Page 1 of 1

$_SESSION Cookie

Posted: Fri Apr 30, 2010 6:35 pm
by Plxply
Hello,

I currently have a basic login system set up where once the user has been authenticated their UID is stored in a $_SESSION variable, however I'm having the issue where if the user access my site through example.com rather than www.example.com they would be issued another cookie with a different session ID. Is there a way to make the session cookie apply to both example.com and www.example.com? Or at least a way to detect if my site has been accessed this way and redirect appropriately?

Thanks for your help,

Re: $_SESSION Cookie

Posted: Fri Apr 30, 2010 6:44 pm
by mecha_godzilla
You could use the $_SERVER["REQUEST_URI"] value to do this. You might want to think about regenerating the session_id after the user has been authenticated anyway (as this is a good practice) and you can then redirect the user's browser using the correct URL format (so they can log-in at either domain.com or www.domain.com but will always be redirected to www.domain.com).

HTH,

Mecha Godzilla

Re: $_SESSION Cookie

Posted: Fri Apr 30, 2010 7:06 pm
by Plxply
Thanks for your advice regarding the regeneration of the session ID mecha_godzilla!

Although I fail to understand how $_SERVER['REQUEST_URI'] will allow me to see if they have access example.com or www.example.com as it just appears to show the file which was accessed for example /index.php. Am I doing something wrong, and if so would it be possible for you to provide me with a quick code snippet that would allow me to detect this and redirect as appropriate.

Re: $_SESSION Cookie

Posted: Fri Apr 30, 2010 7:18 pm
by mecha_godzilla
Erm...you might want to try this instead:

$_SERVER['SERVER_NAME']

or even:

$_SERVER['HTTP_HOST']

or even:

$_SERVER['SERVER_ADDR']

See this article to see what the difference is between the first two and why you might not want to rely on SERVER_NAME:

http://shiflett.org/blog/2006/mar/serve ... -http-host

Not sure what the difference is between SERVER_NAME and SERVER_ADDR, so will look into this shortly.

Apologies for the misinformation. Apparently it's been a bit of a long night for some people - off to bed for me I think ;)

M_G

Re: $_SESSION Cookie

Posted: Fri Apr 30, 2010 7:39 pm
by Plxply
Thanks for your help, the solution you have suggested works perfectly.