when url changes (on some servers) I am asked to log in again

<?php // RAY_temp_rgb192.php 2013-10-10
error_reporting(E_ALL);

// ONE PAGE WITH OBJECT-ORIENTED LOG-IN REQUIRED
// http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/Q_28264009.html

// AUTHENTICATE THE CLIENT WITH PASSWORD CHECK
$user = new access_control();

// CREATE THE PAGE
echo "<h1>Welcome $user</h1>" . PHP_EOL;
echo "<p>You successfully entered the User Id and Password, so now you can see this page.</p>" . PHP_EOL;
echo '<pre>';
echo 'Here is the Access_Control Object:' . PHP_EOL;
var_dump($user);


// ACCESS CONTROL CLASS
class Access_Control
{
    // CLASS PROPERTIES
    protected $uid = 'rgb192';
    protected $pwd = 'secret';

    // FOR USE WITH ECHO
    public function __toString()
    {
        return $this->uid;
    }

    // CONSTRUCTOR SETS THE UID
    public function __construct()
    {
        // SESSION CONTROLS AUTHORIZATION DATA
        if (!isset($_SESSION))
        {
            session_start();
            if (!isset($_SESSION['aok'])) $_SESSION['aok'] = FALSE;
        }

        // IF THE AUTHORIZATION FORM HAS BEEN POSTED
        if (!empty($_POST))
        {
            // TEST BOTH UID AND PWD
            if ($_POST['uid'] == $this->uid)
            {
                if ($_POST['pwd'] == $this->pwd)
                {
                    $_SESSION['aok'] = $this->uid;
                    return $this->uid;
                }
            }
        }

        // IF THE CLIENT IS NOT AUTHORIZED, PUT UP THE LOGIN FORM
        if ($_SESSION['aok'] != $this->uid)
        {
            $form = <<<EOD
Please Login:
<form method="post">
<input name="uid" placeholder="User Id" />
<input name="pwd" placeholder="Password" />
<input type="submit" />
</form>
EOD;
            echo $form;
            die();
        }
    }
}

Open in new window



I am using this page with a query string url
when url changes (on godaddy shared linux) I am asked to log in again


I also can not submit a form (save values) on godaddy shared linux because when I press submit, I am prompted for login, password
LVL 1
rgb192Asked:
Who is Participating?
 
Lukasz ChmielewskiConnect With a Mentor Commented:
Shouldn't you put session_start(); at the very top of the file ?
0
 
Julian HansenConnect With a Mentor Commented:
When you say "url changes" changes how?

If you change from

www.domain.com to www.domain.com/subfolder

There should be no issue

If you change to

www.someotherdomain.com 

then you will be asked to login again as your session is bound to the domain you are working with. Session id entifiers are stored as a cookie which is linked to the domain. Change the domain and you will need to re-authenticate.
0
 
Ray PaseurCommented:
The PHP session is usually fine for what you want to do, but there is the risk that it will not work right for subdomains, like http://www.url.com vs http://test.url.com, so I will set up a test for that and show you the results.  Agree with Roads_Roads that you would want to move session_start() to the top of the scripts.  You may also want to change the logic in the class a little bit to assume that the session has been started and that $_SESSION is valid.

Have a look at this while I set up a test.
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_11909-PHP-Sessions-Simpler-Than-You-May-Think.html
0
Keep up with what's happening at Experts Exchange!

Sign up to receive Decoded, a new monthly digest with product updates, feature release info, continuing education opportunities, and more.

 
Ray PaseurCommented:
Please see http://iconoun.com/demo/temp_rgb192.php where we demonstrate that the "default" way of setting the PHP session cookie is only good for the same subdomain that set it.  You can install this on your server and run it to see the effect.

<?php // demo/temp_rgb192.php
error_reporting(E_ALL);
session_start();

// SHOW THE EXISTING SESSION
var_dump($_SESSION);

// SHOW THE EXISTING SESSION COOKIE, IF ANY
$cookie_val = isset($_COOKIE['PHPSESSID']) ? $_COOKIE['PHPSESSID'] : NULL;;
var_dump($cookie_val);

// PUT UP LINKS TO BOTH SUBDOMAINS
echo '<br>';
echo '<a href="http://iconoun.com/demo/temp_rgb192.php">iconoun.com</a>' . PHP_EOL;
echo '<br>';
echo '<a href="http://www.iconoun.com/demo/temp_rgb192.php">www.iconoun.com</a>' . PHP_EOL;

Open in new window

Here is an old demo script that I used to set a session cookie so it worked across subdomains.  Note that it's not correct for domains like xyz.co.uk, so handle with care.

<?php // RAY_session_cookie_domain.php
/* *
 * QUESTION: WHEN CLIENTS VISIT MY SITE SOMETIMES THEY USE www.mysite.org
 * BUT SOMETIMES THEY USE mysite.org WITHOUT THE WWW.  HOW CAN I HANDLE
 * THE SESSION ISSUES THAT ARISE FROM THIS?
 *
 * ANSWER: ONE WAY IS TO REWRITE THE URL TO REMOVE THE SUBDOMAIN IF IT
 * IS WWW.  FOR EXAMPLE:
 *
 *     Options +FollowSymlinks
 *     RewriteEngine on
 *     RewriteCond %{http_host} ^www\.example\.org [NC]
 *     RewriteRule ^(.*)$ http://example.org/$1 [R=301,NC]
 *
 * ANOTHER WAY IS TO MODIFY THE SESSION COOKIE SO IT WORKS ACROSS ALL OF
 * YOUR SUBDOMAINS.  YOUR CHOICE WILL LARGELY DEPEND ON THE WAY YOU WANT
 * TO HANDLE OTHER SUBDOMAINS (OTHER THAN WWW).
 */

