Solved

when url changes (on some servers) I am asked to log in again

Posted on 2014-02-18
12
253 Views
Last Modified: 2014-03-10
<?php // RAY_temp_rgb192.php 2013-10-10
error_reporting(E_ALL);

// ONE PAGE WITH OBJECT-ORIENTED LOG-IN REQUIRED
// http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/Q_28264009.html

// AUTHENTICATE THE CLIENT WITH PASSWORD CHECK
$user = new access_control();

// CREATE THE PAGE
echo "<h1>Welcome $user</h1>" . PHP_EOL;
echo "<p>You successfully entered the User Id and Password, so now you can see this page.</p>" . PHP_EOL;
echo '<pre>';
echo 'Here is the Access_Control Object:' . PHP_EOL;
var_dump($user);


// ACCESS CONTROL CLASS
class Access_Control
{
    // CLASS PROPERTIES
    protected $uid = 'rgb192';
    protected $pwd = 'secret';

    // FOR USE WITH ECHO
    public function __toString()
    {
        return $this->uid;
    }

    // CONSTRUCTOR SETS THE UID
    public function __construct()
    {
        // SESSION CONTROLS AUTHORIZATION DATA
        if (!isset($_SESSION))
        {
            session_start();
            if (!isset($_SESSION['aok'])) $_SESSION['aok'] = FALSE;
        }

        // IF THE AUTHORIZATION FORM HAS BEEN POSTED
        if (!empty($_POST))
        {
            // TEST BOTH UID AND PWD
            if ($_POST['uid'] == $this->uid)
            {
                if ($_POST['pwd'] == $this->pwd)
                {
                    $_SESSION['aok'] = $this->uid;
                    return $this->uid;
                }
            }
        }

        // IF THE CLIENT IS NOT AUTHORIZED, PUT UP THE LOGIN FORM
        if ($_SESSION['aok'] != $this->uid)
        {
            $form = <<<EOD
Please Login:
<form method="post">
<input name="uid" placeholder="User Id" />
<input name="pwd" placeholder="Password" />
<input type="submit" />
</form>
EOD;
            echo $form;
            die();
        }
    }
}

Open in new window



I am using this page with a query string url
when url changes (on godaddy shared linux) I am asked to log in again


I also can not submit a form (save values) on godaddy shared linux because when I press submit, I am prompted for login, password
0
Comment
Question by:rgb192
  • 5
  • 4
  • 2
  • +1
12 Comments
 
LVL 27

Accepted Solution

by:
Lukasz Chmielewski earned 125 total points
ID: 39869590
Shouldn't you put session_start(); at the very top of the file ?
0
 
LVL 55

Assisted Solution

by:Julian Hansen
Julian Hansen earned 250 total points
ID: 39869641
When you say "url changes" changes how?

If you change from

www.domain.com to www.domain.com/subfolder

There should be no issue

If you change to

www.someotherdomain.com 

then you will be asked to login again as your session is bound to the domain you are working with. Session id entifiers are stored as a cookie which is linked to the domain. Change the domain and you will need to re-authenticate.
0
 
LVL 109

Expert Comment

by:Ray Paseur
ID: 39870281
The PHP session is usually fine for what you want to do, but there is the risk that it will not work right for subdomains, like http://www.url.com vs http://test.url.com, so I will set up a test for that and show you the results.  Agree with Roads_Roads that you would want to move session_start() to the top of the scripts.  You may also want to change the logic in the class a little bit to assume that the session has been started and that $_SESSION is valid.

Have a look at this while I set up a test.
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_11909-PHP-Sessions-Simpler-Than-You-May-Think.html
0
Announcing the Most Valuable Experts of 2016

MVEs are more concerned with the satisfaction of those they help than with the considerable points they can earn. They are the types of people you feel privileged to call colleagues. Join us in honoring this amazing group of Experts.

 
LVL 109

Expert Comment

by:Ray Paseur
ID: 39870340
Please see http://iconoun.com/demo/temp_rgb192.php where we demonstrate that the "default" way of setting the PHP session cookie is only good for the same subdomain that set it.  You can install this on your server and run it to see the effect.

