Solved

Domain Masking is canceling my php session variables

Posted on 2008-10-13
2
465 Views
Last Modified: 2013-12-13
K so i have a php script, here it is minus the database info

<?PHP
session_start();
//require_once($_SERVER['DOCUMENT_ROOT'] . "/include/database.class.php");

//require("/home//public_html/include/database.class.php");

$username_lookup = rtrim($_SERVER['REDIRECT_URL'],'/');
preg_match('/\/[A-Za-z0-9_\- ]+$/', $_SERVER['REDIRECT_URL'], $matches);
$username_lookup = substr(trim($matches[0]),1);

if($username_lookup){
      //$db = new database();
      //$db = new database();
      //$db = new database();
      
      $ho =
   $us =
   $pa =
   $dbName =

   // connect and select the database
   $conn = mysql_connect($ho, $us, $pa) or die(mysql_error());
   $db = mysql_select_db($dbName, $conn) or die(mysql_error());
      //$db = new database

      unset($_SESSION["user"]);
$a = 1;
$b = 5;
      
      if($a<$b){
            $_SESSION["user"]["username"] = strtolower($username_lookup);
      }
      
      if($username_lookup == 'clearsession'){
            unset($_SESSION["user"]);
      }
}

if(!$_SESSION["user"]["username"]){
      header("Location: /real404.php");
}else{
      //header("Location: /index.php");
      include('index.php');
}

echo "<!--" . @$_SESSION["user"]["username"] . "-->";
?>


Basically it uses a 404 error when someone types in a web address say www.cool.com/4356 it searches the database to see if there is a 4356 and displays it as a replicated site if there is and returns a 404 error if it doesnt.  Everything works great.  People can put links into their site as well say www.cool.com/4356 .   Problem is people are getting there own domain names say www.irock.com and forward it with domain masking to www.cool.com/4356 .  In firefox it works fine but in IE it is not setting the session variables.  Has anyone heard of this bug before or any way around it?
0
Comment
Question by:Brant Snow
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 2
2 Comments
 
LVL 40

Accepted Solution

by:
Richard Quadling earned 500 total points
ID: 22709448
My first step would be to make sure you are using clean browsers - clear cache and cookies - obviously this isn't what you would want to do on your live machine, so a Virtual Machine is probably the real first step. By using a VM, you can present a 100% clean environment each time.

Secondly, I'd use WireShark to watch the requests and see what cookies are passed around to see if there is really an issue.

Also, make sure your header('Location: xxxx'); is a fully qualified address ... http://www.somesite.com/page.ext. That is the correct way. Sure, browsers accept relative addresses, but, just maybe, you've got an edge-case.

Bypass that possibility by obeying the standard.


With WireShark can you tell us what cookies are being received and sent?
0
 
LVL 40

Expert Comment

by:Richard Quadling
ID: 22986335
What was the solution?
0

Featured Post

Free Tool: Port Scanner

Check which ports are open to the outside world. Helps make sure that your firewall rules are working as intended.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

SSL stands for “Secure Sockets Layer” and an SSL certificate is a critical component to keeping your website safe, secured, and compliant. Any ecommerce website must have an SSL certificate to ensure the safe handling of sensitive information like…
Introduction This article is intended for those who are new to PHP error handling (https://www.experts-exchange.com/articles/11769/And-by-the-way-I-am-New-to-PHP.html).  It addresses one of the most common problems that plague beginning PHP develop…
The viewer will learn how to dynamically set the form action using jQuery.
This Micro Tutorial will demonstrate how nuggets on the Web are formatted by using Chrome Developer Tools. These tools would not only view the site's CSS but it can also modify it and save the CSS to use on your own site.

751 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question