Solved

when url changes (on some servers) I am asked to log in again

Posted on 2014-02-18
12
250 Views
Last Modified: 2014-03-10
<?php // RAY_temp_rgb192.php 2013-10-10
error_reporting(E_ALL);

// ONE PAGE WITH OBJECT-ORIENTED LOG-IN REQUIRED
// http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/Q_28264009.html

// AUTHENTICATE THE CLIENT WITH PASSWORD CHECK
$user = new access_control();

// CREATE THE PAGE
echo "<h1>Welcome $user</h1>" . PHP_EOL;
echo "<p>You successfully entered the User Id and Password, so now you can see this page.</p>" . PHP_EOL;
echo '<pre>';
echo 'Here is the Access_Control Object:' . PHP_EOL;
var_dump($user);


// ACCESS CONTROL CLASS
class Access_Control
{
    // CLASS PROPERTIES
    protected $uid = 'rgb192';
    protected $pwd = 'secret';

    // FOR USE WITH ECHO
    public function __toString()
    {
        return $this->uid;
    }

    // CONSTRUCTOR SETS THE UID
    public function __construct()
    {
        // SESSION CONTROLS AUTHORIZATION DATA
        if (!isset($_SESSION))
        {
            session_start();
            if (!isset($_SESSION['aok'])) $_SESSION['aok'] = FALSE;
        }

        // IF THE AUTHORIZATION FORM HAS BEEN POSTED
        if (!empty($_POST))
        {
            // TEST BOTH UID AND PWD
            if ($_POST['uid'] == $this->uid)
            {
                if ($_POST['pwd'] == $this->pwd)
                {
                    $_SESSION['aok'] = $this->uid;
                    return $this->uid;
                }
            }
        }

        // IF THE CLIENT IS NOT AUTHORIZED, PUT UP THE LOGIN FORM
        if ($_SESSION['aok'] != $this->uid)
        {
            $form = <<<EOD
Please Login:
<form method="post">
<input name="uid" placeholder="User Id" />
<input name="pwd" placeholder="Password" />
<input type="submit" />
</form>
EOD;
            echo $form;
            die();
        }
    }
}

Open in new window



I am using this page with a query string url
when url changes (on godaddy shared linux) I am asked to log in again


I also can not submit a form (save values) on godaddy shared linux because when I press submit, I am prompted for login, password
0
Comment
Question by:rgb192
  • 5
  • 4
  • 2
  • +1
12 Comments
 
LVL 27

Accepted Solution

by:
Lukasz Chmielewski earned 125 total points
ID: 39869590
Shouldn't you put session_start(); at the very top of the file ?
0
 
LVL 51

Assisted Solution

by:Julian Hansen
Julian Hansen earned 250 total points
ID: 39869641
When you say "url changes" changes how?

If you change from

www.domain.com to www.domain.com/subfolder

There should be no issue

If you change to

www.someotherdomain.com

then you will be asked to login again as your session is bound to the domain you are working with. Session id entifiers are stored as a cookie which is linked to the domain. Change the domain and you will need to re-authenticate.
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 39870281
The PHP session is usually fine for what you want to do, but there is the risk that it will not work right for subdomains, like http://www.url.com vs http://test.url.com, so I will set up a test for that and show you the results.  Agree with Roads_Roads that you would want to move session_start() to the top of the scripts.  You may also want to change the logic in the class a little bit to assume that the session has been started and that $_SESSION is valid.

Have a look at this while I set up a test.
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_11909-PHP-Sessions-Simpler-Than-You-May-Think.html
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 39870340
Please see http://iconoun.com/demo/temp_rgb192.php where we demonstrate that the "default" way of setting the PHP session cookie is only good for the same subdomain that set it.  You can install this on your server and run it to see the effect.

