Still celebrating National IT Professionals Day with 3 months of free Premium Membership. Use Code ITDAY17

x
?
Solved

when url changes (on some servers) I am asked to log in again

Posted on 2014-02-18
12
Medium Priority
?
258 Views
Last Modified: 2014-03-10
<?php // RAY_temp_rgb192.php 2013-10-10
error_reporting(E_ALL);

// ONE PAGE WITH OBJECT-ORIENTED LOG-IN REQUIRED
// http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/Q_28264009.html

// AUTHENTICATE THE CLIENT WITH PASSWORD CHECK
$user = new access_control();

// CREATE THE PAGE
echo "<h1>Welcome $user</h1>" . PHP_EOL;
echo "<p>You successfully entered the User Id and Password, so now you can see this page.</p>" . PHP_EOL;
echo '<pre>';
echo 'Here is the Access_Control Object:' . PHP_EOL;
var_dump($user);


// ACCESS CONTROL CLASS
class Access_Control
{
    // CLASS PROPERTIES
    protected $uid = 'rgb192';
    protected $pwd = 'secret';

    // FOR USE WITH ECHO
    public function __toString()
    {
        return $this->uid;
    }

    // CONSTRUCTOR SETS THE UID
    public function __construct()
    {
        // SESSION CONTROLS AUTHORIZATION DATA
        if (!isset($_SESSION))
        {
            session_start();
            if (!isset($_SESSION['aok'])) $_SESSION['aok'] = FALSE;
        }

        // IF THE AUTHORIZATION FORM HAS BEEN POSTED
        if (!empty($_POST))
        {
            // TEST BOTH UID AND PWD
            if ($_POST['uid'] == $this->uid)
            {
                if ($_POST['pwd'] == $this->pwd)
                {
                    $_SESSION['aok'] = $this->uid;
                    return $this->uid;
                }
            }
        }

        // IF THE CLIENT IS NOT AUTHORIZED, PUT UP THE LOGIN FORM
        if ($_SESSION['aok'] != $this->uid)
        {
            $form = <<<EOD
Please Login:
<form method="post">
<input name="uid" placeholder="User Id" />
<input name="pwd" placeholder="Password" />
<input type="submit" />
</form>
EOD;
            echo $form;
            die();
        }
    }
}

Open in new window



I am using this page with a query string url
when url changes (on godaddy shared linux) I am asked to log in again


I also can not submit a form (save values) on godaddy shared linux because when I press submit, I am prompted for login, password
0
Comment
Question by:rgb192
[X]
Welcome to Experts Exchange

Add your voice to the tech community where 5M+ people just like you are talking about what matters.

  • Help others & share knowledge
  • Earn cash & points
  • Learn & ask questions
  • 5
  • 4
  • 2
  • +1
12 Comments
 
LVL 27

Accepted Solution

by:
Lukasz Chmielewski earned 500 total points
ID: 39869590
Shouldn't you put session_start(); at the very top of the file ?
0
 
LVL 59

Assisted Solution

by:Julian Hansen
Julian Hansen earned 1000 total points
ID: 39869641
When you say "url changes" changes how?

If you change from

www.domain.com to www.domain.com/subfolder

There should be no issue

If you change to

www.someotherdomain.com 

then you will be asked to login again as your session is bound to the domain you are working with. Session id entifiers are stored as a cookie which is linked to the domain. Change the domain and you will need to re-authenticate.
0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 39870281
The PHP session is usually fine for what you want to do, but there is the risk that it will not work right for subdomains, like http://www.url.com vs http://test.url.com, so I will set up a test for that and show you the results.  Agree with Roads_Roads that you would want to move session_start() to the top of the scripts.  You may also want to change the logic in the class a little bit to assume that the session has been started and that $_SESSION is valid.

Have a look at this while I set up a test.
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_11909-PHP-Sessions-Simpler-Than-You-May-Think.html
0
VIDEO: THE CONCERTO CLOUD FOR HEALTHCARE

Modern healthcare requires a modern cloud. View this brief video to understand how the Concerto Cloud for Healthcare can help your organization.

 
LVL 111

Expert Comment

by:Ray Paseur
ID: 39870340
Please see http://iconoun.com/demo/temp_rgb192.php where we demonstrate that the "default" way of setting the PHP session cookie is only good for the same subdomain that set it.  You can install this on your server and run it to see the effect.

