I have a vbulletin forum. which is located in www.myDomain.com/Forum
I have another in www.myDomain.com/OtherSite/app
I want my Forum logged in users to be identified the other site.
The forum's cookies session path is on the main Domain path /var/www/myDomain
On my site I use
chdir(FORUM_DIR);
include './global.php';
$arr = $vbulletin->userinfo;
to get the session.
The thing is this - It works. I get the users data etc...
and then, it stops working for no apparent reason after a few page loads.
In my view, a possible reason is that I use the code (listed above) twice in my page load... Could this be it?
edit:
more code untile the sesion include, As requested.
edit2:
thanks #VladTeodorescuI have changed all the include to include_once, but stil the same symptoms, the user data is displayed and then, after 15 mins of using, the session "goes away".. (I have checked the forum site, the user is still logged in there)
ini_set('display_errors',1);
error_reporting(E_ALL);
// CONSTS
//PATHS
define('MAIN_DIR', dirname(dirname(dirname(__DIR__))));
define('APP_NAME', 'GoldSig');
define('CLASS_DIR', MAIN_DIR .'/class');
define('APP_DIR', MAIN_DIR.'/'.APP_NAME.'/app');
define('FORUM_DIR', MAIN_DIR.'/Forum');
define('CHAT_DIR', APP_DIR.'/chat');
//commands and trades tables names
define('T_COMMAND', 'commands');
include_once CLASS_DIR . '/Services/Helper/Files.php';
include_once CLASS_DIR . '/Services/Login/Authorize.php';
if (!Authorize::IsLocalhost()){
chdir(FORUM_DIR);
include_once './global.php';
$arr = $vbulletin->userinfo;
}
I was trying to access my domain from myDomain.com/GoldSig/app
and the session's data is stored in www.myDomain.com/GoldSig/app
I get redirected automatically to myDomain.com/GoldSig/app in FF , though..
hard part is over ..
Related
For some strange reason I get different session ids on two pages.
Let me illustrate the problem:
I have a webshop where a user can go to a checkout page, click the order button. This will open a payment link to a payment provider I use, this provider checks a script on my domain which is called exchange.php
If the status is 100 (success) the script redirects to another page on my domain called upload.php (rewritten to mysite.nl/voltooien with some parameters, full example: https://www.mysite.nl/voltooien?orderId=1697612595X0e3ce&orderStatusId=100&paymentSessionId=1697612595
For some reason on this upload.php page my user session ($_SESSION['user']) is gone, the user is logged out, but when I keep another tab open on a different page, for example the account page and refresh this page after completing an order, I stay logged in. The user session is active.
If I then go back to upload.php en refresh it's still gone. So I tried echoeing the session ids like this: echo session_id(); in the header file which is included on both pages. And both show a different session id.
On upload.php: 0320c6c27e2d3b8138bde40dcca61443 and on account.php : bd1b6d9e4d21f19a87d5b13343eb99c4
Shouldn't they be the same? They are both on the same domain, nowhere do I unset the user session or destroy the entire session.
What can be causing this? I went overkill with session_start(); to make sure this was not the issue and added it to all files that are included at the top but still have the same issue.
The code at the top of upload.php:
<?PHP
session_start();
require_once $_SERVER['DOCUMENT_ROOT']."/phpMailer/class.phpmailer.php";
require_once $_SERVER['DOCUMENT_ROOT']."/phpMailer/Exception.php";
use PHPMailer\PHPMailer\PHPMailer;
use PHPMailer\PHPMailer\Exception;
$productmenu = 'false';
$page = 'order_done';
$title = 'Bedankt voor je bestelling!';
if ($_GET['orderStatusId'] == '100') {
unset($_SESSION['producten']);
unset($_SESSION['kortingscode']);
}
require_once $_SERVER['DOCUMENT_ROOT'].'/includes/header.php';
// Clear empty session values
unset($_SESSION['producten']['']);
echo session_id();
?>
The code at the top of my header.php which includes a connection file with session_start(); , I also tried adding it to the top of this file with no success. This file is included first at the top of my account page:
<?PHP
date_default_timezone_set("Europe/Amsterdam");
require_once $_SERVER['DOCUMENT_ROOT'].'/includes/connection.php';
require_once $_SERVER['DOCUMENT_ROOT'].'/includes/connection_studio.php';
require_once $_SERVER['DOCUMENT_ROOT'].'/includes/connection_extern.php';
$conn = new Connection;
include $_SERVER['DOCUMENT_ROOT'].'/catalog/lastorder.php';
include $_SERVER['DOCUMENT_ROOT'].'/includes/createdesignfavarray.php';
And in my exchange.php file which also has session_start(); at the top, the only thing I do with sessions is unsetting a different product session and coupon session like this:
// Empty product session
unset($_SESSION['producten']);
unset($_SESSION['kortingscode']);
I don't do anything with the user session here.
