Page 1 of 2

mod_rewrite killing my php sessions

Posted: Thu Feb 22, 2007 8:51 am
by hame22
Hi

I have used mod_rewrite to transform a url such as news-article.php?news_id=1 to news-article1.html

however in doing so mt sessions do not work on these urls.

I currently have a member session and when i get to this page it appears as if they have logged out.

Does anybody have any experience of this problem and know a way to fix it? - I should add that i'm only having this problem in IE

Thanks in advance

Posted: Thu Feb 22, 2007 9:08 am
by Buddha443556
Are you passing session ids via the URL? Try using cookies.

Posted: Thu Feb 22, 2007 9:17 am
by hame22
i'v justed tested again and it is working with no session id in the url, however when it doesnt work a session id appears in the url.


how would I implement cookies

my current login script looks like this:

Code: Select all

function login($username, $password)
{
	global $SITE_PATH;
	
	if(isset($_SESSION['valid_user']))
	{
		$login = 'Y';
		
		//$_SESSION['valid_user']	=	$member_id;
		$member_id = $_SESSION['valid_user'];
					
		$row 					= member_query($member_id);
		$last_login 			= $row['last_login'];
		$title					= $row['title'];
		$firstname				= $row['firstname'];
		$surname				= $row['surname'];
		$street1				= $row['street1'];
		$town					= $row['town'];
		$county					= $row['county'];
		$postcode				= $row['postcode'];
		$country				= $row['country'];
		$region					= $row['region'];
		$digest_format			= $row['digest_format'];
		//$member_id				= $row['member_id'];
		
		if(empty($title) || empty($firstname) || empty($surname) || empty($street1) || empty($town) || empty($county) || empty($postcode) || empty($country) || empty($region) || empty($digest_format))
				{
					//if first login or user has not completed details redirect to their account page
					if($_SERVER['REQUEST_URI'] != "/accounts/change-details.php?member_id=$member_id")
					{
						//only redirect if they are not on that page at present
						header('location: '.$SITE_PATH.'accounts/change-details.php?member_id='.$member_id.'');
					}
				}
		}
	else {
		if ($username && $password)
		{
			//they have tried to login in
			if (login_query($username, $password))
			{
				$member_id 				= get_memberid_query($username);
				$_SESSION['valid_user']	=	$member_id;
				
				
				$row 					= member_query($_SESSION['valid_user']);
				$last_login 			= $row['last_login'];
				$title					= $row['title'];
				$firstname				= $row['firstname'];
				$surname				= $row['surname'];
				$street1				= $row['street1'];
				$town					= $row['town'];
				$county					= $row['county'];
				$postcode				= $row['postcode'];
				$country				= $row['country'];
				$region					= $row['region'];
				$digest_format			= $row['digest_format'];
				$show_email				= $row['show_email'];
				
				update_lastlogin_query($member_id); //update when member last logged in
				
				if(empty($last_login) || empty($title) || empty($firstname) || empty($surname) || empty($street1) || empty($town) || empty($county) || empty($postcode) || empty($country) || empty($region) || empty($digest_format))
				{
					//if first login or user has not completed details redirect to their account page
					if($_SERVER['REQUEST_URI'] != "/accounts/change-details.php?member_id=$member_id")
					{
						//only redirect if they are not on that page at present
						header('location: '.$SITE_PATH.'accounts/change-details.php?member_id='.$member_id.'');
					}
				}
				$login = 'Y';
			}
			else {
				//unsuccessful login
				//print '<p>You could not be logged in</p>';
				//return false;
				$login = 'N';
			}
		}	
	}
	return $login;
}

thanks for your help

Posted: Thu Feb 22, 2007 12:36 pm
by Buddha443556
You would need to fix these runtime configuration settings: session.use_cookies, session.use_only_cookies and, session.use_trans_sid. Either in your php.ini file, htaccess file or using ini_ set() [before you start the session].

Posted: Thu Feb 22, 2007 12:51 pm
by nickvd
Show us your rewrite rules...

I'd bet that adding "QSA" to the end of your patterns will solve the problem...

Posted: Thu Feb 22, 2007 2:14 pm
by jyhm
Question: is mod_rewrite that important? How much of a risk is it that people know that you use php? I ask because I am ignorant.

Posted: Thu Feb 22, 2007 2:32 pm
by Luke
jyhm wrote:Question: is mod_rewrite that important? How much of a risk is it that people know that you use php? I ask because I am ignorant.
I don't use mod_rewrite (actually what I use is Zend's rewrite router, but same difference) for "hiding that I use php". I use it because these:

http://www.mywebsite.com/articles/how_to_eat_a_carrot
http://www.mywebsite.com/profile/jyhm

is a lot more user-friendly, easily remembered, better looking, and easier to read / share with others and generally more convenient than these:

http://www.mywebsite.com/articles.php?a ... t_a_carrot
http://www.mywebsite.com/profile.php?ac ... rname=jyhm

Posted: Thu Feb 22, 2007 3:00 pm
by jyhm
Ok, thanks for the answer. What if you link to a page called profile.php and depend on the inner workings to create the profile.php?variable=string urls? In other words depend on user interaction. Are there situations that you must init the vars from the getko?

