Posted by whitefael on 05/15/07 04:17

This was driving me crazy, but I've finally figured out what is
happening, but I'm not sure why. I had to implement some extra
security for a web site that has added a blog (Textpattern). Sorry I
can't give the address out because the site is a prototype and I've
signed a non-disclosure agreement. I would type in the URL
example.com, I would enter my user name and password, and browse the
site. When I clicked on the blog link it took me to the main blog
page, but clicking any of the other links to blog articles wouldn't
work. After using the LiveHTTPHeaders plugin for Firefox, I saw that
the PHPSESSID was changing every time I accessed the blog. However it
worked on other computers no problem. Come to find out if I entered
the URL with www.example.com (notice the www) everything worked
perfectly and the sessions never reset. I think Textpattern is calling
a page called css.php using the entire URL www.example.com which is
causing the session reset if I started browsing the site using the URL
example.com.

Is this typical for sessions? To check the session, I'm doing the
following:

session_start();

if (!isset($_SESSION['valid_user'])) {
die('Restricted access');
}

The books say this is the way to do it, but is it the best/right way
to do it?

Thanks!

[Back to original message]