<?php // demo/temp_rgb192.php
error_reporting(E_ALL);
session_start();

// SHOW THE EXISTING SESSION
var_dump($_SESSION);

// SHOW THE EXISTING SESSION COOKIE, IF ANY
$cookie_val = isset($_COOKIE['PHPSESSID']) ? $_COOKIE['PHPSESSID'] : NULL;;
var_dump($cookie_val);

// PUT UP LINKS TO BOTH SUBDOMAINS
echo '<br>';
echo '<a href="http://iconoun.com/demo/temp_rgb192.php">iconoun.com</a>' . PHP_EOL;
echo '<br>';
echo '<a href="http://www.iconoun.com/demo/temp_rgb192.php">www.iconoun.com</a>' . PHP_EOL;

Open in new window

Here is an old demo script that I used to set a session cookie so it worked across subdomains.  Note that it's not correct for domains like xyz.co.uk, so handle with care.

<?php // RAY_session_cookie_domain.php
/* *
 * QUESTION: WHEN CLIENTS VISIT MY SITE SOMETIMES THEY USE www.mysite.org
 * BUT SOMETIMES THEY USE mysite.org WITHOUT THE WWW.  HOW CAN I HANDLE
 * THE SESSION ISSUES THAT ARISE FROM THIS?
 *
 * ANSWER: ONE WAY IS TO REWRITE THE URL TO REMOVE THE SUBDOMAIN IF IT
 * IS WWW.  FOR EXAMPLE:
 *
 *     Options +FollowSymlinks
 *     RewriteEngine on
 *     RewriteCond %{http_host} ^www\.example\.org [NC]
 *     RewriteRule ^(.*)$ http://example.org/$1 [R=301,NC]
 *
 * ANOTHER WAY IS TO MODIFY THE SESSION COOKIE SO IT WORKS ACROSS ALL OF
 * YOUR SUBDOMAINS.  YOUR CHOICE WILL LARGELY DEPEND ON THE WAY YOU WANT
 * TO HANDLE OTHER SUBDOMAINS (OTHER THAN WWW).
 */

// DEMONSTRATE HOW TO START SESSIONS THAT WORK IN DIFFERENT SUBDOMAINS PHP 5.2+
error_reporting(E_ALL);


// MAKE THE SESSION COOKIE AVAILABLE TO ALL SUBDOMAINS
// MAKE A DOMAIN NAME THAT OMITS WWW OR OTHER SUBDOMAINS
// BREAK THE HOST NAME APART AT THE DOTS
$x = explode('.', strtolower($_SERVER["HTTP_HOST"]));
$y = count($x);
// POSSIBLY 'localhost'
if ($y == 1)
{
    $host = $x[0];
}
// MAYBE SOMETHING LIKE 'www2.atf70.whitehouse.gov'
else
{
    // USE A DOT PLUS THE LAST TWO POSITIONS TO MAKE THE HOST DOMAIN NAME
    $host
    = '.'
    . $x[$y-2]
    . '.'
    . $x[$y-1]
    ;
}

// START THE SESSION AND SET THE COOKIE FOR ALL SUBDOMAINS
$sess_name = session_name();
if (session_start())
{
    // MAN PAGE http://php.net/manual/en/function.setcookie.php
    setcookie
     ( $sess_name
     , session_id()
     , NULL                // THIS IS WHERE YOU CAN SET THE TIME
     , DIRECTORY_SEPARATOR
     , $host
     , FALSE
     , TRUE
     )
     ;
}


// PROVE THAT THE COOKIE WORKS IN MULTIPLE DOMAINS
// LOAD UP SOME INFORMATION TO SHOW SESSION CONTENTS
$_SESSION["cheese"] = "Cheddar";
if (!isset($_SESSION["count"])) $_SESSION["count"] = 0;
$_SESSION["count"] ++;


// PUT UP TWO LINKS WITH DIFFERENT SUBDOMAINS
// STRIP OFF THE DOT THAT WAS NEEDED FOR SETCOOKIE
$gost = ltrim($host,'.');
$dmn_link = 'http://'    . $gost . '/RAY_dump_session.php'; // var_dump() SCRIPT
$www_link = 'http://www' . $host . '/RAY_dump_session.php';

echo "<br/>Click these links to get a new window and see the _SESSION and _COOKIE arrays" . PHP_EOL;
echo "<br/><a target=\"_blank\" href=\"$www_link\">$www_link</a>" . PHP_EOL;
echo "<br/><a target=\"_blank\" href=\"$dmn_link\">$dmn_link</a>" . PHP_EOL;


