Page 1 of 1

Setting Session Path's and Domains

Posted: Sun Dec 24, 2006 9:27 am
by Superman859
I've been having a lot of trouble getting the sessions/cookies working properly when integrating phpBB forums, but I might have figured out what might fix it...

I think the problem lies within the session path, or where it is active on the domain.

Right now, the session gets created in http://www.learn-korean-now.com/phpBB2/

Using a path of / , it should be accessible to the /phpBB2/ directory and all subfolders, which works. However, it's not active on any directories before that (the root level) and it's subfolders (any other major directories, unless the directory is insit the phpBB2 directory).

How can I set the session path to include the previous level and all subfolders? That should make it active for the entire site, since the previous level is the root level and any directory created would be a subfolder of the root level.

I tried using the typical ../ to back up a level, but that didn't quite work. That made it work on the root level, but it was no longer working in the subfolders. It wouldn't work in phpBB2/ or any other directory I had created.

Any ideas on how to pull this off? This seems to be the cause of my final errors integrating the forums.

Posted: Sun Dec 24, 2006 9:53 am
by Kieran Huggins
"session path" isn't what you think it is, you should avoid this function in php entirely, as it will likely screw up your sessions for sure if you try to use it.

As for phpBB, there are two components that are often misconfigured : cookie domain & cookie path.

"Cookie Domain" should match the domain you're using, and you have to keep sub-domains in mind. The overused 'www' subdomain is why this is typically a problem... for this field use: '.learn-korean-now.com' - that will match both.

"Cookie Path" should be set to '/' - unless you want to restrict the rest of your domain from having access to the cookie, which I doubt in your case.

Let me know if that fixes you problem.

Cheers,
Kieran

Posted: Sun Dec 24, 2006 10:15 am
by Superman859
Unfortunately that doesn't do it.

I installed a mod on the forums recently that adjusts the cookies for you from the defaults. They ended up being configured just as you mentioned.

However, the cookie still isn't always present for the rest of the site, and I have no idea why. The problem is when you log in on the forums, everything seems ok. When you click on a link to the main portion of the site, the cookies/sessions should go with you. However, they don't (always). Sometimes they do, and sometimes they don't.

If you log in on the main site, which POSTs to the forums login.php, it logs you into both the forums and main site as it should. You can switch between the two easily. You can also log out from both easily if you do it through the main site. If you log out from the forums, sometimes it logs you out on the main site, and sometimes it doesn't.

Perhaps the problem isn't with the forums cookie configuration, but in my own. In the forums admin panel, the cookies are set to how you described.

However, I went in and created two sessions on my own when someone successfully logs in. One is $_SESSION['username'], which is just what it says. The other is $_SESSION['member'], which holds either a 0 or a 1 depending on whether or not they are in a specific usergroup.

Do you know if these additional sessions are created and using different session/cookie settings than what is set for the ones in the forums? The forum sessions are all in a MySQL database I believe. I'm not entirely sure about the rest.

Perhaps I should be using session_set_cookie_params() somewhere?

----

If you want to try to reproduce the problem, the domain is learn-korean-now.com and the forums are found at either forums.learn-korean-now.com or learn-korean-now.com/phpBB2/

Username and password will both be beta.

If everything works correctly, when you are on the main site you should see 'Welcome Back, Beta". If you see "Welcome to Learn Korean Now, Beta", everything worked except the transfer of the $_SESSION['member'] setting. If you see login/username fields, then the main site doesn't think you are logged in.

EDIT: SOLVED!!! Finally! I've been trying to figure out how to get this forum integration thing working for DAYS! (and that's working on it several hours every day).

I'm actually completely throwing out my own sessions other than $_SESSION['member']. I put some code that I found that will carry the forum sessions over throughout the rest of your site. That was all fine and good, but they didn't have the usergroup info stored in that table. So I used the query I was using in the login.php page to get member data and put it with the info that carries the forum sessions everywhere. With a few minor changes, I now got it all working!

Posted: Sun Dec 24, 2006 10:46 am
by Kieran Huggins
Superman859 wrote:...created two sessions on my own when someone successfully logs in...
I think we've found a problem... there aren't sessions. You either have a session or you don't. calling session_start() a second time doesn't do anything.

Read: http://www.tizag.com/phpT/phpsessions.php

Also, phpBB won't give you access to any of it's data unless you let it start the session, like so:

Code: Select all

define('IN_PHPBB', true);
$phpbb_root_path = $_SERVER['document_root'].'/phpBB2/';
include($phpbb_root_path . 'extension.inc');
include($phpbb_root_path . 'common.'.$phpEx);

//
// Start session management
//
$userdata = session_pagestart($user_ip, PAGE_INDEX);
init_userprefs($userdata);
//
// End session management
//