Solved

when url changes (on some servers) I am asked to log in again

Posted on 2014-02-18
12
254 Views
Last Modified: 2014-03-10
<?php // RAY_temp_rgb192.php 2013-10-10
error_reporting(E_ALL);

// ONE PAGE WITH OBJECT-ORIENTED LOG-IN REQUIRED
// http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/Q_28264009.html

// AUTHENTICATE THE CLIENT WITH PASSWORD CHECK
$user = new access_control();

// CREATE THE PAGE
echo "<h1>Welcome $user</h1>" . PHP_EOL;
echo "<p>You successfully entered the User Id and Password, so now you can see this page.</p>" . PHP_EOL;
echo '<pre>';
echo 'Here is the Access_Control Object:' . PHP_EOL;
var_dump($user);


// ACCESS CONTROL CLASS
class Access_Control
{
    // CLASS PROPERTIES
    protected $uid = 'rgb192';
    protected $pwd = 'secret';

    // FOR USE WITH ECHO
    public function __toString()
    {
        return $this->uid;
    }

    // CONSTRUCTOR SETS THE UID
    public function __construct()
    {
        // SESSION CONTROLS AUTHORIZATION DATA
        if (!isset($_SESSION))
        {
            session_start();
            if (!isset($_SESSION['aok'])) $_SESSION['aok'] = FALSE;
        }

        // IF THE AUTHORIZATION FORM HAS BEEN POSTED
        if (!empty($_POST))
        {
            // TEST BOTH UID AND PWD
            if ($_POST['uid'] == $this->uid)
            {
                if ($_POST['pwd'] == $this->pwd)
                {
                    $_SESSION['aok'] = $this->uid;
                    return $this->uid;
                }
            }
        }

        // IF THE CLIENT IS NOT AUTHORIZED, PUT UP THE LOGIN FORM
        if ($_SESSION['aok'] != $this->uid)
        {
            $form = <<<EOD
Please Login:
<form method="post">
<input name="uid" placeholder="User Id" />
<input name="pwd" placeholder="Password" />
<input type="submit" />
</form>
EOD;
            echo $form;
            die();
        }
    }
}

Open in new window



I am using this page with a query string url
when url changes (on godaddy shared linux) I am asked to log in again


I also can not submit a form (save values) on godaddy shared linux because when I press submit, I am prompted for login, password
0
Comment
Question by:rgb192
  • 5
  • 4
  • 2
  • +1
12 Comments
 
LVL 27

Accepted Solution

by:
Lukasz Chmielewski earned 125 total points
ID: 39869590
Shouldn't you put session_start(); at the very top of the file ?
0
 
LVL 56

Assisted Solution

by:Julian Hansen
Julian Hansen earned 250 total points
ID: 39869641
When you say "url changes" changes how?

If you change from

www.domain.com to www.domain.com/subfolder

There should be no issue

If you change to

www.someotherdomain.com 

then you will be asked to login again as your session is bound to the domain you are working with. Session id entifiers are stored as a cookie which is linked to the domain. Change the domain and you will need to re-authenticate.
0
 
LVL 110

Expert Comment

by:Ray Paseur
ID: 39870281
The PHP session is usually fine for what you want to do, but there is the risk that it will not work right for subdomains, like http://www.url.com vs http://test.url.com, so I will set up a test for that and show you the results.  Agree with Roads_Roads that you would want to move session_start() to the top of the scripts.  You may also want to change the logic in the class a little bit to assume that the session has been started and that $_SESSION is valid.

Have a look at this while I set up a test.
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_11909-PHP-Sessions-Simpler-Than-You-May-Think.html
0
Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
LVL 110

Expert Comment

by:Ray Paseur
ID: 39870340
Please see http://iconoun.com/demo/temp_rgb192.php where we demonstrate that the "default" way of setting the PHP session cookie is only good for the same subdomain that set it.  You can install this on your server and run it to see the effect.