// SHOW WHAT IS IN COOKIE AND IN $_SESSION
echo "<pre>";
echo "COOKIE ";
var_dump($_COOKIE);
echo PHP_EOL . PHP_EOL;
echo "SESSION ";
var_dump($_SESSION);
echo "</pre>";

// CREATE A FORM TO UPDATE THE COOKIE
$form = <<<ENDFORM
<form method="post">
<input type="submit" value="CLICK ME" />
</form>
ENDFORM;
echo $form;

Open in new window

0
 

Author Comment

by:rgb192
ID: 39872016
question1:
I have not tried the code yet because when I write 'url change' i think you are coding for subdomain.  I mean 'url change'  as 'different query string'.  Is your code for 'different query string on same domain, subdomain'


question2:
Would adding session_start() work for different query strings on same domain, subdomain
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 39872041
Here is a URL:

http://domain.com?q=XYZ

Here is a different URL:

http://domain.com?q=ABC

Are you telling us that you can log in, use the first URL, and then when you attempt to visit the second URL you are prompted to log in again?
0
How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

 

Author Comment

by:rgb192
ID: 39872123
Here is a URL:

http://domain.com?q=XYZ

Here is a different URL:

http://domain.com?q=ABC

Are you telling us that you can log in, use the first URL, and then when you attempt to visit the second URL you are prompted to log in again?

Correct.  (on godaddy lamp shared server, but not hostgator lamp shared, wamp or nusphere php ide)
0
 
LVL 51

Assisted Solution

by:Julian Hansen
Julian Hansen earned 250 total points
ID: 39872527
In the context of sessions those URL's are identical. The query string is irrelevant.

Is there a time delay between accessing the one URL and the next - is it possible the session timeout at GoDaddy is set lower than at hostgator?
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 39873060
Even as poor a host as GoDaddy should be able to get that right, and if your exact same scripts work correctly on HostGator but fail on GoDaddy, then the problem almost certainly lies with something at GoDaddy.  Perhaps there is a difference in the content of a data base?  Or perhaps there is a difference in the configuration settings?  Let's try to make progress by dealing with specifics instead of speculating.  

1. Please reduce this problem to the SSCCE, so we can move forward.  

2. Please post the exact URL of the SSCCE script that illustrates the failure.  

3. Please post the PHP source code of the SSCCE script.  You can obscure authentication details like passwords, but please post the entire script line-for-line so we can see all of the logic that is in play.

4. Please install this little informational script and post a link to it (you can take it down later, but for now we need to see the configuration options).

<?php phpinfo();

Open in new window

0
 

Author Comment

by:rgb192
ID: 39881146
Is there a time delay between accessing the one URL and the next - is it possible the session timeout at GoDaddy is set lower than at hostgator?

I think 1 second or less.  So I think answer is no.
0
 
LVL 108

Assisted Solution

by:Ray Paseur
Ray Paseur earned 125 total points
ID: 39881170
Yeah, 1 second is no time at all.  I was thinking about 15 or 20 minutes.  Let's have a look at the SSCCE.  Thanks, ~Ray
0
 

Author Closing Comment

by:rgb192
ID: 39917987
no minutes time delay, session_start() is at the top of every page

I need to do some server configuration because I think I am using an old solution because I now know more about sessions because I am learning from a session tutorial

thanks
0

Featured Post

Highfive + Dolby Voice = No More Audio Complaints!

Poor audio quality is one of the top reasons people don’t use video conferencing. Get the crispest, clearest audio powered by Dolby Voice in every meeting. Highfive and Dolby Voice deliver the best video conferencing and audio experience for every meeting and every room.

Join & Write a Comment

I imagine that there are some, like me, who require a way of getting currency exchange rates for implementation in web project from time to time, so I thought I would share a solution that I have developed for this purpose. It turns out that Yaho…
Password hashing is better than message digests or encryption, and you should be using it instead of message digests or encryption.  Find out why and how in this article, which supplements the original article on PHP Client Registration, Login, Logo…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

708 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

19 Experts available now in Live!

Get 1:1 Help Now