<?php // demo/temp_rgb192.php
error_reporting(E_ALL);
session_start();

// SHOW THE EXISTING SESSION
var_dump($_SESSION);

// SHOW THE EXISTING SESSION COOKIE, IF ANY
$cookie_val = isset($_COOKIE['PHPSESSID']) ? $_COOKIE['PHPSESSID'] : NULL;;
var_dump($cookie_val);

// PUT UP LINKS TO BOTH SUBDOMAINS
echo '<br>';
echo '<a href="http://iconoun.com/demo/temp_rgb192.php">iconoun.com</a>' . PHP_EOL;
echo '<br>';
echo '<a href="http://www.iconoun.com/demo/temp_rgb192.php">www.iconoun.com</a>' . PHP_EOL;

Open in new window

Here is an old demo script that I used to set a session cookie so it worked across subdomains.  Note that it's not correct for domains like xyz.co.uk, so handle with care.

<?php // RAY_session_cookie_domain.php
/* *
 * QUESTION: WHEN CLIENTS VISIT MY SITE SOMETIMES THEY USE www.mysite.org
 * BUT SOMETIMES THEY USE mysite.org WITHOUT THE WWW.  HOW CAN I HANDLE
 * THE SESSION ISSUES THAT ARISE FROM THIS?
 *
 * ANSWER: ONE WAY IS TO REWRITE THE URL TO REMOVE THE SUBDOMAIN IF IT
 * IS WWW.  FOR EXAMPLE:
 *
 *     Options +FollowSymlinks
 *     RewriteEngine on
 *     RewriteCond %{http_host} ^www\.example\.org [NC]
 *     RewriteRule ^(.*)$ http://example.org/$1 [R=301,NC]
 *
 * ANOTHER WAY IS TO MODIFY THE SESSION COOKIE SO IT WORKS ACROSS ALL OF
 * YOUR SUBDOMAINS.  YOUR CHOICE WILL LARGELY DEPEND ON THE WAY YOU WANT
 * TO HANDLE OTHER SUBDOMAINS (OTHER THAN WWW).
 */

// DEMONSTRATE HOW TO START SESSIONS THAT WORK IN DIFFERENT SUBDOMAINS PHP 5.2+
error_reporting(E_ALL);


// MAKE THE SESSION COOKIE AVAILABLE TO ALL SUBDOMAINS
// MAKE A DOMAIN NAME THAT OMITS WWW OR OTHER SUBDOMAINS
// BREAK THE HOST NAME APART AT THE DOTS
$x = explode('.', strtolower($_SERVER["HTTP_HOST"]));
$y = count($x);
// POSSIBLY 'localhost'
if ($y == 1)
{
    $host = $x[0];
}
// MAYBE SOMETHING LIKE 'www2.atf70.whitehouse.gov'
else
{
    // USE A DOT PLUS THE LAST TWO POSITIONS TO MAKE THE HOST DOMAIN NAME
    $host
    = '.'
    . $x[$y-2]
    . '.'
    . $x[$y-1]
    ;
}

// START THE SESSION AND SET THE COOKIE FOR ALL SUBDOMAINS
$sess_name = session_name();
if (session_start())
{
    // MAN PAGE http://php.net/manual/en/function.setcookie.php
    setcookie
     ( $sess_name
     , session_id()
     , NULL                // THIS IS WHERE YOU CAN SET THE TIME
     , DIRECTORY_SEPARATOR
     , $host
     , FALSE
     , TRUE
     )
     ;
}


// PROVE THAT THE COOKIE WORKS IN MULTIPLE DOMAINS
// LOAD UP SOME INFORMATION TO SHOW SESSION CONTENTS
$_SESSION["cheese"] = "Cheddar";
if (!isset($_SESSION["count"])) $_SESSION["count"] = 0;
$_SESSION["count"] ++;


