Answered How can I get my ModX Revo 2.2 to share the session?

Edit: Post has been modified to consolidate information regarding the situation.

---

I have several subdomains set up as contexts in my ModX Revo 2.2 install. When I log in to my primary domain, I would like it to share the session with my subdomains. I am using the Login addon. This post, http://stackoverflow.com/questions/9761447/modx-revolution-doesnt-switch-context, indicates that I must check for "load" permission. According to Login and http://forums.modx.com/index.php/topic,64442.msg364741.html, I have made sure of the following:

• My Login uses the &contexts property for all subdomains
• I have set session_cookie_domain to .mydomainname.tld. I have also tried *.mydomainname.tld. Every time I change the variable, I lose access to the manager and it is difficult to get it back. It has now been reset back to default.
• I have set up my administrators user group to have full permissions (including load) on all contexts.
• I have verified that anonymous users have access of 9999 (with load only) to all contexts.
• I have also tried making sure that the context minimum role is 9999. When this did not work, I tried with minimum role of 0. Neither achieved any positive results.

Now, to be clear: I am using Login as the indicator of the sharing as the new contexts have no content. However, when I log in to the primary domain, and move to a subdomain, Login is still showing the standard Login screen on the subdomain. On the primary domain, it is showing that I am logged in.

---

Additional Information: I'm not sure if this is important, but my primary domain is not www.mydomainname.tld. It is actually mydomainname.tld. In my experience, this has never changed the behavior of ModX, but could it be affecting the cookie (i.e. why session_cookie_domain does not work properly)?

---

It is absolutely necessary that the session be shared. The above solutions have worked for others. Am I missing something? [ed. note: fuzzicallogic last edited this post 11 years, 10 months ago.]

You MUST have session_cookie_domain set to .mydomain.tld (with the . prefix). This is the ONLY way your browser will be allowed to share it's session cookie with different sub-domains. When you change this, you will need to clear ALL your browser cookies for the domain (and it's sub-domains) in question.

Alright. Despite the issues I experienced last time, I have set the session_cookie_domain to .mydomainname.tld. No issues with access this time. *doing the happy dance*

However, this still does not share the session between the contexts. *not as happy a dance as I would like* What else might I be missing? Or is there something the I might have changed in order to affect this?

Other steps I have made to solve this issue:

• Remember Me is implemented and works, but only on primary domain.

Some potential ideas:

• Do I need a snippet or plugin? If so, I have no idea where to start.
• To move between contexts, I am using Weblinks so that I may utilize Wayfinder. Should I use something else?
• As stated previously, my .htaccess has my primary domain set to mydomainname.tld and not www.mydomainname.tld. Do I need to set this to the latter? (I would prefer not to)

I can't think of anything else, but those are some immediate thoughts at the moment. Thanks again! [ed. note: fuzzicallogic last edited this post 11 years, 10 months ago.]

Quote from: fuzzicallogic at Jun 25, 2012, 05:25 PM

However, this still does not share the session between the contexts. *not as happy a dance as I would like* What else might I be missing? Or is there something the I might have changed in order to affect this?

How are you switching Contexts and how are they configured? Are you using a Plugin for this, or a custom index.php or different virtual hosts for each subdomain?

Quote from: fuzzicallogic at Jun 25, 2012, 08:26 PM

Apparently, the Login snippet does not trim white space from the contexts property. Should this be labeled a bug? Or is this intended functionality?

It's not intended functionality, simply an oversight. You can report it here so it gets resolved and not forgotten about.