<?php // demo/temp_rgb192.php
error_reporting(E_ALL);
session_start();

// SHOW THE EXISTING SESSION
var_dump($_SESSION);

// SHOW THE EXISTING SESSION COOKIE, IF ANY
$cookie_val = isset($_COOKIE['PHPSESSID']) ? $_COOKIE['PHPSESSID'] : NULL;;
var_dump($cookie_val);

// PUT UP LINKS TO BOTH SUBDOMAINS
echo '<br>';
echo '<a href="http://iconoun.com/demo/temp_rgb192.php">iconoun.com</a>' . PHP_EOL;
echo '<br>';
echo '<a href="http://www.iconoun.com/demo/temp_rgb192.php">www.iconoun.com</a>' . PHP_EOL;

Open in new window

Here is an old demo script that I used to set a session cookie so it worked across subdomains.  Note that it's not correct for domains like xyz.co.uk, so handle with care.

<?php // RAY_session_cookie_domain.php
/* *
 * QUESTION: WHEN CLIENTS VISIT MY SITE SOMETIMES THEY USE www.mysite.org
 * BUT SOMETIMES THEY USE mysite.org WITHOUT THE WWW.  HOW CAN I HANDLE
 * THE SESSION ISSUES THAT ARISE FROM THIS?
 *
 * ANSWER: ONE WAY IS TO REWRITE THE URL TO REMOVE THE SUBDOMAIN IF IT
 * IS WWW.  FOR EXAMPLE:
 *
 *     Options +FollowSymlinks
 *     RewriteEngine on
 *     RewriteCond %{http_host} ^www\.example\.org [NC]
 *     RewriteRule ^(.*)$ http://example.org/$1 [R=301,NC]
 *
 * ANOTHER WAY IS TO MODIFY THE SESSION COOKIE SO IT WORKS ACROSS ALL OF
 * YOUR SUBDOMAINS.  YOUR CHOICE WILL LARGELY DEPEND ON THE WAY YOU WANT
 * TO HANDLE OTHER SUBDOMAINS (OTHER THAN WWW).
 */

// DEMONSTRATE HOW TO START SESSIONS THAT WORK IN DIFFERENT SUBDOMAINS PHP 5.2+
error_reporting(E_ALL);


// MAKE THE SESSION COOKIE AVAILABLE TO ALL SUBDOMAINS
// MAKE A DOMAIN NAME THAT OMITS WWW OR OTHER SUBDOMAINS
// BREAK THE HOST NAME APART AT THE DOTS
$x = explode('.', strtolower($_SERVER["HTTP_HOST"]));
$y = count($x);
// POSSIBLY 'localhost'
if ($y == 1)
{
    $host = $x[0];
}
// MAYBE SOMETHING LIKE 'www2.atf70.whitehouse.gov'
else
{
    // USE A DOT PLUS THE LAST TWO POSITIONS TO MAKE THE HOST DOMAIN NAME
    $host
    = '.'
    . $x[$y-2]
    . '.'
    . $x[$y-1]
    ;
}

// START THE SESSION AND SET THE COOKIE FOR ALL SUBDOMAINS
$sess_name = session_name();
if (session_start())
{
    // MAN PAGE http://php.net/manual/en/function.setcookie.php
    setcookie
     ( $sess_name
     , session_id()
     , NULL                // THIS IS WHERE YOU CAN SET THE TIME
     , DIRECTORY_SEPARATOR
     , $host
     , FALSE
     , TRUE
     )
     ;
}


// PROVE THAT THE COOKIE WORKS IN MULTIPLE DOMAINS
// LOAD UP SOME INFORMATION TO SHOW SESSION CONTENTS
$_SESSION["cheese"] = "Cheddar";
if (!isset($_SESSION["count"])) $_SESSION["count"] = 0;
$_SESSION["count"] ++;


// PUT UP TWO LINKS WITH DIFFERENT SUBDOMAINS
// STRIP OFF THE DOT THAT WAS NEEDED FOR SETCOOKIE
$gost = ltrim($host,'.');
$dmn_link = 'http://'    . $gost . '/RAY_dump_session.php'; // var_dump() SCRIPT
$www_link = 'http://www' . $host . '/RAY_dump_session.php';

echo "<br/>Click these links to get a new window and see the _SESSION and _COOKIE arrays" . PHP_EOL;
echo "<br/><a target=\"_blank\" href=\"$www_link\">$www_link</a>" . PHP_EOL;
echo "<br/><a target=\"_blank\" href=\"$dmn_link\">$dmn_link</a>" . PHP_EOL;


