X51 Posted January 15, 2012 Share Posted January 15, 2012 I have a login page that after logging in it sets a session $_SESSION['user_info'] = $_POST['username']; and takes me to a start page (and checks for the session) which all works wonderfully. The problem is that no matter what link is clicked on that page it takes me to the login page again after checking to see if that same session is set session_start(); if(!isset($_SESSION['user_info'])){ header("Location: http://website.com/folder/log_in.php"); } After logging in a second time every link on that same start page works wonderfully. If it works the second time why not the first? Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted January 15, 2012 Share Posted January 15, 2012 It's likely that the host-name/subdomain (www. vs no www.) in the URLs are changing back and forth (between having and not having the www. on them) and the session id cookie only matches the URL variation where it was set at and when you are redirecting around, you finally end up going between pages that all have the same host-name (or lack thereof) in the URL. If this is the case, here are some things you can do to fix the problem - 1) You should set up a .htaccess redirect to force all URL's to goto a single variation of your domain, 2) You should be constant in your code to always build links/redirects with the same variation of your domain, 3) You should set the session.cookie_domain setting to be .yourdomain.com (with the leading dot . ) to get the session id cookie to match all variations of your domain. Also, if this has to do with the session only working within one /folder/ path, you need to set the session.cookie_path setting to a '/' (it is by default) so that the session id cookie will match all paths of your domain. (This is like the 4th time in the past week or so where I have posted this, you guys must all be in the same programming class.) Quote Link to comment Share on other sites More sharing options...
X51 Posted January 15, 2012 Author Share Posted January 15, 2012 It was as simple as that. Thanks for the help Quote Link to comment Share on other sites More sharing options...
X51 Posted January 16, 2012 Author Share Posted January 16, 2012 So this is the fix I used. Does it look correct for a 2 hour session? session_set_cookie_params(120 * 60, '/', '.domain.com'); session_start(); Quote Link to comment Share on other sites More sharing options...
PFMaBiSmAd Posted January 16, 2012 Share Posted January 16, 2012 Yes for the 2nd and 3rd parameters. However, the first parameter is for the session cookie lifetime. That does not exactly define how long the session lasts. That defines how long the session id cookie will remain valid after all instances of the browser have been closed. Since the session also involves the session data that is stored on the server, if your intent is for a session to remain valid for two hours after the browser has been closed, you would also need to extend the session.gc_maxlifetime setting a like amount (on a shared web server this will require that you store the session data files in your own folder so that only your session.gc_maxlifetime setting will affect the files.) Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.