Posted: Thu Feb 22, 2007 3:12 pm
by jyhm
You know, I think I understand.

www.loose-weight.com/OMG_you_are_a_major_fat_@ss
would look better as:
www.loose-weight.com/you_can_do_it

Posted: Fri Feb 23, 2007 3:12 am
by hame22
the main reason i use mod_rewrite is for search engine optimisation, firendlier keyword rich urls generally help your search engine rankings

Posted: Fri Feb 23, 2007 3:15 am
by hame22
my rewrite rules are as below:

Code: Select all

Options +FollowSymLinks
RewriteEngine on
RewriteRule news/(.*).html$ /news/news-article.php?news_id=$1



Options +FollowSymLinks
RewriteEngine on
RewriteRule tj/back-issue(.*)\.html$ /tj/tj-issue.php?tj_id=$1


Options +FollowSymLinks
RewriteEngine on
RewriteRule tj/(.*).html$ /tj/news-article.php?news_id=$1



Options +FollowSymLinks
RewriteEngine on
RewriteRule recruitment/job(.*)\.html$ /recruitment/job.php?job_id=$1

Options +FollowSymLinks
RewriteEngine on
RewriteRule recruitment/(.*).html$ /recruitment/results-list.php?jobs_cat=$1



Options +FollowSymLinks
RewriteEngine on
RewriteRule directories/events/training-event(.*)\.html$ /directories/events/event.php?event_id=$1


Options +FollowSymLinks
RewriteEngine on
RewriteRule directories/events/(.*).html$ /directories/events/category.php?event_catname=$1




Options +FollowSymLinks
RewriteEngine on
RewriteRule directories/venues/venue(.*)\.html$ /directories/venues/venue.php?ven_id=$1


Options +FollowSymLinks
RewriteEngine on
RewriteRule directories/venues/(.*).html$ /directories/venues/location.php?county=$1



Options +FollowSymLinks
RewriteEngine on
RewriteRule directories/suppliers/supplier(.*)\.html$ /directories/suppliers/supplier.php?sup_id=$1



Options +FollowSymLinks
RewriteEngine on
RewriteRule directories/suppliers/(.*).html$ /directories/suppliers/category.php?supp_catname=$1



Options +FollowSymLinks
RewriteEngine on
RewriteRule whitepapers/paper(.*)\.html$ /whitepapers/paper.php?paper_id=$1

Options +FollowSymLinks
RewriteEngine on
RewriteRule whitepapers/(.*).html$ /whitepapers/results.php?cat_name=$1

Posted: Fri Feb 23, 2007 3:35 am
by nickvd
... Is that all in a single .htaccess file?

You only need the options and the rewrite engine statements once...

Try this, I just added [L,QSA] to the end of each rule (and got rid of the extra junk).

Code: Select all

Options +FollowSymLinks
RewriteEngine on
RewriteRule news/(.*).html$ /news/news-article.php?news_id=$1 [L,QSA]
RewriteRule tj/back-issue(.*)\.html$ /tj/tj-issue.php?tj_id=$1 [L,QSA]
RewriteRule tj/(.*).html$ /tj/news-article.php?news_id=$1 [L,QSA]
RewriteRule recruitment/job(.*)\.html$ /recruitment/job.php?job_id=$1 [L,QSA]
RewriteRule recruitment/(.*).html$ /recruitment/results-list.php?jobs_cat=$1 [L,QSA]
RewriteRule directories/events/training-event(.*)\.html$ /directories/events/event.php?event_id=$1 [L,QSA]
RewriteRule directories/events/(.*).html$ /directories/events/category.php?event_catname=$1 [L,QSA]
RewriteRule directories/venues/venue(.*)\.html$ /directories/venues/venue.php?ven_id=$1 [L,QSA]
RewriteRule directories/venues/(.*).html$ /directories/venues/location.php?county=$1 [L,QSA]
RewriteRule directories/suppliers/supplier(.*)\.html$ /directories/suppliers/supplier.php?sup_id=$1 [L,QSA]
RewriteRule directories/suppliers/(.*).html$ /directories/suppliers/category.php?supp_catname=$1 [L,QSA]
RewriteRule whitepapers/paper(.*)\.html$ /whitepapers/paper.php?paper_id=$1 [L,QSA]
RewriteRule whitepapers/(.*).html$ /whitepapers/results.php?cat_name=$1 [L,QSA]

Posted: Fri Feb 23, 2007 4:13 am
by hame22
thanks that is great. While we are taliking htaccess, I have a folder in my site where I use htaccess for user identification, however I would like one of my subdirectories to be publicly available. How do you go about overriding the parent folder htaccess.

thanks again

Posted: Fri Feb 23, 2007 5:16 am
by nickvd
Put a .htaccess file in the folder you want public, and allow it to be so...

Posted: Fri Feb 23, 2007 5:22 am
by hame22
ok so simple!!

so if i simply at a line in htaccess saying "allow all" that will be sufficient?

Sorry if thats a simple question but my knowledge of htaccess is very limited!