Jump to content

Login, Sessions, Subdomains, buckets of fun!


Recommended Posts

Currently, I've got a page, logon.php which contains the form elements username and password. It then passes those to a login.php file which will authenticate them. These pages are located on www.cfddtacoma.org.

Once authenticated, I want to pass them from www.cfddtacoma.org to accessSPSC.cfddtacoma.org but for some reason, the session variables that I set in login.php are not carrying over to accessSPSC.cfddtacoma.org:

[code]
    if(count($result) == 1) {
            $getOtherInfo = "SELECT firstName, lastName FROM membership.memberinfo WHERE userID='" . $result[ID] . "' LIMIT 1";
            $otherInfoQuery = mysql_query($getOtherInfo,$connection) or die(mysql_error());
            $otherInfo = mysql_fetch_array($otherInfoQuery);
            $_SESSION[access] = "granted";
            $_SESSION[firstName] = $otherInfo[firstName];
            $_SESSION[lastName] = $otherInfo[lastName];
            
            header("Location: http://accessSPSC.cfddtacoma.org/");    
        } else
            header("Location: http://www.cfddtacoma.org/Membership/index.php?error=LoginFailed");
[/code]


Then on index.php of accessSPSC.cfddtacoma.org, I have the following check at the top of the page:

[code]
    session_start();
         if($_SESSION[access] != "granted")
        header("Location: http://www.cfddtacoma.org");
[/code]



However, every time I go from logon.php - > login.php - > accessSPSC.cfddtacoma.org, I am redirected to www.cfddtacoma.org because the $_SESSION[access] value is not granted even though my authentication passed. I tried doing this to login.php (the authentication script):

[code]
    ini_set('session.cookie_domain', '.cfddtacoma.org');
    session_start();

    //Authentication stuff

    if(count($result) == 1) {
        $getOtherInfo = "SELECT firstName, lastName FROM membership.memberinfo WHERE userID='" . $result[ID] . "' LIMIT 1";
        $otherInfoQuery = mysql_query($getOtherInfo,$connection) or die(mysql_error());
        $otherInfo = mysql_fetch_array($otherInfoQuery);
        $_SESSION[access] = "granted";
        $_SESSION[firstName] = $otherInfo[firstName];
        $_SESSION[lastName] = $otherInfo[lastName];
            
        header("Location: http://accessSPSC.cfddtacoma.org/");    
    } else
        header("Location: http://www.cfddtacoma.org/Membership/index.php?error=LoginFailed");
    ?>
[/code]


but that doesn't seem to work...probably because I'm not on a personal server but rather a shared one.

I have looked around, how would I set something like this up so that I could use cookies??
Link to comment
Share on other sites

1) Check that you have data returned after a fetch and not assume the fetch worked.

2) Use single quotes when specifying associative array indexes (i.e. $_SESSION['access']).

3) Take a look at our session troubleshooting guide:
[a href=\"http://www.phpfreaks.com/forums/index.php?showtopic=31047&view=findpost&p=157705\" target=\"_blank\"]http://www.phpfreaks.com/forums/index.php?...ndpost&p=157705[/a]

Use SID in the header with location (see item # 12). Especially try the small test script listed on item # 10 and report back results.

4) Please note that the header() with location command does not redirect right there and then when it's executed. It actually redirects when your script ends or an exit/die is reached. So, to ensure no logic flow problems in your script, you should have an exit right after every header() with location to force redirection to occur immediately (if that's what you want/expect).


Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.