Solved

Domain Masking is canceling my php session variables

Posted on 2008-10-13
2
459 Views
Last Modified: 2013-12-13
K so i have a php script, here it is minus the database info

<?PHP
session_start();
//require_once($_SERVER['DOCUMENT_ROOT'] . "/include/database.class.php");

//require("/home//public_html/include/database.class.php");

$username_lookup = rtrim($_SERVER['REDIRECT_URL'],'/');
preg_match('/\/[A-Za-z0-9_\- ]+$/', $_SERVER['REDIRECT_URL'], $matches);
$username_lookup = substr(trim($matches[0]),1);

if($username_lookup){
      //$db = new database();
      //$db = new database();
      //$db = new database();
      
      $ho =
   $us =
   $pa =
   $dbName =

   // connect and select the database
   $conn = mysql_connect($ho, $us, $pa) or die(mysql_error());
   $db = mysql_select_db($dbName, $conn) or die(mysql_error());
      //$db = new database

      unset($_SESSION["user"]);
$a = 1;
$b = 5;
      
      if($a<$b){
            $_SESSION["user"]["username"] = strtolower($username_lookup);
      }
      
      if($username_lookup == 'clearsession'){
            unset($_SESSION["user"]);
      }
}

if(!$_SESSION["user"]["username"]){
      header("Location: /real404.php");
}else{
      //header("Location: /index.php");
      include('index.php');
}

echo "<!--" . @$_SESSION["user"]["username"] . "-->";
?>


Basically it uses a 404 error when someone types in a web address say www.cool.com/4356 it searches the database to see if there is a 4356 and displays it as a replicated site if there is and returns a 404 error if it doesnt.  Everything works great.  People can put links into their site as well say www.cool.com/4356 .   Problem is people are getting there own domain names say www.irock.com and forward it with domain masking to www.cool.com/4356 .  In firefox it works fine but in IE it is not setting the session variables.  Has anyone heard of this bug before or any way around it?
0
Comment
Question by:Brant Snow
  • 2
2 Comments
 
LVL 40

Accepted Solution

by:
Richard Quadling earned 500 total points
ID: 22709448
My first step would be to make sure you are using clean browsers - clear cache and cookies - obviously this isn't what you would want to do on your live machine, so a Virtual Machine is probably the real first step. By using a VM, you can present a 100% clean environment each time.

Secondly, I'd use WireShark to watch the requests and see what cookies are passed around to see if there is really an issue.

Also, make sure your header('Location: xxxx'); is a fully qualified address ... http://www.somesite.com/page.ext. That is the correct way. Sure, browsers accept relative addresses, but, just maybe, you've got an edge-case.

Bypass that possibility by obeying the standard.


With WireShark can you tell us what cookies are being received and sent?
0
 
LVL 40

Expert Comment

by:Richard Quadling
ID: 22986335
What was the solution?
0

Featured Post

VMware Disaster Recovery and Data Protection

In this expert guide, you’ll learn about the components of a Modern Data Center. You will use cases for the value-added capabilities of Veeam®, including combining backup and replication for VMware disaster recovery and using replication for data center migration.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I annotated my article on ransomware somewhat extensively, but I keep adding new references and wanted to put a link to the reference library.  Despite all the reference tools I have on hand, it was not easy to find a way to do this easily. I finall…
#Citrix #Internet Explorer #Enterprise Mode #IE 11 #IE 8
The viewer will learn how to dynamically set the form action using jQuery.
Google currently has a new report that is in beta and coming soon to Webmaster Tool accounts. This Micro Tutorial will highlight new features for Google Webmaster Tools.

809 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question