Page 1 of 1

Session problem revisited

Posted: Tue Feb 28, 2006 8:54 am
by chrys
Hey guys -- It's me again :)

So I investigated my problem with session again, and I have a quick question:

What can I do about two PHPSESSID cookies being set?

I've tried manually deleting the cookie, but that is not working. Basically, at one point there are two PHPSESSID cookies on the user's computer so they log in, then they get logged out whenever they load the next page, because it's reading the wrong PHPSESSID cookie. Atleast, that's my theory at the moment.

Any ideas?

Posted: Tue Feb 28, 2006 9:49 am
by feyd
unique session names.

Posted: Tue Feb 28, 2006 10:08 am
by chrys
feyd wrote:unique session names.
I used to use unique session names and it still did the same thing... so I went back to PHPSESSID and the problem occured less frequently

edit: the cookies all come from the same application

Posted: Tue Feb 28, 2006 10:31 am
by neophyte
I may be wrong but I believe your problem is with the domain the session is register for. The session cookie may not be registered for both http://www.somedomain.com and domain.com.

To fix this check out session_set_cookie_params()

In the parameter for domain insert your domain name as '.domain.com'. The leading '.' is important.

That should fix it.

The only other fix is to force your pages to redirect to a specific domain name.

Hope I'm not way off here.

Posted: Tue Feb 28, 2006 10:38 am
by chrys
neophyte wrote:I may be wrong but I believe your problem is with the domain the session is register for. The session cookie may not be registered for both http://www.somedomain.com and domain.com.

To fix this check out session_set_cookie_params()

In the parameter for domain insert your domain name as '.domain.com'. The leading '.' is important.

That should fix it.

The only other fix is to force your pages to redirect to a specific domain name.

Hope I'm not way off here.
The domains gets set fine when I check the cookie's settings on the local computer.

This doesn't happen all the time, this happens once in a while, usually after someone gets auto-logged out.

Posted: Tue Feb 28, 2006 11:37 am
by neophyte
So can you reproduce the error yet?

Posted: Tue Feb 28, 2006 11:45 am
by chrys
neophyte wrote:So can you reproduce the error yet?
No, I have to wait until one of the users comes to me and says it happened, then I investigate it, but I've spent hours on it and really come to no conclusion or solution.

When it happens, I check both the session file on the server and the cookie on the local and they match fine. Then I log in as them. Then, as soon as they click to go to another page within the application, they are logged out and they are given a new local cookie... which on the server does not contain the username variable which is what I use to identify that they are logged in, the question is.. why is a new cookie assigned? When there is definately already another one, the only thing I've noticed is there are 2 PHPSESSIDs, so it can just be endlessly checking the wrong one and creating a new one.

Posted: Tue Feb 28, 2006 11:59 am
by neophyte
I can only think of two reasons the cookie expired or they're on a different domain. But because there are two cookies, I'd say different domain.

Are they logged in on 'http' and then going to an 'https' second page? That can cause the same problem too.

Are there any php header() calls going to the browser on the second page?

I'm just throwing out suggestions now....

I hate login issues, I had one once I couldn't figure out. It involved IE. Cookie was present but no login. Users had to dump their cookies and what not to get in. Never could figure out if it was my script or the browser.

Posted: Tue Feb 28, 2006 12:29 pm
by chrys
neophyte wrote:I can only think of two reasons the cookie expired or they're on a different domain. But because there are two cookies, I'd say different domain.

Are they logged in on 'http' and then going to an 'https' second page? That can cause the same problem too.

Are there any php header() calls going to the browser on the second page?

I'm just throwing out suggestions now....

I hate login issues, I had one once I couldn't figure out. It involved IE. Cookie was present but no login. Users had to dump their cookies and what not to get in. Never could figure out if it was my script or the browser.
Yeah, that issue you had sounds similar to this... Though I doubt my bosses will settle for "It's the browser's fault"