Improve company productivity with a Business Account.Sign Up

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 480
  • Last Modified:

Domain Masking is canceling my php session variables

K so i have a php script, here it is minus the database info

<?PHP
session_start();
//require_once($_SERVER['DOCUMENT_ROOT'] . "/include/database.class.php");

//require("/home//public_html/include/database.class.php");

$username_lookup = rtrim($_SERVER['REDIRECT_URL'],'/');
preg_match('/\/[A-Za-z0-9_\- ]+$/', $_SERVER['REDIRECT_URL'], $matches);
$username_lookup = substr(trim($matches[0]),1);

if($username_lookup){
      //$db = new database();
      //$db = new database();
      //$db = new database();
      
      $ho =
   $us =
   $pa =
   $dbName =

   // connect and select the database
   $conn = mysql_connect($ho, $us, $pa) or die(mysql_error());
   $db = mysql_select_db($dbName, $conn) or die(mysql_error());
      //$db = new database

      unset($_SESSION["user"]);
$a = 1;
$b = 5;
      
      if($a<$b){
            $_SESSION["user"]["username"] = strtolower($username_lookup);
      }
      
      if($username_lookup == 'clearsession'){
            unset($_SESSION["user"]);
      }
}

if(!$_SESSION["user"]["username"]){
      header("Location: /real404.php");
}else{
      //header("Location: /index.php");
      include('index.php');
}

echo "<!--" . @$_SESSION["user"]["username"] . "-->";
?>


Basically it uses a 404 error when someone types in a web address say www.cool.com/4356 it searches the database to see if there is a 4356 and displays it as a replicated site if there is and returns a 404 error if it doesnt.  Everything works great.  People can put links into their site as well say www.cool.com/4356 .   Problem is people are getting there own domain names say www.irock.com and forward it with domain masking to www.cool.com/4356 .  In firefox it works fine but in IE it is not setting the session variables.  Has anyone heard of this bug before or any way around it?
0
Brant Snow
Asked:
Brant Snow
  • 2
1 Solution
 
Richard QuadlingSenior Software DeveloperCommented:
My first step would be to make sure you are using clean browsers - clear cache and cookies - obviously this isn't what you would want to do on your live machine, so a Virtual Machine is probably the real first step. By using a VM, you can present a 100% clean environment each time.

Secondly, I'd use WireShark to watch the requests and see what cookies are passed around to see if there is really an issue.

Also, make sure your header('Location: xxxx'); is a fully qualified address ... http://www.somesite.com/page.ext. That is the correct way. Sure, browsers accept relative addresses, but, just maybe, you've got an edge-case.

Bypass that possibility by obeying the standard.


With WireShark can you tell us what cookies are being received and sent?
0
 
Richard QuadlingSenior Software DeveloperCommented:
What was the solution?
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

  • 2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now