You are here: Re: session id changes in Textpattern based on URL « PHP Programming Language « IT news, forums, messages
Re: session id changes in Textpattern based on URL

Posted by Jerry Stuckle on 05/16/07 10:37

whitefael@gmail.com wrote:
> This was driving me crazy, but I've finally figured out what is
> happening, but I'm not sure why. I had to implement some extra
> security for a web site that has added a blog (Textpattern). Sorry I
> can't give the address out because the site is a prototype and I've
> signed a non-disclosure agreement. I would type in the URL
> example.com, I would enter my user name and password, and browse the
> site. When I clicked on the blog link it took me to the main blog
> page, but clicking any of the other links to blog articles wouldn't
> work. After using the LiveHTTPHeaders plugin for Firefox, I saw that
> the PHPSESSID was changing every time I accessed the blog. However it
> worked on other computers no problem. Come to find out if I entered
> the URL with www.example.com (notice the www) everything worked
> perfectly and the sessions never reset. I think Textpattern is calling
> a page called css.php using the entire URL www.example.com which is
> causing the session reset if I started browsing the site using the URL
> example.com.
>
> Is this typical for sessions? To check the session, I'm doing the
> following:
>
> session_start();
>
> if (!isset($_SESSION['valid_user'])) {
> die('Restricted access');
> }
>
> The books say this is the way to do it, but is it the best/right way
> to do it?
>
> Thanks!
>

I don't know about Textpattern - you should ask their support people.
But www.example.com is different than example.com, and the browser won't
send a cookie from one to the other.

But when you say "calls a pages called css.php" - what do you mean? Is
this a redirect? An include? A link?

As for testing - yes, this is one way. I don't use die(), but the
concept is the same.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

 

Navigation:

[Reply to this message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация