Page 1 of 2
mod_rewrite killing my php sessions
Posted: Thu Feb 22, 2007 8:51 am
by hame22
Hi
I have used mod_rewrite to transform a url such as news-article.php?news_id=1 to news-article1.html
however in doing so mt sessions do not work on these urls.
I currently have a member session and when i get to this page it appears as if they have logged out.
Does anybody have any experience of this problem and know a way to fix it? - I should add that i'm only having this problem in IE
Thanks in advance
Posted: Thu Feb 22, 2007 9:08 am
by Buddha443556
Are you passing session ids via the URL? Try using cookies.
Posted: Thu Feb 22, 2007 9:17 am
by hame22
i'v justed tested again and it is working with no session id in the url, however when it doesnt work a session id appears in the url.
how would I implement cookies
my current login script looks like this:
Code: Select all
function login($username, $password)
{
global $SITE_PATH;
if(isset($_SESSION['valid_user']))
{
$login = 'Y';
//$_SESSION['valid_user'] = $member_id;
$member_id = $_SESSION['valid_user'];
$row = member_query($member_id);
$last_login = $row['last_login'];
$title = $row['title'];
$firstname = $row['firstname'];
$surname = $row['surname'];
$street1 = $row['street1'];
$town = $row['town'];
$county = $row['county'];
$postcode = $row['postcode'];
$country = $row['country'];
$region = $row['region'];
$digest_format = $row['digest_format'];
//$member_id = $row['member_id'];
if(empty($title) || empty($firstname) || empty($surname) || empty($street1) || empty($town) || empty($county) || empty($postcode) || empty($country) || empty($region) || empty($digest_format))
{
//if first login or user has not completed details redirect to their account page
if($_SERVER['REQUEST_URI'] != "/accounts/change-details.php?member_id=$member_id")
{
//only redirect if they are not on that page at present
header('location: '.$SITE_PATH.'accounts/change-details.php?member_id='.$member_id.'');
}
}
}
else {
if ($username && $password)
{
//they have tried to login in
if (login_query($username, $password))
{
$member_id = get_memberid_query($username);
$_SESSION['valid_user'] = $member_id;
$row = member_query($_SESSION['valid_user']);
$last_login = $row['last_login'];
$title = $row['title'];
$firstname = $row['firstname'];
$surname = $row['surname'];
$street1 = $row['street1'];
$town = $row['town'];
$county = $row['county'];
$postcode = $row['postcode'];
$country = $row['country'];
$region = $row['region'];
$digest_format = $row['digest_format'];
$show_email = $row['show_email'];
update_lastlogin_query($member_id); //update when member last logged in
if(empty($last_login) || empty($title) || empty($firstname) || empty($surname) || empty($street1) || empty($town) || empty($county) || empty($postcode) || empty($country) || empty($region) || empty($digest_format))
{
//if first login or user has not completed details redirect to their account page
if($_SERVER['REQUEST_URI'] != "/accounts/change-details.php?member_id=$member_id")
{
//only redirect if they are not on that page at present
header('location: '.$SITE_PATH.'accounts/change-details.php?member_id='.$member_id.'');
}
}
$login = 'Y';
}
else {
//unsuccessful login
//print '<p>You could not be logged in</p>';
//return false;
$login = 'N';
}
}
}
return $login;
}
thanks for your help
Posted: Thu Feb 22, 2007 12:36 pm
by Buddha443556
You would need to fix these runtime configuration settings: session.use_cookies, session.use_only_cookies and, session.use_trans_sid. Either in your php.ini file, htaccess file or using
ini_ set() [before you start the session].
Posted: Thu Feb 22, 2007 12:51 pm
by nickvd
Show us your rewrite rules...
I'd bet that adding "QSA" to the end of your patterns will solve the problem...
Posted: Thu Feb 22, 2007 2:14 pm
by jyhm
Question: is mod_rewrite that important? How much of a risk is it that people know that you use php? I ask because I am ignorant.
Posted: Thu Feb 22, 2007 2:32 pm
by Luke
jyhm wrote:Question: is mod_rewrite that important? How much of a risk is it that people know that you use php? I ask because I am ignorant.
I don't use mod_rewrite (actually what I use is Zend's rewrite router, but same difference) for "hiding that I use php". I use it because these:
http://www.mywebsite.com/articles/how_to_eat_a_carrot
http://www.mywebsite.com/profile/jyhm
is a lot more user-friendly, easily remembered, better looking, and easier to read / share with others and generally more convenient than these:
http://www.mywebsite.com/articles.php?a ... t_a_carrot
http://www.mywebsite.com/profile.php?ac ... rname=jyhm
Posted: Thu Feb 22, 2007 3:00 pm
by jyhm
Ok, thanks for the answer. What if you link to a page called profile.php and depend on the inner workings to create the profile.php?variable=string urls? In other words depend on user interaction. Are there situations that you must init the vars from the getko?
