Jump to content

[SOLVED] $_SESSION['face'] = "want to rip of my";


Recommended Posts

ok i have an issue with sessions not working right the first time around. from the second submit and on it works fine. i also have this problem currently when signing into facebook. im not sure if its my os/browser but im sure a thorough session script would help me out quite a bit.

Link to comment
https://forums.phpfreaks.com/topic/177924-solved-_sessionface-want-to-rip-of-my/
Share on other sites

from the second submit and on it works fine
Sounds like you are switching the URL for a page from one that has a www. to one that does not or visa-versa and your session cookie parameters are not setup to match URL's both with and without a www. on them.

yeah i do. also i notice when i load the page i get the one PHPSESSID header entry but when i submit the form and from that point on i have two header entries for PHPSESSID. keep in mind it is from that second submit on it works as expected.

Do you have session_start(); at the top of all pages?

that sounds like that may be it. considering visitors will encounter the same issue depending on how they get to the page how would i solve that.

 

from the second submit and on it works fine
Sounds like you are switching the URL for a page from one that has a www. to one that does not or visa-versa and your session cookie parameters are not setup to match URL's both with and without a www. on them.

dude you couldnt have been more right. i hope this is the real problem and solution. if not, please say so. my fix is as stated below.

if (!$_SESSION['whateversession'])
{
header ("Location: http://whateverurl.com");
}

 

from the second submit and on it works fine
Sounds like you are switching the URL for a page from one that has a www. to one that does not or visa-versa and your session cookie parameters are not setup to match URL's both with and without a www. on them.

this is also problematic but closer. im have trouble finding the correct way to retrieve the url from the header. all i see so far are several commands that reconstruct what should be the url but it doesnt actually pull it from the current header.

the goal would be something like

 

if (however i can pull and check the actual url from header)
{
header ("Location: http://whateverurl.com");
}

 

dude you couldnt have been more right. i hope this is the real problem and solution. if not, please say so. my fix is as stated below.

if (!$_SESSION['whateversession'])
{
header ("Location: http://whateverurl.com");
}

 

from the second submit and on it works fine
Sounds like you are switching the URL for a page from one that has a www. to one that does not or visa-versa and your session cookie parameters are not setup to match URL's both with and without a www. on them.

http_host will always return with a www. so it is not an accurate method of discovery and recontrutin the url wont do any good because i would be telling my script what it wants to hear not actually checking the header url.

 

 

You mean something like this?

function getFullURL() {
    $protocol = $_SERVER['HTTPS'] == 'on' ? 'https' : 'http';
    return $protocol.'://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
}

that was incorrect. it will not always return that. thx crayon. sorry.

 

http_host will always return with a www. so it is not an accurate method of discovery and recontrutin the url wont do any good because i would be telling my script what it wants to hear not actually checking the header url.

 

 

You mean something like this?

function getFullURL() {
    $protocol = $_SERVER['HTTPS'] == 'on' ? 'https' : 'http';
    return $protocol.'://'.$_SERVER['HTTP_HOST'].$_SERVER['REQUEST_URI'];
}

OR you could always set the session.cookie_domain so that it matches your domain no matter what hostname/subdomain is being used -

 

http://www.php.net/manual/en/function.session-set-cookie-params.php

http://www.php.net/manual/en/session.configuration.php#ini.session.cookie-domain

as far as i can tell im using server side sessions. i try to stear clear of anything requiring more then html and css on the client side. thats pretty much the direction the web is taking, thus moving animations to css3. also you may find this helpful when designing your own sites, not that your a noob at all. just the direction of things as i interpret them.

 

Use a text browser such as Lynx to examine your site, because most search engine spiders see your site much as Lynx would. If fancy features such as JavaScript, cookies, session IDs, frames, DHTML, or Flash keep you from seeing all of your site in a text browser, then search engine spiders may have trouble crawling your site.

http://www.google.com/support/webmasters/bin/answer.py?hl=en&answer=35769#1

 

OR you could always set the session.cookie_domain so that it matches your domain no matter what hostname/subdomain is being used -

 

http://www.php.net/manual/en/function.session-set-cookie-params.php

http://www.php.net/manual/en/session.configuration.php#ini.session.cookie-domain

Ummm. By default, the session id is passed between pages using a cookie, which is why when you were changing between www. and no-www. that sessions weren't working. The hostname/subdomain where the sesison id cookie was created did not match the hostname/subdomain you switched to. By setting the session.cookie_domain so that it matches all hostnames/subdomains of your domain, the session id cookie will be sent by the browser with the requests matching your domain, regardless of any hostname/subdomain in the URL.

that makes sense but i followed everything i saw in regards to using server sessions. ill turn off my cookies later and try. if what you are saying is the case how do insure to use only server sessions. i gave no instruction to create a cookie but that doesnt mean it aint so.

 

Ummm. By default, the session id is passed between pages using a cookie, which is why when you were changing between www. and no-www. that sessions weren't working. The hostname/subdomain where the sesison id cookie was created did not match the hostname/subdomain you switched to. By setting the session.cookie_domain so that it matches all hostnames/subdomains of your domain, the session id cookie will be sent by the browser with the requests matching your domain, regardless of any hostname/subdomain in the URL.

starting a session automatically tries to create a cookie to store the session id.  Failing that, the session ID can be passed via the url.  Or manually doing it by storing and retrieving a session id in a flatfile or db and manually setting the session id.

yeah i turned off cookies and thats a fact. ive been looking to see how to direct it to the flatfile. i dont imagine it works just by writing to the file, still need to tell it not to send it to the browser somehow correct? ill keep looking and checking back here. thx guys.

 

starting a session automatically tries to create a cookie to store the session id.  Failing that, the session ID can be passed via the url.  Or manually doing it by storing and retrieving a session id in a flatfile or db and manually setting the session id.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.