Login, Sessions, Subdomains, buckets of fun!

[milesperhour1086]

Currently, I've got a page, logon.php which contains the form elements username and password. It then passes those to a login.php file which will authenticate them. These pages are located on www.cfddtacoma.org.

Once authenticated, I want to pass them from www.cfddtacoma.org to accessSPSC.cfddtacoma.org but for some reason, the session variables that I set in login.php are not carrying over to accessSPSC.cfddtacoma.org:

[code]
    if(count($result) == 1) {
            $getOtherInfo = "SELECT firstName, lastName FROM membership.memberinfo WHERE userID='" . $result[ID] . "' LIMIT 1";
            $otherInfoQuery = mysql_query($getOtherInfo,$connection) or die(mysql_error());
            $otherInfo = mysql_fetch_array($otherInfoQuery);
            $_SESSION[access] = "granted";
            $_SESSION[firstName] = $otherInfo[firstName];
            $_SESSION[lastName] = $otherInfo[lastName];
            
            header("Location: http://accessSPSC.cfddtacoma.org/");    
        } else
            header("Location: http://www.cfddtacoma.org/Membership/index.php?error=LoginFailed");
[/code]


Then on index.php of accessSPSC.cfddtacoma.org, I have the following check at the top of the page:

[code]
    session_start();
         if($_SESSION[access] != "granted")
        header("Location: http://www.cfddtacoma.org");
[/code]



However, every time I go from logon.php - > login.php - > accessSPSC.cfddtacoma.org, I am redirected to www.cfddtacoma.org because the $_SESSION[access] value is not granted even though my authentication passed. I tried doing this to login.php (the authentication script):

[code]
    ini_set('session.cookie_domain', '.cfddtacoma.org');
    session_start();

    //Authentication stuff

    if(count($result) == 1) {
        $getOtherInfo = "SELECT firstName, lastName FROM membership.memberinfo WHERE userID='" . $result[ID] . "' LIMIT 1";
        $otherInfoQuery = mysql_query($getOtherInfo,$connection) or die(mysql_error());
        $otherInfo = mysql_fetch_array($otherInfoQuery);
        $_SESSION[access] = "granted";
        $_SESSION[firstName] = $otherInfo[firstName];
        $_SESSION[lastName] = $otherInfo[lastName];
            
        header("Location: http://accessSPSC.cfddtacoma.org/");    
    } else
        header("Location: http://www.cfddtacoma.org/Membership/index.php?error=LoginFailed");
    ?>
[/code]


but that doesn't seem to work...probably because I'm not on a personal server but rather a shared one.

I have looked around, how would I set something like this up so that I could use cookies??

[toplay]

1) Check that you have data returned after a fetch and not assume the fetch worked.

2) Use single quotes when specifying associative array indexes (i.e. $_SESSION['access']).

3) Take a look at our session troubleshooting guide:
[a href=\"http://www.phpfreaks.com/forums/index.php?showtopic=31047&view=findpost&p=157705\" target=\"_blank\"]http://www.phpfreaks.com/forums/index.php?...ndpost&p=157705[/a]

Use SID in the header with location (see item # 12). Especially try the small test script listed on item # 10 and report back results.

4) Please note that the header() with location command does not redirect right there and then when it's executed. It actually redirects when your script ends or an exit/die is reached. So, to ensure no logic flow problems in your script, you should have an exit right after every header() with location to force redirection to occur immediately (if that's what you want/expect).