Posted: Thu Feb 22, 2007 3:12 pm
by jyhm
Posted: Fri Feb 23, 2007 3:12 am
by hame22
the main reason i use mod_rewrite is for search engine optimisation, firendlier keyword rich urls generally help your search engine rankings
Posted: Fri Feb 23, 2007 3:15 am
by hame22
my rewrite rules are as below:
Code: Select all
Options +FollowSymLinks
RewriteEngine on
RewriteRule news/(.*).html$ /news/news-article.php?news_id=$1
Options +FollowSymLinks
RewriteEngine on
RewriteRule tj/back-issue(.*)\.html$ /tj/tj-issue.php?tj_id=$1
Options +FollowSymLinks
RewriteEngine on
RewriteRule tj/(.*).html$ /tj/news-article.php?news_id=$1
Options +FollowSymLinks
RewriteEngine on
RewriteRule recruitment/job(.*)\.html$ /recruitment/job.php?job_id=$1
Options +FollowSymLinks
RewriteEngine on
RewriteRule recruitment/(.*).html$ /recruitment/results-list.php?jobs_cat=$1
Options +FollowSymLinks
RewriteEngine on
RewriteRule directories/events/training-event(.*)\.html$ /directories/events/event.php?event_id=$1
Options +FollowSymLinks
RewriteEngine on
RewriteRule directories/events/(.*).html$ /directories/events/category.php?event_catname=$1
Options +FollowSymLinks
RewriteEngine on
RewriteRule directories/venues/venue(.*)\.html$ /directories/venues/venue.php?ven_id=$1
Options +FollowSymLinks
RewriteEngine on
RewriteRule directories/venues/(.*).html$ /directories/venues/location.php?county=$1
Options +FollowSymLinks
RewriteEngine on
RewriteRule directories/suppliers/supplier(.*)\.html$ /directories/suppliers/supplier.php?sup_id=$1
Options +FollowSymLinks
RewriteEngine on
RewriteRule directories/suppliers/(.*).html$ /directories/suppliers/category.php?supp_catname=$1
Options +FollowSymLinks
RewriteEngine on
RewriteRule whitepapers/paper(.*)\.html$ /whitepapers/paper.php?paper_id=$1
Options +FollowSymLinks
RewriteEngine on
RewriteRule whitepapers/(.*).html$ /whitepapers/results.php?cat_name=$1
Posted: Fri Feb 23, 2007 3:35 am
by nickvd
... Is that all in a single .htaccess file?
You only need the options and the rewrite engine statements once...
Try this, I just added [L,QSA] to the end of each rule (and got rid of the extra junk).
Code: Select all
Options +FollowSymLinks
RewriteEngine on
RewriteRule news/(.*).html$ /news/news-article.php?news_id=$1 [L,QSA]
RewriteRule tj/back-issue(.*)\.html$ /tj/tj-issue.php?tj_id=$1 [L,QSA]
RewriteRule tj/(.*).html$ /tj/news-article.php?news_id=$1 [L,QSA]
RewriteRule recruitment/job(.*)\.html$ /recruitment/job.php?job_id=$1 [L,QSA]
RewriteRule recruitment/(.*).html$ /recruitment/results-list.php?jobs_cat=$1 [L,QSA]
RewriteRule directories/events/training-event(.*)\.html$ /directories/events/event.php?event_id=$1 [L,QSA]
RewriteRule directories/events/(.*).html$ /directories/events/category.php?event_catname=$1 [L,QSA]
RewriteRule directories/venues/venue(.*)\.html$ /directories/venues/venue.php?ven_id=$1 [L,QSA]
RewriteRule directories/venues/(.*).html$ /directories/venues/location.php?county=$1 [L,QSA]
RewriteRule directories/suppliers/supplier(.*)\.html$ /directories/suppliers/supplier.php?sup_id=$1 [L,QSA]
RewriteRule directories/suppliers/(.*).html$ /directories/suppliers/category.php?supp_catname=$1 [L,QSA]
RewriteRule whitepapers/paper(.*)\.html$ /whitepapers/paper.php?paper_id=$1 [L,QSA]
RewriteRule whitepapers/(.*).html$ /whitepapers/results.php?cat_name=$1 [L,QSA]
Posted: Fri Feb 23, 2007 4:13 am
by hame22
thanks that is great. While we are taliking htaccess, I have a folder in my site where I use htaccess for user identification, however I would like one of my subdirectories to be publicly available. How do you go about overriding the parent folder htaccess.
thanks again
Posted: Fri Feb 23, 2007 5:16 am
by nickvd
Put a .htaccess file in the folder you want public, and allow it to be so...
Posted: Fri Feb 23, 2007 5:22 am
by hame22
ok so simple!!
so if i simply at a line in htaccess saying "allow all" that will be sufficient?
Sorry if thats a simple question but my knowledge of htaccess is very limited!