|
|
Posted by Jerry Stuckle on 05/16/07 10:37
whitefael@gmail.com wrote:
> This was driving me crazy, but I've finally figured out what is
> happening, but I'm not sure why. I had to implement some extra
> security for a web site that has added a blog (Textpattern). Sorry I
> can't give the address out because the site is a prototype and I've
> signed a non-disclosure agreement. I would type in the URL
> example.com, I would enter my user name and password, and browse the
> site. When I clicked on the blog link it took me to the main blog
> page, but clicking any of the other links to blog articles wouldn't
> work. After using the LiveHTTPHeaders plugin for Firefox, I saw that
> the PHPSESSID was changing every time I accessed the blog. However it
> worked on other computers no problem. Come to find out if I entered
> the URL with www.example.com (notice the www) everything worked
> perfectly and the sessions never reset. I think Textpattern is calling
> a page called css.php using the entire URL www.example.com which is
> causing the session reset if I started browsing the site using the URL
> example.com.
>
> Is this typical for sessions? To check the session, I'm doing the
> following:
>
> session_start();
>
> if (!isset($_SESSION['valid_user'])) {
> die('Restricted access');
> }
>
> The books say this is the way to do it, but is it the best/right way
> to do it?
>
> Thanks!
>
I don't know about Textpattern - you should ask their support people.
But www.example.com is different than example.com, and the browser won't
send a cookie from one to the other.
But when you say "calls a pages called css.php" - what do you mean? Is
this a redirect? An include? A link?
As for testing - yes, this is one way. I don't use die(), but the
concept is the same.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================
Navigation:
[Reply to this message]
|