No clue what is causing this. Can it be something is bugged or something in my hosting needs to be changed?
I just want to ask for solution, first..is it bad having two sites with same purpose?
So this is the problem, I have two folder that contain the same site structure. I have two team, 1st it's for local researcher and the 2nd it's for international researcher. And I only got one domain, so they not confusing accessing their admin panel. The differences is only by folder name, such as domain_name/folder1 and /folder2. But the things that make me worried is if there are some user trying to change the name folder, for example researcher 1 is giving access to /folder1 but if he change his folder into /folder2 then he can log-in without his/her username and password.
I tried destroy with cookies, but the menu on admin panel cannot be accessed, it turn back on admin panel login. Here's my destroy cookies code:
if (isset( $_COOKIE[session_name()] ) )
setcookie( session_name(), “”, time()-3600, “/” );
$_SESSION = array();
session_destroy();
I tried this also:
session_start();
session_destroy();
header('location:index.php');
But nothing worked, same problem. Any suggestion?
Thank you...
I am considering that you are using same database for both folder users...if yes...then just add one column in database like "registered_user" containing values either local-researcher or international-researcher
now in folder1(local researcher) you can add php code to check...
e.g.
$user = mysql_fetch_array(mysql_query("select * from users where id=".$_SESSION['user_id']));
if ($user['registered_user'] != "local-researcher"){
header (location:index.php);
exit; // Added by Martin, ALWAYS exit (or die) the PHP script once you use
// a header location redirection.
}else{
?>
//Your local researcher page contents...
.
.
.
<?}?>
same vice versa for folder2....
I've already posted something similar to this, but I redesigned the entire system. Instead of the original system I've created a separate sub domain for accounts. I'm having issues getting any variables from my named session. I'm attempting to transfer user information accross sub domains for login purposes, and tracking purposes. Anyways, here is the code.
Login Script
<?php
session_name('LoginSession');
session_set_cookie_params(0, '/', '.ueteribus.com');
session_start();
?>
That code is just the bit that tells the $_SESSION to be spread across all the domains. (Or at least it is supposed to) Anyways, the LoginSession name is where the problem comes in. If that is added in then I am unable to get anything to display using my calling scripts.
Currently I use
$_SESSION['USERNAME_ueteribus']
$_SESSION['PASSWORD_ueteribus']
$_SESSION['loginsession21']
Those are the main $SESSIONS that I use, and currently I am unable to get them displayed when giving the Cookies any specific name.
This is the current script I am using to call the actual $_SESSION by name.
<?php
session_name('LoginSession');
session_start();
echo $_SESSION['loginsession21'];
?>
That worked fine before I added the custom name for the $_SESSION.
Any help would be much appreciated as this issue has been plaguing me for a very long time, also.. When I actually head into the Cookies on my browser, I see LoginSession, but it is listed under the main domain. www.XXXX.com instead of account.xxxx.com.
No idea if that is normal or not, anyways.. Any additional information can be requested, and thank you for any assistance that you can provide.
NOTE: All the scripts and code listed above are saved on the account sub domain!
UPDATE:
I just tried this code and it still doesn't work.
<?php
session_name('LoginSession');
session_set_cookie_params(0, '/', '.ueteribus.com');
session_start();
echo $_SESSION['loginsession21'];
?>
Also I added this script to the top of each page.
<?php
session_set_cookie_params(0, '/', 'ueteribus.com');
session_start();
?>
My guess is that you're missing the session cookie config in your other (not Login Script) files. Just like session_name(), you need to call it on every request and before session_start() (despite what other commenters may believe).
<?php
session_name('LoginSession');
session_set_cookie_params(0, '/', '.ueteribus.com');
session_start();
// of course this line will only work if you've previously set the "loginsession21" key
echo $_SESSION['loginsession21'];
?>
Update
After making changes to either session name or cookie params, you'll need to clear out the old cookie from your browser.
You also need to make sure that the session is not started anywhere else in your code.
I would suggest moving all the session config stuff into a single file and include it at the top of every requestable page. Also remove any and all other calls to session_start().
<?php
// session_config.php
session_name('LoginSession');
session_set_cookie_params(0, '/', '.ueteribus.com');
session_start();
then, in some other script
<?php
// some_other_script.php
require_once __DIR__ . '/relative/path/to/session_config.php';
I've got a simple login system using PHP sessions, but just recently it seems that if you visit pages not in a certain directory (/login/) you will always be flagged as not logged in, even when you are. It seems that my session data is being lost when I change directories (say, to /login/user/).
I don't think I've touched the code myself since the problem appeared, is there something my web host could have done to my PHP installation that would delete the session data, and is there a workaround?
EDIT:
Inside each file that needs authorization, it loads a loginfunctions.php file which calls session_start() and checks the login. Files which work in /login and i copy and paste into /login/user stop working, even though i update all the relevant paths and links.