<?php // demo/temp_rgb192.php
error_reporting(E_ALL);
session_start();

// SHOW THE EXISTING SESSION
var_dump($_SESSION);

// SHOW THE EXISTING SESSION COOKIE, IF ANY
$cookie_val = isset($_COOKIE['PHPSESSID']) ? $_COOKIE['PHPSESSID'] : NULL;;
var_dump($cookie_val);

// PUT UP LINKS TO BOTH SUBDOMAINS
echo '<br>';
echo '<a href="http://iconoun.com/demo/temp_rgb192.php">iconoun.com</a>' . PHP_EOL;
echo '<br>';
echo '<a href="http://www.iconoun.com/demo/temp_rgb192.php">www.iconoun.com</a>' . PHP_EOL;

Open in new window

Here is an old demo script that I used to set a session cookie so it worked across subdomains.  Note that it's not correct for domains like xyz.co.uk, so handle with care.

<?php // RAY_session_cookie_domain.php
/* *
 * QUESTION: WHEN CLIENTS VISIT MY SITE SOMETIMES THEY USE www.mysite.org
 * BUT SOMETIMES THEY USE mysite.org WITHOUT THE WWW.  HOW CAN I HANDLE
 * THE SESSION ISSUES THAT ARISE FROM THIS?
 *
 * ANSWER: ONE WAY IS TO REWRITE THE URL TO REMOVE THE SUBDOMAIN IF IT
 * IS WWW.  FOR EXAMPLE:
 *
 *     Options +FollowSymlinks
 *     RewriteEngine on
 *     RewriteCond %{http_host} ^www\.example\.org [NC]
 *     RewriteRule ^(.*)$ http://example.org/$1 [R=301,NC]
 *
 * ANOTHER WAY IS TO MODIFY THE SESSION COOKIE SO IT WORKS ACROSS ALL OF
 * YOUR SUBDOMAINS.  YOUR CHOICE WILL LARGELY DEPEND ON THE WAY YOU WANT
 * TO HANDLE OTHER SUBDOMAINS (OTHER THAN WWW).
 */

// DEMONSTRATE HOW TO START SESSIONS THAT WORK IN DIFFERENT SUBDOMAINS PHP 5.2+
error_reporting(E_ALL);


// MAKE THE SESSION COOKIE AVAILABLE TO ALL SUBDOMAINS
// MAKE A DOMAIN NAME THAT OMITS WWW OR OTHER SUBDOMAINS
// BREAK THE HOST NAME APART AT THE DOTS
$x = explode('.', strtolower($_SERVER["HTTP_HOST"]));
$y = count($x);
// POSSIBLY 'localhost'
if ($y == 1)
{
    $host = $x[0];
}
// MAYBE SOMETHING LIKE 'www2.atf70.whitehouse.gov'
else
{
    // USE A DOT PLUS THE LAST TWO POSITIONS TO MAKE THE HOST DOMAIN NAME
    $host
    = '.'
    . $x[$y-2]
    . '.'
    . $x[$y-1]
    ;
}

// START THE SESSION AND SET THE COOKIE FOR ALL SUBDOMAINS
$sess_name = session_name();
if (session_start())
{
    // MAN PAGE http://php.net/manual/en/function.setcookie.php
    setcookie
     ( $sess_name
     , session_id()
     , NULL                // THIS IS WHERE YOU CAN SET THE TIME
     , DIRECTORY_SEPARATOR
     , $host
     , FALSE
     , TRUE
     )
     ;
}


// PROVE THAT THE COOKIE WORKS IN MULTIPLE DOMAINS
// LOAD UP SOME INFORMATION TO SHOW SESSION CONTENTS
$_SESSION["cheese"] = "Cheddar";
if (!isset($_SESSION["count"])) $_SESSION["count"] = 0;
$_SESSION["count"] ++;


// PUT UP TWO LINKS WITH DIFFERENT SUBDOMAINS
// STRIP OFF THE DOT THAT WAS NEEDED FOR SETCOOKIE
$gost = ltrim($host,'.');
$dmn_link = 'http://'    . $gost . '/RAY_dump_session.php'; // var_dump() SCRIPT
$www_link = 'http://www' . $host . '/RAY_dump_session.php';

echo "<br/>Click these links to get a new window and see the _SESSION and _COOKIE arrays" . PHP_EOL;
echo "<br/><a target=\"_blank\" href=\"$www_link\">$www_link</a>" . PHP_EOL;
echo "<br/><a target=\"_blank\" href=\"$dmn_link\">$dmn_link</a>" . PHP_EOL;


