[PHP] sessions broken when redirected?

2001-03-29 Thread elists 

I've searched the archives and relevant web sites to no avail, so as a 
last resort I'm turning to this knowledgeable group of people.

I'm working to set up a user authentication system using native PHP 4 
sessions on a box running Apache, mod_perl, mod_ssl, PHP (the lastest), 
etc.

PHP was compiled with the following options:

'./configure' '--with-sybase-ct=/usr/local/freetds' 
'--with-config-file-path=/usr/local/lib' '--with-
apache=../apache_1.3.19' '--enable-track-vars' '--enable-memory-
limit=yes'

Here's the problem:
The browser is redirected by Apache (in the current setup, which for 
other reasons won't be changed) from a URL like 
http://somebody.com/foo/bar to a URL like https://somebody.com/bar.

I have had no luck getting sessions, session ids, HTTP_POST_VARS, etc to 
successfully survive the redirect when the user moves between pages in 
the site. (passing variables through the url works, but we need 
something more secure than that).

My feeling is that I'm missing something obvious. Cookies are enabled 
and working. I can start sessions and store variables, but only within 
one page. Once the user goes through a redirect (to the same server), 
everything is lost. It doesn't _seem_ like this should be a limitation 
of PHP, but maybe it is.

Can anyone help clarify this?

Thanks,
Andrew Elliston


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP] sessions broken when redirected?

2001-03-29 Thread Jon Rosenberg 

I don't know 100 for sure, but I believe since it is going to an https
link, it considers it a new domain(or something) and that's why the sessions
aren't persisting.  The same thing happens if you redirect from say
www.domain.com to www2.domain.com.  I odn't know any way around it, except
encoding, passing in URL and decoding on the other side.

jon


- Original Message -
From: [EMAIL PROTECTED]
To: "Php-General@Lists. Php. Net" [EMAIL PROTECTED]
Sent: Thursday, March 29, 2001 2:57 PM
Subject: [PHP] sessions broken when redirected?


 I've searched the archives and relevant web sites to no avail, so as a
 last resort I'm turning to this knowledgeable group of people.

 I'm working to set up a user authentication system using native PHP 4
 sessions on a box running Apache, mod_perl, mod_ssl, PHP (the lastest),
 etc.

 PHP was compiled with the following options:

 './configure' '--with-sybase-ct=/usr/local/freetds'
 '--with-config-file-path=/usr/local/lib' '--with-
 apache=../apache_1.3.19' '--enable-track-vars' '--enable-memory-
 limit=yes'

 Here's the problem:
 The browser is redirected by Apache (in the current setup, which for
 other reasons won't be changed) from a URL like
 http://somebody.com/foo/bar to a URL like https://somebody.com/bar.

 I have had no luck getting sessions, session ids, HTTP_POST_VARS, etc to
 successfully survive the redirect when the user moves between pages in
 the site. (passing variables through the url works, but we need
 something more secure than that).

 My feeling is that I'm missing something obvious. Cookies are enabled
 and working. I can start sessions and store variables, but only within
 one page. Once the user goes through a redirect (to the same server),
 everything is lost. It doesn't _seem_ like this should be a limitation
 of PHP, but maybe it is.

 Can anyone help clarify this?

 Thanks,
 Andrew Elliston


 --
 PHP General Mailing List (http://www.php.net/)
 To unsubscribe, e-mail: [EMAIL PROTECTED]
 For additional commands, e-mail: [EMAIL PROTECTED]
 To contact the list administrators, e-mail: [EMAIL PROTECTED]



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP] sessions broken when redirected?

2001-03-29 Thread KPortsmout 

Hi Andrew,

I`m not sure if switching from http to https will count as a *new* domain, 
but here is a link to some information which may solve your problem. 

http://phpbuilder.com/columns/chriskings20001128.php3

HTH 
Ade

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]

Re: [PHP] sessions broken when redirected?

2001-03-29 Thread Derek Sivers 

I had this same problem and it constantly broke our whole site.
So I tried a different approach and this has been working great:

Instead of ? header ("Location: sometoherpage.php"); ?

Consider:  ? include "someotherpage.php"; ?

It works flawlessly, always, and maintains your session.

Because my site ( a shopping cart/store ) is so dependent on sessions, I 
stopped using redirects and "Location: " functions entirely.

We just use ? include "..." ? now and all sessions work 
wonderfully.  Even without cookies, etc.




-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]