Session login issue

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
matt1234
Forum Commoner
Posts: 44
Joined: Wed Nov 26, 2008 9:43 pm

Session login issue

Post by matt1234 »

I'm wondering how to fix a problem I'm having with a session-based login system

Say I go to http://www.website.com
The page that processes the login then returns the now-logged-in user to http://www.website.com
If this person goes to website.com, though, the login page returns them to www.website.com and it seems to be a different session which makes it appear as though they haven't logged in. Then they login twice.

"Well just have the login page return the user to the URL that they came from"
My problem there is that I have other pages on my site which will direct a user back to http://www.website.com -such as my Error 403 page. After a certain period of time, it sends the user to http://www.website.com. If this is a logged-in user who logged in under website.com, it will appear as though they were logged out

Any suggestions?
cpetercarter
Forum Contributor
Posts: 474
Joined: Sat Jul 25, 2009 2:00 am

Re: Session login issue

Post by cpetercarter »

The user's browser thinks that http://www.website.com and website.com are two different sites. If she/he logs in to http://www.website.com, your server will send a session cookie to the browser. The browser will associate that cookie with http://www.website.com. If the user subsequently goes to website.com, the browser will have no cookie to send, so the server thinks that the user is not logged in.

I am not sure what the best solution is in your case, but perhaps this explanation of why the problem arises will prompt some ideas.
Eric!
DevNet Resident
Posts: 1146
Joined: Sun Jun 14, 2009 3:13 pm

Re: Session login issue

Post by Eric! »

Are you switching between ssl and not ssl encrypted?

Does your page you are redirecting to call session_start and check to see if a logged in session exists before asking to login again?
matt1234
Forum Commoner
Posts: 44
Joined: Wed Nov 26, 2008 9:43 pm

Re: Session login issue

Post by matt1234 »

No I am not switching between SSL and non-SSL

The page it goes back to has a session_start() , yes
but it doesn't check to see if a session exists or not because I don't have it setup where if you're not logged in, it will ask you to. If you're not logged in, it will just not have extra features on the page. And so if someone goes to website.com, they login, they get redirected to http://www.website.com, the session_start() occurs, and it will look like they haven't logged in. The URL can be changed to read website.com again, and it will show that they are logged in, though.

Is there a way for this session to cover both website.com and http://www.website.com, or something related?
cpetercarter
Forum Contributor
Posts: 474
Joined: Sat Jul 25, 2009 2:00 am

Re: Session login issue

Post by cpetercarter »

matt1234
Forum Commoner
Posts: 44
Joined: Wed Nov 26, 2008 9:43 pm

Re: Session login issue

Post by matt1234 »

Ok, well I got the login situation to work. Now, if someone logs in under website.com, they're logged in under both website.com and http://www.website.com. My issue NOW, though, is logout. In IE, it kills the session for website.com and http://www.website.com. In FF, it kills the session for whatever they were most recently at. i.e. They're at a logout URL that succeeds http://www.website.com, and once back at the main page, they're logged out of http://www.website.com. If it gets changed to website.com, they're still logged in. Any ideas?
matt1234
Forum Commoner
Posts: 44
Joined: Wed Nov 26, 2008 9:43 pm

Re: Session login issue

Post by matt1234 »

Bump
Eric!
DevNet Resident
Posts: 1146
Joined: Sun Jun 14, 2009 3:13 pm

Re: Session login issue

Post by Eric! »

Are you creating two different sessions with seperate session ID's? How are you logging them in to both urls?
matt1234
Forum Commoner
Posts: 44
Joined: Wed Nov 26, 2008 9:43 pm

Re: Session login issue

Post by matt1234 »

There doesn't appear to be 2 separate session IDs created.

Here's where I sit now: IE doesn't declare the session for both website.com and http://www.website.com anymore. Maybe it was a fluke when I originally tested it? FF starts both sessions, though. And then I'm still having the issues with killing the session for both http://www.website.com and website.com, obviously.
Eric!
DevNet Resident
Posts: 1146
Joined: Sun Jun 14, 2009 3:13 pm

Re: Session login issue

Post by Eric! »

Put in

Code: Select all

echo session_id();
after calling session_start() for both cases. If the session ID is changing, you have to make sure that both session_id's either get destroyed OR make sure both sessions use the same session_id by setting it to the same ID.
matt1234
Forum Commoner
Posts: 44
Joined: Wed Nov 26, 2008 9:43 pm

Re: Session login issue

Post by matt1234 »

Ok, it seems to be all working now. I think flukes have just come up. Some cache issue or something, i'm not sure.
But it seems to work now. The session IDs are the same. I checked again.
Post Reply