I came across an interesting problem that had me stumped for some time and I thought I'd share, what would appear to be the solution.
History
I run a server with a lot of sites on it, that mostly all use an authentication script that I wrote (using sessions). The other week it was reported to me that alot of our users where suddenly unable to login (to any of the systems), on closer investigation I found that there was only one site that you could log in to and that all the users shared the same OS (Windows XP) and browser (IE6).
Further investigation narrowed the problem down the PHP sessions or more to the point the cookies that the sessions used. So I started to look into why this one site was still working as they ALL share the same code, and found a suttle difference. This site was allowing logins across a series of sub-domains.
The reason that IE6 seems to be picky is that the domain for the cookie in the php.in was blank:
Code: Select all
session.cookie_domain =Because this was affecting all the sites I created a file and added it to the php.ini file:
Code: Select all
auto_prepend_file = /home/domain/sitewide/site_init.phpThe code is as follows:
Code: Select all
<?
ini_set("session.cookie_domain", $HTTP_SERVER_VARSї"SERVER_NAME"]);
?>However...
I recieved and email this morning saying the problem was back, and sure enough it was and not only that it was affecting my W2K box running IE6 now aswell. This of course baffled me and I attempted to tackle the problem again. Once again I looked at the site that had continued to work while all the others had broken and sure enough it was still working...!?
Solution 2
The difference in code seemed to be that I was also calling the function session_set_cookie_params in this script as well, up with trust vi and I revised the code:
Code: Select all
<?
ini_set("session.cookie_domain", $HTTP_SERVER_VARSї"SERVER_NAME"]);
session_set_cookie_params( time()+9999999, ""., $HTTP_SERVER_VARSї"SERVER_NAME"] );
if ( $HTTP_COOKIE_VARSїsession_id_set] )
session_id( $HTTP_COOKIE_VARSїsession_id_set] );
?>Q: But I don't have access to the php.ini file
Ok, I used the php.ini file to sort this as I needed to make this work across an entire server running far to many sites to go in an manually edit them all. The code mentioned here will of course work in a normal script, hence the site that stayed working.
[rant]
Ok, fair enough, Microsoft want to to get secure (a 1st in my opinion) and yes maybe I should have done it "properly" in the first place. But it took me ages to figure out what the actual problem was (not so long to work out the solution) but a serries of questions have arrisen:
- 1) Why then did my W2K box stop working when it had been fine while WXP had not?
2) Why was my local webserver not affected (and wasn't for the second time around)?
3) Why did the problem return (after a week) and start affecting my W2K (which as far as I believe hasn't been updated inbetween)?
[/rant]
Anyway, I hope this information helps and feel free to give me feedback or better solutions....