PHP Multi-Domain Sessions; ini_set Not Working?

Question

I\'m trying to set it up so if you log in to my website the session carries over to all sub-domains of my website. For example, if you go to domain.com and log in, then go t

Answer 1

I know it's late after the question, but seeing this is the only proper answer I found and people are going to use it since the answer is voted up, I wanted to note that it is a session hack waiting to happen. So a solution for this:

define("ENCRYPTION_KEY", "whatever you want to use as key"); // encryption key
if (isset($_COOKIE['SessionEncrypt']) && !empty($_COOKIE['SessionEncrypt'])) {
    //echo "get cookie: ".$_COOKIE['SessionEncrypt']; //urldecode(decrypt($_COOKIE['SessionEncrypt'], ENCRYPTION_KEY));
    session_id(decrypt(urldecode($_COOKIE['SessionEncrypt']), ENCRYPTION_KEY));
    //session_id($_COOKIE['SessionEncrypt']);
}
session_start();
setcookie('SessionEncrypt',urlencode(encrypt(session_id(), ENCRYPTION_KEY)),time()+86400,'/','yourdomain.com'); // will work cross subdomain

To encrypt/decrypt (found it here somewhere, works like a charm):

function encrypt($pure_string, $encryption_key) {
    $iv_size = mcrypt_get_iv_size(MCRYPT_BLOWFISH, MCRYPT_MODE_ECB);
    $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
    $encrypted_string = mcrypt_encrypt(MCRYPT_BLOWFISH, $encryption_key, utf8_encode($pure_string), MCRYPT_MODE_ECB, $iv);
    return $encrypted_string;
}

function decrypt($encrypted_string, $encryption_key) {
    $iv_size = mcrypt_get_iv_size(MCRYPT_BLOWFISH, MCRYPT_MODE_ECB);
    $iv = mcrypt_create_iv($iv_size, MCRYPT_RAND);
    $decrypted_string = mcrypt_decrypt(MCRYPT_BLOWFISH, $encryption_key, $encrypted_string, MCRYPT_MODE_ECB, $iv);
    return $decrypted_string;
}

This way nobody can read the session in the cookie. Cause you don't have to be a genius to insert a cookie in your browser. With this, people tend to forget that sessions are in fact readable from a server. If your browser can reach it, so can other programs.