Page 1 of 1
Session login issue
Posted: Sun Oct 25, 2009 1:28 am
by matt1234
I'm wondering how to fix a problem I'm having with a session-based login system
Say I go to
http://www.website.com
The page that processes the login then returns the now-logged-in user to
http://www.website.com
If this person goes to
website.com, though, the login page returns them to
www.website.com and it seems to be a different session which makes it appear as though they haven't logged in. Then they login twice.
"Well just have the login page return the user to the URL that they came from"
My problem there is that I have other pages on my site which will direct a user back to
http://www.website.com -such as my Error 403 page. After a certain period of time, it sends the user to
http://www.website.com. If this is a logged-in user who logged in under website.com, it will appear as though they were logged out
Any suggestions?
Re: Session login issue
Posted: Sun Oct 25, 2009 1:59 am
by cpetercarter
The user's browser thinks that
http://www.website.com and website.com are two different sites. If she/he logs in to
http://www.website.com, your server will send a session cookie to the browser. The browser will associate that cookie with
http://www.website.com. If the user subsequently goes to website.com, the browser will have no cookie to send, so the server thinks that the user is not logged in.
I am not sure what the best solution is in your case, but perhaps this explanation of why the problem arises will prompt some ideas.
Re: Session login issue
Posted: Sun Oct 25, 2009 8:28 am
by Eric!
Are you switching between ssl and not ssl encrypted?
Does your page you are redirecting to call session_start and check to see if a logged in session exists before asking to login again?
Re: Session login issue
Posted: Sun Oct 25, 2009 4:09 pm
by matt1234
No I am not switching between SSL and non-SSL
The page it goes back to has a session_start() , yes
but it doesn't check to see if a session exists or not because I don't have it setup where if you're not logged in, it will ask you to. If you're not logged in, it will just not have extra features on the page. And so if someone goes to website.com, they login, they get redirected to
http://www.website.com, the session_start() occurs, and it will look like they haven't logged in. The URL can be changed to read website.com again, and it will show that they are logged in, though.
Is there a way for this session to cover both website.com and
http://www.website.com, or something related?
Re: Session login issue
Posted: Mon Oct 26, 2009 2:46 am
by cpetercarter
Re: Session login issue
Posted: Wed Oct 28, 2009 1:41 am
by matt1234
Ok, well I got the login situation to work. Now, if someone logs in under website.com, they're logged in under both website.com and
http://www.website.com. My issue NOW, though, is logout. In IE, it kills the session for website.com and
http://www.website.com. In FF, it kills the session for whatever they were most recently at. i.e. They're at a logout URL that succeeds
http://www.website.com, and once back at the main page, they're logged out of
http://www.website.com. If it gets changed to website.com, they're still logged in. Any ideas?
Re: Session login issue
Posted: Wed Oct 28, 2009 11:54 pm
by matt1234
Bump
Re: Session login issue
Posted: Fri Oct 30, 2009 7:46 am
by Eric!
Are you creating two different sessions with seperate session ID's? How are you logging them in to both urls?
Re: Session login issue
Posted: Fri Oct 30, 2009 5:22 pm
by matt1234
There doesn't appear to be 2 separate session IDs created.
Here's where I sit now: IE doesn't declare the session for both website.com and
http://www.website.com anymore. Maybe it was a fluke when I originally tested it? FF starts both sessions, though. And then I'm still having the issues with killing the session for both
http://www.website.com and website.com, obviously.
Re: Session login issue
Posted: Fri Oct 30, 2009 7:12 pm
by Eric!
Put in
after calling session_start() for both cases. If the session ID is changing, you have to make sure that both session_id's either get destroyed OR make sure both sessions use the same session_id by setting it to the same ID.
Re: Session login issue
Posted: Fri Oct 30, 2009 9:36 pm
by matt1234
Ok, it seems to be all working now. I think flukes have just come up. Some cache issue or something, i'm not sure.
But it seems to work now. The session IDs are the same. I checked again.