// SHOW WHAT IS IN COOKIE AND IN $_SESSION
echo "<pre>";
echo "COOKIE ";
var_dump($_COOKIE);
echo PHP_EOL . PHP_EOL;
echo "SESSION ";
var_dump($_SESSION);
echo "</pre>";

// CREATE A FORM TO UPDATE THE COOKIE
$form = <<<ENDFORM
<form method="post">
<input type="submit" value="CLICK ME" />
</form>
ENDFORM;
echo $form;

Open in new window

0
 

Author Comment

by:rgb192
ID: 39872016
question1:
I have not tried the code yet because when I write 'url change' i think you are coding for subdomain.  I mean 'url change'  as 'different query string'.  Is your code for 'different query string on same domain, subdomain'


question2:
Would adding session_start() work for different query strings on same domain, subdomain
0
 
LVL 110

Expert Comment

by:Ray Paseur
ID: 39872041
Here is a URL:

http://domain.com?q=XYZ

Here is a different URL:

http://domain.com?q=ABC

Are you telling us that you can log in, use the first URL, and then when you attempt to visit the second URL you are prompted to log in again?
0
 

Author Comment

by:rgb192
ID: 39872123
Here is a URL:

http://domain.com?q=XYZ

Here is a different URL:

http://domain.com?q=ABC

Are you telling us that you can log in, use the first URL, and then when you attempt to visit the second URL you are prompted to log in again?

Correct.  (on godaddy lamp shared server, but not hostgator lamp shared, wamp or nusphere php ide)
0
 
LVL 56

Assisted Solution

by:Julian Hansen
Julian Hansen earned 250 total points
ID: 39872527
In the context of sessions those URL's are identical. The query string is irrelevant.

Is there a time delay between accessing the one URL and the next - is it possible the session timeout at GoDaddy is set lower than at hostgator?
0
 
LVL 110

Expert Comment

by:Ray Paseur
ID: 39873060
Even as poor a host as GoDaddy should be able to get that right, and if your exact same scripts work correctly on HostGator but fail on GoDaddy, then the problem almost certainly lies with something at GoDaddy.  Perhaps there is a difference in the content of a data base?  Or perhaps there is a difference in the configuration settings?  Let's try to make progress by dealing with specifics instead of speculating.  

1. Please reduce this problem to the SSCCE, so we can move forward.  

2. Please post the exact URL of the SSCCE script that illustrates the failure.  

3. Please post the PHP source code of the SSCCE script.  You can obscure authentication details like passwords, but please post the entire script line-for-line so we can see all of the logic that is in play.

4. Please install this little informational script and post a link to it (you can take it down later, but for now we need to see the configuration options).

<?php phpinfo();

Open in new window

0
 

Author Comment

by:rgb192
ID: 39881146
Is there a time delay between accessing the one URL and the next - is it possible the session timeout at GoDaddy is set lower than at hostgator?

I think 1 second or less.  So I think answer is no.
0
 
LVL 110

Assisted Solution

by:Ray Paseur
Ray Paseur earned 125 total points
ID: 39881170
Yeah, 1 second is no time at all.  I was thinking about 15 or 20 minutes.  Let's have a look at the SSCCE.  Thanks, ~Ray
0
 

Author Closing Comment

by:rgb192
ID: 39917987
no minutes time delay, session_start() is at the top of every page

I need to do some server configuration because I think I am using an old solution because I now know more about sessions because I am learning from a session tutorial

thanks
0

Featured Post

Free Tool: SSL Checker

Scans your site and returns information about your SSL implementation and certificate. Helpful for debugging and validating your SSL configuration.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Suggested Solutions

Title # Comments Views Activity
$_SERVER Variable question 31 51
Generate PDF from MySQL using PHP 3 53
syntax error, unexpected '?' in phpunit 5 23
PHP Underscores vs. Directory separators 5 26
Things That Drive Us Nuts Have you noticed the use of the reCaptcha feature at EE and other web sites?  It wants you to read and retype something that looks like this.Insanity!  It's not EE's fault - that's just the way reCaptcha works.  But it is …
Many old projects have bad code, but the budget doesn't exist to rewrite the codebase. You can update this code to be safer by introducing contemporary input validation, sanitation, and safer database queries.
The viewer will learn how to create and use a small PHP class to apply a watermark to an image. This video shows the viewer the setup for the PHP watermark as well as important coding language. Continue to Part 2 to learn the core code used in creat…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

756 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question