// SHOW WHAT IS IN COOKIE AND IN $_SESSION
echo "<pre>";
echo "COOKIE ";
var_dump($_COOKIE);
echo PHP_EOL . PHP_EOL;
echo "SESSION ";
var_dump($_SESSION);
echo "</pre>";

// CREATE A FORM TO UPDATE THE COOKIE
$form = <<<ENDFORM
<form method="post">
<input type="submit" value="CLICK ME" />
</form>
ENDFORM;
echo $form;

Open in new window

0
 

Author Comment

by:rgb192
ID: 39872016
question1:
I have not tried the code yet because when I write 'url change' i think you are coding for subdomain.  I mean 'url change'  as 'different query string'.  Is your code for 'different query string on same domain, subdomain'


question2:
Would adding session_start() work for different query strings on same domain, subdomain
0
 
LVL 109

Expert Comment

by:Ray Paseur
ID: 39872041
Here is a URL:

http://domain.com?q=XYZ

Here is a different URL:

http://domain.com?q=ABC

Are you telling us that you can log in, use the first URL, and then when you attempt to visit the second URL you are prompted to log in again?
0
 

Author Comment

by:rgb192
ID: 39872123
Here is a URL:

http://domain.com?q=XYZ

Here is a different URL:

http://domain.com?q=ABC

Are you telling us that you can log in, use the first URL, and then when you attempt to visit the second URL you are prompted to log in again?

Correct.  (on godaddy lamp shared server, but not hostgator lamp shared, wamp or nusphere php ide)
0
 
LVL 55

Assisted Solution

by:Julian Hansen
Julian Hansen earned 250 total points
ID: 39872527
In the context of sessions those URL's are identical. The query string is irrelevant.

Is there a time delay between accessing the one URL and the next - is it possible the session timeout at GoDaddy is set lower than at hostgator?
0
 
LVL 109

Expert Comment

by:Ray Paseur
ID: 39873060
Even as poor a host as GoDaddy should be able to get that right, and if your exact same scripts work correctly on HostGator but fail on GoDaddy, then the problem almost certainly lies with something at GoDaddy.  Perhaps there is a difference in the content of a data base?  Or perhaps there is a difference in the configuration settings?  Let's try to make progress by dealing with specifics instead of speculating.  

1. Please reduce this problem to the SSCCE, so we can move forward.  

2. Please post the exact URL of the SSCCE script that illustrates the failure.  

3. Please post the PHP source code of the SSCCE script.  You can obscure authentication details like passwords, but please post the entire script line-for-line so we can see all of the logic that is in play.

4. Please install this little informational script and post a link to it (you can take it down later, but for now we need to see the configuration options).

<?php phpinfo();

Open in new window

0
 

Author Comment

by:rgb192
ID: 39881146
Is there a time delay between accessing the one URL and the next - is it possible the session timeout at GoDaddy is set lower than at hostgator?

I think 1 second or less.  So I think answer is no.
0
 
LVL 109

Assisted Solution

by:Ray Paseur
Ray Paseur earned 125 total points
ID: 39881170
Yeah, 1 second is no time at all.  I was thinking about 15 or 20 minutes.  Let's have a look at the SSCCE.  Thanks, ~Ray
0
 

Author Closing Comment

by:rgb192
ID: 39917987
no minutes time delay, session_start() is at the top of every page

I need to do some server configuration because I think I am using an old solution because I now know more about sessions because I am learning from a session tutorial

thanks
0

Featured Post

Networking for the Cloud Era

Join Microsoft and Riverbed for a discussion and demonstration of enhancements to SteelConnect:
-One-click orchestration and cloud connectivity in Azure environments
-Tight integration of SD-WAN and WAN optimization capabilities
-Scalability and resiliency equal to a data center

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Build an array called $myWeek which will hold the array elements Today, Yesterday and then builds up the rest of the week by the name of the day going back 1 week.   (CODE) (CODE) Then you just need to pass your date to the function. If i…
This article discusses how to create an extensible mechanism for linked drop downs.
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

791 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question