adman4054 Posted April 9, 2015 Share Posted April 9, 2015 Looking for some help with what Im assuming is a session variable. As you can tell, Im not a coder. I have software that checks to see if the user is signed in as an administrator, if they are, then a message should appear. Here is the code: if (isset($_SESSION['un']) && isset($_SESSION['pw']) && $adminFreeListing ) { ?> <td><font color="#FF0000"> Admin - Is this a free listing? </font> </td> <td><input name="free" type="radio" value="N" <?php if (!isset($_POST['free']) OR $_POST['free'] == 'N') { echo " checked"; } ?> > No <input type="radio" name="free" value="Y" <?php if ( $_POST['free'] == 'Y') { echo " checked"; } ?> It works about 50% of the time and Im not sure why. It guessing it might have something to do with multiple copies of the same software (used for different sites) and or the use of subdirectories example.example.com and example1.example.com. Those are just guesses on my part. So my question is how can I make it work all the time. Is there a different method I might be able to use? Im not sure if this is enough information to lend me a hand, regardless, thanks for looking at it. Quote Link to comment Share on other sites More sharing options...
gizmola Posted April 9, 2015 Share Posted April 9, 2015 Well this is simple code. Those 3 variables must be set for this block of code to execute. Otherwise it will be skipped. If any of those 3 variables are not set (and the last variable must exist AND be set to TRUE) then things won't work. Why might that be the case? Well, this indicates that it's part of a bigger system. So obviously if there's login occurring, your session setup is important. If you are not sharing sessions across your domain 'example.com' then that could explain the problem. You can try this: Edit your server php.ini and alter this parameter: session.cookie_domain session.cookie_domain = '.example.com' If the problem goes away you know that was the issue. Quote Link to comment Share on other sites More sharing options...
adman4054 Posted April 9, 2015 Author Share Posted April 9, 2015 Thank you for the quick informative reply. I have this software running on a server with 20+ other installations, is there another way to make this entry, ie, htaccess, in the code itself? thanks Quote Link to comment Share on other sites More sharing options...
gizmola Posted April 9, 2015 Share Posted April 9, 2015 Yes, http://php.net/manual/en/function.session-set-cookie-params.php can be issued in the code. The problem is that you will need this call to occur just before the session_start() call. Hopefully your system has that occur in a shared class, function or included file where you can make the change and have it seen throughout the scripts. You might already have surmised that sessions depend on cookies, and this is really a mechanism of how cookies work and the built in protections. You can do some investigation in advance of trying this, by looking at your cookies and seeing what the specific cookie(s) are that are being pushed from your server to determine if this might be the problem or not. 1 Quote Link to comment Share on other sites More sharing options...
adman4054 Posted April 9, 2015 Author Share Posted April 9, 2015 Really appreciate you spending the time. Like I said in my earlier post there are two subdomains in which an administrator can sign in. example.example.com and example1.example.com. The [dot] example being the same domain. if they come in on example1.example.com it seems to work consistently, if they come in on example.example.com, it only works 50% of the time. I can see the cookies and those domains and subs are listed as the cookies. Is there a way to have it validate with just the domain, ie., example.com? at the top of the page is: <?php session_start(); define('example_DIRECTORY',true); include("../inc/common.php"); thanks again! Quote Link to comment Share on other sites More sharing options...
Solution gizmola Posted April 9, 2015 Solution Share Posted April 9, 2015 Yes, then it appears that you have proved the supposition. Try the set_session_cookie_params function as I advised previously. It needs to go right before the session_start(). Something like this should work: // Set the new params based on the existing ones $currentCookieParams = session_get_cookie_params(); session_set_cookie_params( $currentCookieParams["lifetime"], $currentCookieParams["path"], '.example.com', $currentCookieParams["secure"], $currentCookieParams["httponly"] ); session_start(); define('example_DIRECTORY',true); include("../inc/common.php"); Just to restate -- this only works if this same code is being called everywhere that session_start() is being called. If this is literally included at the top of a number of different scripts, it needs to be added to everyone of those scripts. Hopefully that is not the case, and you only have to add the code in one place. Quote Link to comment Share on other sites More sharing options...
adman4054 Posted April 10, 2015 Author Share Posted April 10, 2015 Thank you for taking the time to help me with this. I learned a lot and truly appreciate your help. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.