Page 1 of 1
authentification prolem
Posted: Tue Oct 24, 2006 5:05 pm
by Think Pink
hello, I have a question about a problem I have
I have a site
http://www.mysite.com lets say.
I have another subdomain of it
http://members.mysite.com/
on
http://members.mysite.com/ users have a a login area. Everything works well, but when they visit
http://www.mysite.com they are not logged in anymore. If they go back, they are logged in.
The scipt that checks for authentification is the main directory, and is included like include ("script.php")
Note that offline everuthying works great.
Also if a ueser loggs out, on
http://www.myswite.com/logout.php if they go back on members.mysite.com they appear as logged in
Any ideea about the prb?
Thx
Posted: Tue Oct 24, 2006 5:46 pm
by volka
What kind of authentication do you use? A session/cookie based or a http-authentication?
Posted: Tue Oct 24, 2006 5:54 pm
by Think Pink
What kind of authentication do you use? A session/cookie based or a http-authentication?
sorry, forgot to mention that.
session
Posted: Tue Oct 24, 2006 6:36 pm
by volka
Then the session_id probably (by default) is transfered as cookie.
Take a look at
http://de2.php.net/session wrote:session.cookie_domain string
session.cookie_domain specifies the domain to set in session_cookie. Default is none at all meaning the host name of the server which generated the cookie according to cookies specification. See also session_get_cookie_params() and session_set_cookie_params().
The client will not send a cookie for the domain
http://www.mysite.com with the request to members.mysite.com
http://wp.netscape.com/newsref/std/cookie_spec.html wrote: domain=DOMAIN_NAME
When searching the cookie list for valid cookies, a comparison of the domain attributes of the cookie is made with the Internet domain name of the host from which the URL will be fetched. If there is a tail match, then the cookie will go through path matching to see if it should be sent. "Tail matching" means that domain attribute is matched against the tail of the fully qualified domain name of the host. A domain attribute of "acme.com" would match host names "anvil.acme.com" as well as "shipping.crate.acme.com".
try
in your php.ini.
Both subdomains are handled by the same webserver?
Posted: Tue Oct 24, 2006 6:43 pm
by Think Pink
Both subdomains are handled by the same webserver?
yes.
Is there a eway to change settongs in php.ini form a htacces file? I don't have access to server
Posted: Tue Oct 24, 2006 6:47 pm
by volka
session.cookie_domain is marked as PHP_INI_ALL. You should be able to change the value even from within the php script (before session_start() is called)
Code: Select all
<?php
error_reporting(E_ALL);
ini_set('session.cookie_domain', 'mysite.com');
session_start();
Posted: Tue Oct 24, 2006 7:06 pm
by Think Pink
is working great. Thx for your time and help.
