I am having two domain urls for my online store:
example1.com for admin,
and example2.com for front end.
My CI project on both the URLs access the same database.
So, the problem now is when I stay in the admin side, everything works fine. But if I visit the front end site once and then come back to admin url and reload, then my session is destroyed and I have to login again.
If any one can explain me why the session is being destroyed.
So, I want a solution here to access the same database in different urls in codeigniter with out destroying the session.
In the CI application config file, make 'sess_use_database' to true, so that session will store in database, which makes session intact on different domains.
Related
This might be a silly question but I am learning web development and reached at cookies now. I read about cookies and got the basic understanding of cookies and how to create them and retrieve them. what I do not understand is:
Do we need to create a cookie for each webpage for example in my website i have 5 pages so should i place the cookie only in index page and set the path "/" and it will work for all the pages.
To store the information retrieved via cookie for further analysis should I create a database to store each cookie data.
Do we need to create a cookie for each webpage for example in my
website i have 5 pages so should i place the cookie only in index page
and set the path "/" and it will work for all the pages.
No need to create multiple cookies. You can access same cookie across your webpages, if setting it at root.
To store the information retrieved via cookie for further analysis
should I create a database to store each cookie data.
Why ? It will be stored in user's machine. And why do you want to store it in database. All the user's information will be available in your same database.
The path variable on a cookie simply marks access.
You're assumption about only setting the / is correct if you want that cookie visible throughout all your pages.
If you want to restrict access to that cookie say to an admin page then setting the path to /admin would be fine here.
i have make a web application where only pre register user can login and use user dashboard and logout.
for example this application run on php-mysql(cpanel)
"www.example.com/system/index.php"
But i want
if their is two pre register user like 1. user1(subdomain : sys1.user1.com) 2. user2(subdomain : sys2.user2.com) pre register user with their pre register subdomain and this subdomain point to "www.example.com/system/index.php".
for both two user have different option in their dashboard some different page and also some similar option similar design same login logout page. user1 cannot access any things of user2 vice versa. under user1 and user2 their are also subuser a/c with some less option that upper user.
Okay, here is what i think you need.First session that are accessible from all the three domains.
Here is something for that
session_set_cookie_params(0, '/', '.your-domain.com');
session_start();
Now your session data would be shared across all your subdomains. Next, and i am simplifying this step because i noticed you wrote CPanel you need common session path for all subdomains. That is already done because by default session uses file to store session data. If you scale to multiple servers, make sure your session data is stored in some database server and accessible to all of the subdomains.
Now you need to differentiate between which subdomain did the user came from. For that it is simple add a flag variable in login system to both to write the subdomain in php session. Example
<?php
if (user.login($username,$password)) {
$_SESSION["authenticated"] = True;
$_SESSION["authSource"] = $_SERVER['HTTP_HOST'];
}
?>
the method user.login is only for representation and not any actual method. You can change it according to your codes.
So in conclusion the first part of the code segment will share session cookies across all subdomains of your domain. and the second part will set a flag on $_SESSION on which subdomain did the authentication occur from.
I have a website and a CMS panel located in sub-directory in the website. In the CMS panel I have session variables in which I write the username, level access etc.
The problem is that in the website I need to have user registration and login. When I try to log in the website, the two sessions are ovewritting each other and the end result is that the website session doesn't change(the user can't log in) and the CMS session receives the variables from the website session.
I searched the problem and saw someone suggesting that the two session should be named and therefore separated. I have session name on the website's session, but when I tried to name the second one I got server error.
The other thing that I saw was that the website's session is new with every page refresh, and this doesn't happen in the other one.
I don't have session_destroy or session_unset(regarding the session refresh problem).
What can be the problem and how to fix it?
EDIT
Maybe "ovewritting" is not the correct word. When I try to log in from the website nothing happens. When I try to log in the CMS I have the CMS session array AND the website's session array. I want them to be separated.
I'm making a CMS using CodeIgniter. I'm using modules to separate the admin part of the site from the normal site. I make use of session to store some data, this is working great but i got 1 problem.
When i login in the Admin panel it makes a session so I know I’m logged in. When I go to the normal site and return to admin and refresh my page I’m logged out. It seems like when I go to the normal site it first clears the session or it overwrite the old session. I think this comes because of the session name used by CodeIgniter.
now my question :p
Is it possible to set different session names for the admin module and the normal site?
I hope I have made myself clear
Best practice if you handle session with db in CI
yes it's possible please use seperate session for both and on logout unset seperate session what session you want to unset.
like you create session for front:-
$this->session->set_userdata('user_account_login',$data);
on logout you need :-
$this->session->unset_userdata('user_account_login');
same for admin but in different var :-
$this->session->set_userdata('admin_account_login',$data);
on logout you need :-
$this->session->unset_userdata('admin_account_login');
I have secured pages that all check for a set session variable to determine logged in users, pretty standard stuff. Where I run into problems is when I submit form information to a backend page that will process that data and then redirect to a success/failure confirmation page. In that time the session gets lost, at least the session with the variable. The session is still around because I can manually navigate to a secured page after and it works. Just auto redirects from a backend page to a secured page or a link on one of the unsecured pages after a redirect from the backend will fail. It may or may not be related, but after visiting multiple secured pages or doing one of the operations that use the problematic backend pages, there are two session cookies on my computer from the domain-- one registered to domain.com and the other to www.domain.com. At the end of my wits about this, thanks.
I see two problems here, but they're related.
The first is that you seem to be bouncing between secured (https://) and un-secured (http://) pages. Cookies aren't supposed to be shared between those, so that's why your session appears to break (PHP sets a cookie with the session ID).
The other is closely related and that is sharing between domain.com and www.domain.com. Cookies can share in one direction, but not the other. Don't worry about which: just pick one hostname and stick with it. Then check that you're setting the session's cookie domain to the correct one.
You must call session_start() from your PHP page before you output anything, preferably at the start of the page.
If the session has been already created, it will resume it for that page.
http://php.net/manual/en/function.session-start.php