Jump to content

Recommended Posts

Hey guys,

 

I have recently made progress on my site, but came to do something savvy with it, and something has started destroying my session vars.

 

Say I had $_SESSION['hello'] set to "true", when a user visits one page, it asks for $_POST details, and depending on what the post details are.. uses the header() function to redirect the user to a page to edit their website.

 

My only problem is that if they go to this script after having the session "hello" set, when they're redirected by the header() function, the session isn't set anymore?

 

Is there a quick solution to this, or should I just use cookies for this?

Link to comment
https://forums.phpfreaks.com/topic/203677-header-function-is-killing-my-sessions/
Share on other sites

Using cookies would likely have the same problem because by default the session id is propagated between pages using a cookie. You need to troubleshoot why your code is not working.

 

Is your header() redirect changing the hostname/subdomain (i.e. changing to/from www. and no-www.) on the URL or going to a different path on the end of the URL from where the session was started?

Yes. They can use a subdomain, because I have set a wildcard dns record to redirect all subdomains to my one script which then checks the subdomain, puts it into a var and checks it.. then it uses header()

 

How can this be fixed so that my sessions stay the same?

Look in your cookies on your browser for the PHP session cookie - I'll bet it's locked to the subdomain it's been assigned from.  Look up http://us2.php.net/manual/en/function.session-set-cookie-params.php and see about changing the $domain to be the root domain so the cookie is set in example.com instead of www.example.com.

Do you have

session_start();

on each of your pages?

Lol, yes.

 

Look in your cookies on your browser for the PHP session cookie - I'll bet it's locked to the subdomain it's been assigned from.  Look up http://us2.php.net/manual/en/function.session-set-cookie-params.php and see about changing the $domain to be the root domain so the cookie is set in example.com instead of www.example.com.

Thanks. One last thing: Would 0 enable the lifetime to ulimited?

 

session_set_cookie_params(0, '/', '.example.com');

yes?

Okay, well I now have this in each page:

 

session_start();
session_set_cookie_params(0, '/', '.example.net');

 

But after a session is set, if i go to a subdomain.. it doesn't seem to work. Or maybe I have to set the params before starting the session?

The session is being set from www. or no subdomain, and then it can be accessed from ww. or no subdomain, but if i use a subdomain.. BOOM it wont work.

 

I do still have this on each page though:

  session_set_cookie_params(0, '/', '.example.net');
  SESSION_START();

Any chance you are switching between http and https as well? Are these subdomains actually hosted on the same server as the main domain?

 

Post the full URL's (i.e. http://subdomain.domain.com/path/file.php) that you are using that don't work when you switch between them (xxxxx out the actual subdomain and domain if you don't want to post them, but show everything else as it actually is.)

Session is set from:

 

http://www.example.net/login.php

 

Then the session works on:

 

http://www.example.net/site/hello

 

But does NOT work on:

 

http://hello.example.net/site/hello

 

Note: I have a wildcard dns record set which redirects all subdomains to one script on the main domain, and then the main domain asks if theres a subdomain.. if so uses header() to send them to another script.. but the sessions dont work here. If I just go to www. the sessions DO work.

When you examine the session id cookie in your browser while at each URL, what do you get?

 

If you start a session at the http://hello.example.net/site/hello address and stay at that address, does the session work?

I don't really know how i'd go about testing that, tbh.

 

But this is the script which all subdomains redirect to:

 

<?PHP
      session_set_cookie_params(0, '/', '.example.net');
      SESSION_START();
      $subdomain = str_replace("example.net", "", str_replace(".example.net", "", $_SERVER['HTTP_HOST']));
      // Detect whether we're on the main website or a subdomain
      if ($subdomain == "www" || empty($subdomain)) {
            // On the main website
            header("Location: /title.php");
      } else {
            // On a subdomain
            header("Location: /site/" . $subdomain );
      }
?>

 

Would this script interrupt the sessions at all?

Any chance of doing this -

When you examine the session id cookie in your browser while at each URL, what do you get?

Do the values match what you are putting into session_set_cookie_params()?

 

You are the only one here who can investigate what is happening on your server.

In your browser you should be able to view the cookie.  I.e, in  Firefox, go to preferences->privacy->show cookies.  Find your cookie by tying in your root address in the search box and tell us what shows up under "Site."  If you're seeing all your subdomains (assuming that you're restarted the browser and thus cleared out your previous attempts) then something is not working as expected, but it may help identify what might be going on.

 

I wonder if you should leave off the leading "." in the domain so the command is:

 

session_set_cookie_params(0, '/', 'example.net');

 

I honestly don't know whether that will make a difference or not, though.

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.