cookies and sessions

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Dave2000
Forum Contributor
Posts: 126
Joined: Wed Jun 21, 2006 1:48 pm

cookies and sessions

Post by Dave2000 »

I have a site. I can login when cookies are enabled. However, when i disable cookies i can no longer log in 8O Help? :? How can i solve this please...

Shears :)
Flamie
Forum Contributor
Posts: 166
Joined: Mon Mar 01, 2004 3:19 pm

Post by Flamie »

some code that show how you "check" if someone is logged in might help ;p
User avatar
Luke
The Ninja Space Mod
Posts: 6424
Joined: Fri Aug 05, 2005 1:53 pm
Location: Paradise, CA

Post by Luke »

if cookies are disabled you have to propogate the session via the url (?PHPSESSID=klhfas;kldfj)
Dave2000
Forum Contributor
Posts: 126
Joined: Wed Jun 21, 2006 1:48 pm

Post by Dave2000 »

this is the part of the code

Code: Select all

if(!isset($_SESSION['userid'])) {
redirect('logout.php');
}

if( $_SESSION['ip_lock'] == 'true' && $_SESSION['login_ip'] != $_SERVER['REMOTE_ADDR']) {
redirect('logout.php');
} 

if ($_SESSION['useragent'] != $_SERVER['HTTP_USER_AGENT']) {
redirect('logout.php');
}
I dont understand what you mean "propogate the session via the url" Do you mean i have to write something like...

$id = session_id();
if cookies not set, make the url: http://domain.com/index.php/?PHPSESSID=$id

THank you
User avatar
s.dot
Tranquility In Moderation
Posts: 5001
Joined: Sun Feb 06, 2005 7:18 pm
Location: Indiana

Post by s.dot »

Seems like your session is configured to use only cookies. Configure your php.ini to not use only cookies.
Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.
Dave2000
Forum Contributor
Posts: 126
Joined: Wed Jun 21, 2006 1:48 pm

Post by Dave2000 »

i cant. i'm on a shared server :(
User avatar
s.dot
Tranquility In Moderation
Posts: 5001
Joined: Sun Feb 06, 2005 7:18 pm
Location: Indiana

Post by s.dot »

PS:

Code: Select all

if( $_SESSION['ip_lock'] == 'true' && $_SESSION['login_ip'] != $_SERVER['REMOTE_ADDR']) { 
redirect('logout.php'); 
}
This isn't a very reliable statement. AOL browser users change ip addresses on every page view. Same with users with dynamic web proxies.
Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.
User avatar
s.dot
Tranquility In Moderation
Posts: 5001
Joined: Sun Feb 06, 2005 7:18 pm
Location: Indiana

Post by s.dot »

Shears wrote:i cant. i'm on a shared server :(
ini_set()
Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.
Dave2000
Forum Contributor
Posts: 126
Joined: Wed Jun 21, 2006 1:48 pm

Post by Dave2000 »

Actually, it is very reliable. Look closer ;)
User avatar
s.dot
Tranquility In Moderation
Posts: 5001
Joined: Sun Feb 06, 2005 7:18 pm
Location: Indiana

Post by s.dot »

Sorry, I don't know your code base well, i was only making a general assumption. Just trying to help! :D
Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.
Dave2000
Forum Contributor
Posts: 126
Joined: Wed Jun 21, 2006 1:48 pm

Post by Dave2000 »

Thank you for your help...

Is session.use_only_cookies the variable i would need to change. At the moment, it's set to off. If i'm right, shouldn't session ids be able to be be passed in URL when it's off?

Thank you

PS. The IP statement is fine because, before loggin in, the user has an option to tick a box, for whether they want their IP to be locked while the are logged in.
User avatar
s.dot
Tranquility In Moderation
Posts: 5001
Joined: Sun Feb 06, 2005 7:18 pm
Location: Indiana

Post by s.dot »

s session.use_only_cookies the variable i would need to change. At the moment, it's set to off. If i'm right, shouldn't session ids be able to be be passed in URL when it's off?
Yes. With this configuration set to ON, it does not allow sessions to be passed via the URL (like when cookies are disabled). With it set to OFF, users with cookies disabled will be able to pass the session through the URL.
Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.
Dave2000
Forum Contributor
Posts: 126
Joined: Wed Jun 21, 2006 1:48 pm

Post by Dave2000 »

Do you know any other variables that may influence this? Essentially, session.use_only_cookies is set to OFF, but i am still unable to login when i disable cookies. :(
User avatar
s.dot
Tranquility In Moderation
Posts: 5001
Joined: Sun Feb 06, 2005 7:18 pm
Location: Indiana

Post by s.dot »

Shears wrote:Do you know any other variables that may influence this? Essentially, session.use_only_cookies is set to OFF, but i am still unable to login when i disable cookies. :(
Given the code you've provided, no. That would be the only thing causing it. Are you calling setcookie() anywhere, and depending on it for login? Otherwise, it should work fine! I am not the gurus of gurus, so i will let someone else try to help! Good luck bro.
Set Search Time - A google chrome extension. When you search only results from the past year (or set time period) are displayed. Helps tremendously when using new technologies to avoid outdated results.
Post Reply