Shears
cookies and sessions
Moderator: General Moderators
cookies and sessions
I have a site. I can login when cookies are enabled. However, when i disable cookies i can no longer log in
Help?
How can i solve this please...
Shears
Shears
this is the part of the code
I dont understand what you mean "propogate the session via the url" Do you mean i have to write something like...
$id = session_id();
if cookies not set, make the url: http://domain.com/index.php/?PHPSESSID=$id
THank you
Code: Select all
if(!isset($_SESSION['userid'])) {
redirect('logout.php');
}
if( $_SESSION['ip_lock'] == 'true' && $_SESSION['login_ip'] != $_SERVER['REMOTE_ADDR']) {
redirect('logout.php');
}
if ($_SESSION['useragent'] != $_SERVER['HTTP_USER_AGENT']) {
redirect('logout.php');
}$id = session_id();
if cookies not set, make the url: http://domain.com/index.php/?PHPSESSID=$id
THank you
Seems like your session is configured to use only cookies. Configure your php.ini to not use only cookies.
Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.
PS:
This isn't a very reliable statement. AOL browser users change ip addresses on every page view. Same with users with dynamic web proxies.
Code: Select all
if( $_SESSION['ip_lock'] == 'true' && $_SESSION['login_ip'] != $_SERVER['REMOTE_ADDR']) {
redirect('logout.php');
}Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.
ini_set()Shears wrote:i cant. i'm on a shared server
Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.
Sorry, I don't know your code base well, i was only making a general assumption. Just trying to help! 
Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.
Thank you for your help...
Is session.use_only_cookies the variable i would need to change. At the moment, it's set to off. If i'm right, shouldn't session ids be able to be be passed in URL when it's off?
Thank you
PS. The IP statement is fine because, before loggin in, the user has an option to tick a box, for whether they want their IP to be locked while the are logged in.
Is session.use_only_cookies the variable i would need to change. At the moment, it's set to off. If i'm right, shouldn't session ids be able to be be passed in URL when it's off?
Thank you
PS. The IP statement is fine because, before loggin in, the user has an option to tick a box, for whether they want their IP to be locked while the are logged in.
Yes. With this configuration set to ON, it does not allow sessions to be passed via the URL (like when cookies are disabled). With it set to OFF, users with cookies disabled will be able to pass the session through the URL.s session.use_only_cookies the variable i would need to change. At the moment, it's set to off. If i'm right, shouldn't session ids be able to be be passed in URL when it's off?
Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.
Given the code you've provided, no. That would be the only thing causing it. Are you calling setcookie() anywhere, and depending on it for login? Otherwise, it should work fine! I am not the gurus of gurus, so i will let someone else try to help! Good luck bro.Shears wrote:Do you know any other variables that may influence this? Essentially, session.use_only_cookies is set to OFF, but i am still unable to login when i disable cookies.
Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.