EDIT2:
Okay, some code.
In the actual pages that are giving me the error, this is the auth. code:
require_once("../../../includes/loginFunctions.php");
$login = new login;
$login->checkLogin(0);
Inside loginFunctions.php is this:
class login{
function checkLogin($requiredAccess){
session_start();
if($_SESSION['accesslevel'] < $requiredAccess || $_SESSION['logged_in'] != TRUE){
die("You don't have access to this area. If you should have access, please log in again. <a href='/login/'>Login</a>");
}
if (isset($_SESSION['HTTP_USER_AGENT'])){
if ($_SESSION['HTTP_USER_AGENT'] != md5($_SERVER['HTTP_USER_AGENT'])){
session_destroy();
die("Bad session. Please log in again. <a href='/login/'>Login</a> ");
}
} else {
$_SESSION['HTTP_USER_AGENT'] = md5($_SERVER['HTTP_USER_AGENT']);
}
if (!isset($_SESSION['initiated'])){
session_regenerate_id();
$_SESSION['initiated'] = true;
}
}
}
The $requiredAccess variable is the access level that you need to access this page, so if you have an accesslevel of 3 in the database you can view level 0, 1, 2 and 3 pages. This is specified when the function is called in the main page and is compared to the access level of the current user which is defined in $_SESSIONS when they log in.
I'm getting the error 'You don't have access to this area etc." when i try to access these pages. If i try to print the $_SESSION variables, nothing shows; they appear to be empty. However, if I move the file to the /login/ folder (one level up) and update the links, they work perfectly and all the variables print out fine. This makes me think the code is not the part that's not working, but some setting in my PHP install that has been changed without my notice.
maybe you aren't calling session_start() at the begging of pages not in /login/ ..?
I had a similar problem.
Check you don't have a php.ini file. Removing this sorted the problem out. Still looking ito exactly why. The php.ini file could even be blank and it would stop session data from carrying over to more than one directory...
It's possible that they changed the php.ini setting session.cookie_path.
You should call session-set-cookie-params before you call session_start and make sure you set the cookie path yourself. Set it to the highest level directory you want the session to be valid for. EG if you set it to /login it will be valid for /login and /login/user. If you want your session to be valid for the etire site set the path to be /
i had a similar issue. you may want to use:
<?
setcookie("TestCookie", $value, time()+3600, "/~rasmus/", ".example.com", 1); ?>
or something similar. i know cookie and session variables are a different desired solution, but this was able to clear up my issue.
See here for documentation
Make sure you have the same php.ini file in each directory that you want to access the session variables from.
This is why you shouldn't use directory to make false friendly URLs...
Don't forget to call session_start() every time you need the session.
I have a template file that contains all my header, footer and common information. It includes the appropriate content for the current page (two-step view pattern).
I am trying to set up a login system using PHP Session variables. I can set the variable and sometimes they work but sometimes they disappear. Clicking on links will sometimes make them come back.
My site
Login with
username: test
password: test
There are var_dumps of session_id and $_SESSION at the top.
Click on Home. If the session variables disappear click on home (might take as many as 10 times) to see the session information come back. Click on the other navigation and sometimes the session info sticks around and sometimes it doesn't.
Here is the session code at the top of my template file.
<?php
session_start();
require './classes/DBInterface.php';
$db = new DBInterface();
if($_REQUEST['submit'] == 'Login') {
$username=$_POST['username'];
$password=$_POST['password'];
echo '-- login -- '.$username;
$rs = $db->verify($username,$password,"admin",0);
$admin = $rs->current();
if ($rs->valid()) {
$_SESSION['username'] = $username;
}
}
echo ' -- session id -- ';
var_dump(session_id());
echo ' -- session var -- ';
var_dump($_SESSION);
I am using PHP5.
If you are using startlogic (seem you are ?) for your hosting, did you try doing what they say in their FAQ : http://www.startlogic.com/knowledgebase/read_article.bml?kbid=600
They indicate this :
To run PHP sessions, include the
following code at the top of any PHP
script that uses sessions:
session_save_path("your home directory
path"/cgi-bin/tmp); session_start();
Maybe this'll help ?
Especially if they are using some kind of load balancer, which balances /tmp, but not your home directory ?
If you are using a load-balanced setup, it could be that only 1 of the N servers has the correct session-data.
By default session-data is stored on the filesystem.
Per session a file is stored in /tmp/ and starts with "sess" followed by the session_id
You're absolutely positive there isn't anything ever being called prior to this? I know session_start() modifies the headers, and other than that, not sure why this isn't working.
Go ahead and turn on error reporting at the top of the script, right before the session_start() call, and see how that helps track this down:
error_reporting(E_ALL ^ E_NOTICE);
ini_set('display_errors',1);
session_start()