|
|
Posted by Jerry Stuckle on 05/16/07 16:02
harvey wrote:
> In article <3fednelwTe4PENTbnZ2dnUVZ_rCsnZ2d@comcast.com>,
> jstucklex@attglobal.net says...
>> whitefael@gmail.com wrote:
>>> This was driving me crazy, but I've finally figured out what is
>>> happening, but I'm not sure why. I had to implement some extra
>>> security for a web site that has added a blog (Textpattern). Sorry I
>>> can't give the address out because the site is a prototype and I've
>>> signed a non-disclosure agreement. I would type in the URL
>>> example.com, I would enter my user name and password, and browse the
>>> site. When I clicked on the blog link it took me to the main blog
>>> page, but clicking any of the other links to blog articles wouldn't
>>> work. After using the LiveHTTPHeaders plugin for Firefox, I saw that
>>> the PHPSESSID was changing every time I accessed the blog. However it
>>> worked on other computers no problem. Come to find out if I entered
>>> the URL with www.example.com (notice the www) everything worked
>>> perfectly and the sessions never reset. I think Textpattern is calling
>>> a page called css.php using the entire URL www.example.com which is
>>> causing the session reset if I started browsing the site using the URL
>>> example.com.
>>>
>>> Is
>
> This is somewhat disturbing.
>
> Given that this happens - how do you prevent it causing a problem - IE
> how can you force this discrepancy to correct itself so the user session
> always remains safe?
Harvey,
I've never had to do it myself, but I understand you can change the
domain name for session cookies in your php.ini file, i.e.
session.cookie_domain = .example.com
To have the cookie available for all domains you must have the leading
period.
As I said - I haven't tried it, because I haven't had the problem. But
it might be your fix.
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================
Navigation:
[Reply to this message]
|