Posted by harvey on 05/15/07 15:14

In article <3fednelwTe4PENTbnZ2dnUVZ_rCsnZ2d@comcast.com>,
jstucklex@attglobal.net says...
> whitefael@gmail.com wrote:
> > This was driving me crazy, but I've finally figured out what is
> > happening, but I'm not sure why. I had to implement some extra
> > security for a web site that has added a blog (Textpattern). Sorry I
> > can't give the address out because the site is a prototype and I've
> > signed a non-disclosure agreement. I would type in the URL
> > example.com, I would enter my user name and password, and browse the
> > site. When I clicked on the blog link it took me to the main blog
> > page, but clicking any of the other links to blog articles wouldn't
> > work. After using the LiveHTTPHeaders plugin for Firefox, I saw that
> > the PHPSESSID was changing every time I accessed the blog. However it
> > worked on other computers no problem. Come to find out if I entered
> > the URL with www.example.com (notice the www) everything worked
> > perfectly and the sessions never reset. I think Textpattern is calling
> > a page called css.php using the entire URL www.example.com which is
> > causing the session reset if I started browsing the site using the URL
> > example.com.
> >
> > Is

This is somewhat disturbing.

Given that this happens - how do you prevent it causing a problem - IE
how can you force this discrepancy to correct itself so the user session
always remains safe?

[Back to original message]