// DEMONSTRATE HOW TO START SESSIONS THAT WORK IN DIFFERENT SUBDOMAINS PHP 5.2+
error_reporting(E_ALL);


// MAKE THE SESSION COOKIE AVAILABLE TO ALL SUBDOMAINS
// MAKE A DOMAIN NAME THAT OMITS WWW OR OTHER SUBDOMAINS
// BREAK THE HOST NAME APART AT THE DOTS
$x = explode('.', strtolower($_SERVER["HTTP_HOST"]));
$y = count($x);
// POSSIBLY 'localhost'
if ($y == 1)
{
    $host = $x[0];
}
// MAYBE SOMETHING LIKE 'www2.atf70.whitehouse.gov'
else
{
    // USE A DOT PLUS THE LAST TWO POSITIONS TO MAKE THE HOST DOMAIN NAME
    $host
    = '.'
    . $x[$y-2]
    . '.'
    . $x[$y-1]
    ;
}

// START THE SESSION AND SET THE COOKIE FOR ALL SUBDOMAINS
$sess_name = session_name();
if (session_start())
{
    // MAN PAGE http://php.net/manual/en/function.setcookie.php
    setcookie
     ( $sess_name
     , session_id()
     , NULL                // THIS IS WHERE YOU CAN SET THE TIME
     , DIRECTORY_SEPARATOR
     , $host
     , FALSE
     , TRUE
     )
     ;
}


// PROVE THAT THE COOKIE WORKS IN MULTIPLE DOMAINS
// LOAD UP SOME INFORMATION TO SHOW SESSION CONTENTS
$_SESSION["cheese"] = "Cheddar";
if (!isset($_SESSION["count"])) $_SESSION["count"] = 0;
$_SESSION["count"] ++;


// PUT UP TWO LINKS WITH DIFFERENT SUBDOMAINS
// STRIP OFF THE DOT THAT WAS NEEDED FOR SETCOOKIE
$gost = ltrim($host,'.');
$dmn_link = 'http://'    . $gost . '/RAY_dump_session.php'; // var_dump() SCRIPT
$www_link = 'http://www' . $host . '/RAY_dump_session.php';

echo "<br/>Click these links to get a new window and see the _SESSION and _COOKIE arrays" . PHP_EOL;
echo "<br/><a target=\"_blank\" href=\"$www_link\">$www_link</a>" . PHP_EOL;
echo "<br/><a target=\"_blank\" href=\"$dmn_link\">$dmn_link</a>" . PHP_EOL;


// SHOW WHAT IS IN COOKIE AND IN $_SESSION
echo "<pre>";
echo "COOKIE ";
var_dump($_COOKIE);
echo PHP_EOL . PHP_EOL;
echo "SESSION ";
var_dump($_SESSION);
echo "</pre>";

// CREATE A FORM TO UPDATE THE COOKIE
$form = <<<ENDFORM
<form method="post">
<input type="submit" value="CLICK ME" />
</form>
ENDFORM;
echo $form;

Open in new window

0
 
rgb192Author Commented:
question1:
I have not tried the code yet because when I write 'url change' i think you are coding for subdomain.  I mean 'url change'  as 'different query string'.  Is your code for 'different query string on same domain, subdomain'


question2:
Would adding session_start() work for different query strings on same domain, subdomain
0
 
Ray PaseurCommented:
Here is a URL:

http://domain.com?q=XYZ

Here is a different URL:

http://domain.com?q=ABC

Are you telling us that you can log in, use the first URL, and then when you attempt to visit the second URL you are prompted to log in again?
0
 
rgb192Author Commented:
Here is a URL:

http://domain.com?q=XYZ

Here is a different URL:

http://domain.com?q=ABC

Are you telling us that you can log in, use the first URL, and then when you attempt to visit the second URL you are prompted to log in again?

Correct.  (on godaddy lamp shared server, but not hostgator lamp shared, wamp or nusphere php ide)
0
 
Julian HansenConnect With a Mentor Commented:
In the context of sessions those URL's are identical. The query string is irrelevant.

Is there a time delay between accessing the one URL and the next - is it possible the session timeout at GoDaddy is set lower than at hostgator?
0
 
Ray PaseurCommented:
Even as poor a host as GoDaddy should be able to get that right, and if your exact same scripts work correctly on HostGator but fail on GoDaddy, then the problem almost certainly lies with something at GoDaddy.  Perhaps there is a difference in the content of a data base?  Or perhaps there is a difference in the configuration settings?  Let's try to make progress by dealing with specifics instead of speculating.  

1. Please reduce this problem to the SSCCE, so we can move forward.  

2. Please post the exact URL of the SSCCE script that illustrates the failure.  

3. Please post the PHP source code of the SSCCE script.  You can obscure authentication details like passwords, but please post the entire script line-for-line so we can see all of the logic that is in play.

4. Please install this little informational script and post a link to it (you can take it down later, but for now we need to see the configuration options).

<?php phpinfo();

Open in new window

0
 
rgb192Author Commented:
Is there a time delay between accessing the one URL and the next - is it possible the session timeout at GoDaddy is set lower than at hostgator?

I think 1 second or less.  So I think answer is no.
0
 
Ray PaseurConnect With a Mentor Commented:
Yeah, 1 second is no time at all.  I was thinking about 15 or 20 minutes.  Let's have a look at the SSCCE.  Thanks, ~Ray
0
 
rgb192Author Commented:
no minutes time delay, session_start() is at the top of every page

I need to do some server configuration because I think I am using an old solution because I now know more about sessions because I am learning from a session tutorial

thanks
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.