You are here: Re: session id changes in Textpattern based on URL « PHP Programming Language « IT news, forums, messages
Re: session id changes in Textpattern based on URL

Posted by Jerry Stuckle on 05/16/07 16:02

harvey wrote:
> In article <3fednelwTe4PENTbnZ2dnUVZ_rCsnZ2d@comcast.com>,
> jstucklex@attglobal.net says...
>> whitefael@gmail.com wrote:
>>> This was driving me crazy, but I've finally figured out what is
>>> happening, but I'm not sure why. I had to implement some extra
>>> security for a web site that has added a blog (Textpattern). Sorry I
>>> can't give the address out because the site is a prototype and I've
>>> signed a non-disclosure agreement. I would type in the URL
>>> example.com, I would enter my user name and password, and browse the
>>> site. When I clicked on the blog link it took me to the main blog
>>> page, but clicking any of the other links to blog articles wouldn't
>>> work. After using the LiveHTTPHeaders plugin for Firefox, I saw that
>>> the PHPSESSID was changing every time I accessed the blog. However it
>>> worked on other computers no problem. Come to find out if I entered
>>> the URL with www.example.com (notice the www) everything worked
>>> perfectly and the sessions never reset. I think Textpattern is calling
>>> a page called css.php using the entire URL www.example.com which is
>>> causing the session reset if I started browsing the site using the URL
>>> example.com.
>>>
>>> Is
>
> This is somewhat disturbing.
>
> Given that this happens - how do you prevent it causing a problem - IE
> how can you force this discrepancy to correct itself so the user session
> always remains safe?

Harvey,

I've never had to do it myself, but I understand you can change the
domain name for session cookies in your php.ini file, i.e.

session.cookie_domain = .example.com

To have the cookie available for all domains you must have the leading
period.

As I said - I haven't tried it, because I haven't had the problem. But
it might be your fix.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

 

Navigation:

[Reply to this message]


Удаленная работа для программистов  •  Как заработать на Google AdSense  •  England, UK  •  статьи на английском  •  PHP MySQL CMS Apache Oscommerce  •  Online Business Knowledge Base  •  DVD MP3 AVI MP4 players codecs conversion help
Home  •  Search  •  Site Map  •  Set as Homepage  •  Add to Favourites

Copyright © 2005-2006 Powered by Custom PHP Programming

Сайт изготовлен в Студии Валентина Петручека
изготовление и поддержка веб-сайтов, разработка программного обеспечения, поисковая оптимизация