// PUT UP TWO LINKS WITH DIFFERENT SUBDOMAINS
// STRIP OFF THE DOT THAT WAS NEEDED FOR SETCOOKIE
$gost = ltrim($host,'.');
$dmn_link = 'http://'    . $gost . '/RAY_dump_session.php'; // var_dump() SCRIPT
$www_link = 'http://www' . $host . '/RAY_dump_session.php';

echo "<br/>Click these links to get a new window and see the _SESSION and _COOKIE arrays" . PHP_EOL;
echo "<br/><a target=\"_blank\" href=\"$www_link\">$www_link</a>" . PHP_EOL;
echo "<br/><a target=\"_blank\" href=\"$dmn_link\">$dmn_link</a>" . PHP_EOL;


// SHOW WHAT IS IN COOKIE AND IN $_SESSION
echo "<pre>";
echo "COOKIE ";
var_dump($_COOKIE);
echo PHP_EOL . PHP_EOL;
echo "SESSION ";
var_dump($_SESSION);
echo "</pre>";

// CREATE A FORM TO UPDATE THE COOKIE
$form = <<<ENDFORM
<form method="post">
<input type="submit" value="CLICK ME" />
</form>
ENDFORM;
echo $form;

Open in new window

0
 

Author Comment

by:rgb192
ID: 39872016
question1:
I have not tried the code yet because when I write 'url change' i think you are coding for subdomain.  I mean 'url change'  as 'different query string'.  Is your code for 'different query string on same domain, subdomain'


question2:
Would adding session_start() work for different query strings on same domain, subdomain
0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 39872041
Here is a URL:

http://domain.com?q=XYZ

Here is a different URL:

http://domain.com?q=ABC

Are you telling us that you can log in, use the first URL, and then when you attempt to visit the second URL you are prompted to log in again?
0
 

Author Comment

by:rgb192
ID: 39872123
Here is a URL:

http://domain.com?q=XYZ

Here is a different URL:

http://domain.com?q=ABC

Are you telling us that you can log in, use the first URL, and then when you attempt to visit the second URL you are prompted to log in again?

Correct.  (on godaddy lamp shared server, but not hostgator lamp shared, wamp or nusphere php ide)
0
 
LVL 59

Assisted Solution

by:Julian Hansen
Julian Hansen earned 1000 total points
ID: 39872527
In the context of sessions those URL's are identical. The query string is irrelevant.

Is there a time delay between accessing the one URL and the next - is it possible the session timeout at GoDaddy is set lower than at hostgator?
0
 
LVL 111

Expert Comment

by:Ray Paseur
ID: 39873060
Even as poor a host as GoDaddy should be able to get that right, and if your exact same scripts work correctly on HostGator but fail on GoDaddy, then the problem almost certainly lies with something at GoDaddy.  Perhaps there is a difference in the content of a data base?  Or perhaps there is a difference in the configuration settings?  Let's try to make progress by dealing with specifics instead of speculating.  

1. Please reduce this problem to the SSCCE, so we can move forward.  

2. Please post the exact URL of the SSCCE script that illustrates the failure.  

3. Please post the PHP source code of the SSCCE script.  You can obscure authentication details like passwords, but please post the entire script line-for-line so we can see all of the logic that is in play.

4. Please install this little informational script and post a link to it (you can take it down later, but for now we need to see the configuration options).

<?php phpinfo();

Open in new window

0
 

Author Comment

by:rgb192
ID: 39881146
Is there a time delay between accessing the one URL and the next - is it possible the session timeout at GoDaddy is set lower than at hostgator?

I think 1 second or less.  So I think answer is no.
0
 
LVL 111

Assisted Solution

by:Ray Paseur
Ray Paseur earned 500 total points
ID: 39881170
Yeah, 1 second is no time at all.  I was thinking about 15 or 20 minutes.  Let's have a look at the SSCCE.  Thanks, ~Ray
0
 

Author Closing Comment

by:rgb192
ID: 39917987
no minutes time delay, session_start() is at the top of every page

I need to do some server configuration because I think I am using an old solution because I now know more about sessions because I am learning from a session tutorial

thanks
0

Featured Post

Important Lessons on Recovering from Petya

In their most recent webinar, Skyport Systems explores ways to isolate and protect critical databases to keep the core of your company safe from harm.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

I imagine that there are some, like me, who require a way of getting currency exchange rates for implementation in web project from time to time, so I thought I would share a solution that I have developed for this purpose. It turns out that Yaho…
There are times when I have encountered the need to decompress a response from a PHP request. This is how it's done, but you must have control of the request and you can set the Accept-Encoding header.
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…

722 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question