Sessions with PHP and Amazon AWS EC2

Question

I am running a website on AWS with a domain name registered on Godaddy. The Godaddy domain mydomainname.com points to the IP of my AWS EC2 instance, which has public DNS ec2-x-xx-xxx-xxx.compute-1.amazonaws.com.

I am using PHP for the server side code and running into a problem with sessions. I set the $_SESSION variable when a user logs in, but the only problem is that if I log in at mydomainname.com the session is only set here and if I log in at ec2-x-xx-xxx-xxx.compute-1.amazonaws.com, the session is only set there. How can I get the sessions to coordinate across both of the sites, when they should be one-in-the-same?

I am a beginner at web dev, so please be kind :)

Answer 1

No one (other than you, and even then not for normal usage, just internal use and debugging) should be using ec2-x-xx-xxx-xxx.compute-1.amazonaws.com . Point mydomainname.com at it via DNS (using a CNAME, or Route53's ALIAS record) and have your users use the real domain name.

Answer 2

This won't work. Sessions require cookies on the clients browser which are sent with each request. This is the usual way that the server identifies which session relates to which incoming request.

The browser will only (almost only) send cookies back to the domain that issued them. This means that when the session sets a cookie from 'ec2-x-xx-xxx-xxx.compute-1.amazonaws.com', the browser will not send that cookie to 'my-domain.com' or any other domain.

There are a few exceptions and workarounds to this rule, Single Sign on being one example of transferring some state information between domain names.

If you are concerned about users accessing your website with multiple domains, then an solution is to configure the web server to redirect any requests for alternative hosts to the primary host name you wish to use on the server.