I guess that it could be additional function call which is expensive (didn’t test the claim).
It looks that yiiframework.com might have the same issue (PHPSESID and session_id).
