authentification prolem

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
User avatar
Think Pink
Forum Contributor
Posts: 106
Joined: Mon Aug 02, 2004 3:29 pm

authentification prolem

Post by Think Pink »

hello, I have a question about a problem I have
I have a site http://www.mysite.com lets say.
I have another subdomain of it http://members.mysite.com/

on http://members.mysite.com/ users have a a login area. Everything works well, but when they visit http://www.mysite.com they are not logged in anymore. If they go back, they are logged in.

The scipt that checks for authentification is the main directory, and is included like include ("script.php")
Note that offline everuthying works great.

Also if a ueser loggs out, on http://www.myswite.com/logout.php if they go back on members.mysite.com they appear as logged in

Any ideea about the prb?
Thx
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

What kind of authentication do you use? A session/cookie based or a http-authentication?
User avatar
Think Pink
Forum Contributor
Posts: 106
Joined: Mon Aug 02, 2004 3:29 pm

Post by Think Pink »

What kind of authentication do you use? A session/cookie based or a http-authentication?
sorry, forgot to mention that.
session
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

Then the session_id probably (by default) is transfered as cookie.
Take a look at
http://de2.php.net/session wrote:session.cookie_domain string

session.cookie_domain specifies the domain to set in session_cookie. Default is none at all meaning the host name of the server which generated the cookie according to cookies specification. See also session_get_cookie_params() and session_set_cookie_params().
The client will not send a cookie for the domain http://www.mysite.com with the request to members.mysite.com
http://wp.netscape.com/newsref/std/cookie_spec.html wrote: domain=DOMAIN_NAME
When searching the cookie list for valid cookies, a comparison of the domain attributes of the cookie is made with the Internet domain name of the host from which the URL will be fetched. If there is a tail match, then the cookie will go through path matching to see if it should be sent. "Tail matching" means that domain attribute is matched against the tail of the fully qualified domain name of the host. A domain attribute of "acme.com" would match host names "anvil.acme.com" as well as "shipping.crate.acme.com".
try

Code: Select all

session.cookie_domain=mysite.com
in your php.ini.
Both subdomains are handled by the same webserver?
User avatar
Think Pink
Forum Contributor
Posts: 106
Joined: Mon Aug 02, 2004 3:29 pm

Post by Think Pink »

Both subdomains are handled by the same webserver?
yes.
Is there a eway to change settongs in php.ini form a htacces file? I don't have access to server
User avatar
volka
DevNet Evangelist
Posts: 8391
Joined: Tue May 07, 2002 9:48 am
Location: Berlin, ger

Post by volka »

session.cookie_domain is marked as PHP_INI_ALL. You should be able to change the value even from within the php script (before session_start() is called)

Code: Select all

<?php
error_reporting(E_ALL);
ini_set('session.cookie_domain', 'mysite.com');

session_start();
User avatar
Think Pink
Forum Contributor
Posts: 106
Joined: Mon Aug 02, 2004 3:29 pm

Post by Think Pink »

is working great. Thx for your time and help.
:D :D
Post Reply