Jump to content

session_set_cookie_params help.

marcus

By marcus
in PHP Coding Help

 Share

Recommended Posts

marcus Regular Member

marcus

Posted
Posted

I have recently started a new website and a lot of the content is based off subdomains.

 

How would I use session_set_cookie_params to make it so it basically makes the session valid throughout all the subdomains.

 

I have:

 

session_set_cookie_params(10800,'/','.mysite.com/',true);
session_start();

 

On every page.

Link to comment
Share on other sites
corbin Regular Member

corbin

Posted
Posted

Tested in FF and IE (browser shouldn't matter much, but just in case ;p):

 

session_set_cookie_params(10800,'/','.domain.com');

 

For some reason or other, I think the true on the end was messing wit hti.... I think thats supposed to be an integer and not a bool so that could have been it, but I'm not sure.... All I know is that works and:

 

session_set_cookie_params(10800,'/','.domain.com', true);

 

doesn't.

Link to comment
Share on other sites
corbin Regular Member

corbin

Posted
Posted

Hmmm maybe your secure paramter defaults to something different....

 

<?php

session_set_cookie_params(10800,'/','.no-ip.org', false);

session_start();

$_SESSION['lol'] = (isset($_SESSION['lol'])) ? $_SESSION['lol']+1 : 1;

echo session_id();

print_r($_SESSION['lol']);

?>

 

That works, but the following doesn't:

 

<?php

session_set_cookie_params(10800,'/','.no-ip.org', true);

session_start();

$_SESSION['lol'] = (isset($_SESSION['lol'])) ? $_SESSION['lol']+1 : 1;

echo session_id();

print_r($_SESSION['lol']);

?>

 

(P.S. I was wrong earlier when I said maybe it wasn't supposed to be a bool.)

 

Edit: Oh, I was using two .no-ip.org sites I have to test it by the way ;p.

Link to comment
Share on other sites
corbin Regular Member

corbin

Posted
Posted

The cookie setting has to be on every page (or in the ini) so that PHP knows to accept those cookies too....

 

For now, try using that example script I pasted and see if it works.  If that works, then the concept is working correctly and its just the script of yours that needs tweaking.

Link to comment
Share on other sites
corbin Regular Member

corbin

Posted
Posted

That's because the cookie isn't being read by the second script, meaning either the client is with holding the cookie, or PHP is ignoring it.

 

The session_set_cookie_params needs to be on everypage so that if a session is created, not only is it created globally on that page, but it's read globally on other pages.

 

Also, if you set a cookie with one setting, you need to delete that cookie before testing another way since you'll still have the cookie from before ;p.

Link to comment
Share on other sites
corbin Regular Member

corbin

Posted
Posted

I highly suggest not using cookies to store data.... Well, data that won't be [re]validated by the server.

 

Is it different even on the page you set it on?

 

Try clearing all the cookies you have now and then trying that page again.

 

If it still doesn't work, please post your code.

Link to comment
Share on other sites
marcus Regular Member

marcus

Posted
  • Author
Posted

I cleared all my cookies.

 

CODE:

 

global.php [included on every page]

 

<?php
session_set_cookie_params(10800,'/','.mysite.com', false);
session_start();
#session_destroy();


//---------------MAIN DATABASE---------------//
$db	= array();
$db['user'] = "us_***";
$db['pass'] = "*******";
$db['host'] = "localhost";
$db['base'] = "us_***";
$connect = 1;

if($connect > 0){
$c = mysql_connect($db['host'], $db['user'], $db['pass']) or die("Error connecting to mySQL Database: " . mysql_error());
$d = mysql_select_db($db['base'], $c);
}
//-------------------------------------------//



//--------------INCLUDES---------------------//

#-------FUNCTIONS
if(file_exists( "/home2/us/public_html/includes/functions.php" )){
	include "/home2/us/public_html/includes/functions.php";
}

#-------LANGUAGES
if(file_exists( "/home2/us/public_html/includes/languages.php" )){
	include "/home2/us/public_html/includes/languages.php";
}


//------------------------------------------//
# CHECK LANGUAGE
#checkLang($_COOKIE['ln']);
//-----------------------------------------//

?>

 

login.mysite.com/index.php

<?php
include "/home2/us/public_html/global.php";
$page = $lang[$ln]['login_title'];

layout('header');

if(!$_SESSION['uid']){

if(!$_POST['submit']){
echo "<table border=\"0\" cellspacing=\"3\" cellpadding=\"3\">\n";
echo "<form method=\"post\" action=\"http://login.mysite.com\">\n";
echo "<tr><td>{$lang[$ln]['login_username']}</td><td><input type=\"text\" name=\"username\"></td></tr>\n";
echo "<tr><td>{$lang[$ln]['login_password']}</td><td><input type=\"password\" name=\"password\"></td></tr>\n";
echo "<input type=\"hidden\" name=\"submit\" value=\"1\">\n";
echo "<tr><td colspan=\"2\" align=\"right\"><input type=\"image\" src=\"{$src['input_submit']}\"></td></tr>\n";
echo "</form></table>\n";
}else {
$username = protect($_POST['username']);
$password = protect($_POST['password']);
$errors = array();

	if(!$username){ $errors[] = "You did not supply a username"; }
	if(!$password){ $errors[] = "You did not supply a password"; }

	if($username && $password){

		$sql = "SELECT * FROM `users` WHERE `username`='$username'";
		$res = mysql_query($sql) or die(mysql_error());

		if(mysql_num_rows($res) == 0){ $errors[] = "Invalid username"; }else {
			$pass = md5(sha1($password));
			$sql2 = "SELECT * FROM `users` WHERE `username`='$username' AND `password`='$pass'";
			$res2 = mysql_query($sql2) or die(mysql_error());
				if(mysql_num_rows($res2) == 0){ $errors[] ="Invalid username and password combination"; }
		}
	}

	if(count($errors) > 0){
		foreach($errors AS $error){
		echo $error . "<br>\n";
		}
	}else {
	$pass2 = md5(sha1($password));
	$sql3 = "SELECT * FROM `users` WHERE `username`='$username' AND `password`='$pass2'";
	$res3 = mysql_query($sql3) or die(mysql_error());
	$row = mysql_fetch_assoc($res3);
	$_SESSION['uid'] = $row['id'];
	echo "You have successfully logged in!";
	}
}
}else {
echo "You are already logged in!";
}

layout('footer');
?>

Link to comment
Share on other sites
corbin Regular Member

corbin

Posted
Posted

This is kind of a weird question, but you aren't trying to do this with a subdomain of a subdomain are you?

 

I can't think of a reason as to why that wouldn't work....

 

Does the login page stay logged in if you login then refresh (without correct post data on the refresh)?

 

If it doesn't then the session_set_params is still not working....

Link to comment
Share on other sites
This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to topic listing
×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.