[PHP] sessions broken when redirected?
I've searched the archives and relevant web sites to no avail, so as a last resort I'm turning to this knowledgeable group of people. I'm working to set up a user authentication system using native PHP 4 sessions on a box running Apache, mod_perl, mod_ssl, PHP (the lastest), etc. PHP was compiled with the following options: './configure' '--with-sybase-ct=/usr/local/freetds' '--with-config-file-path=/usr/local/lib' '--with- apache=../apache_1.3.19' '--enable-track-vars' '--enable-memory- limit=yes' Here's the problem: The browser is redirected by Apache (in the current setup, which for other reasons won't be changed) from a URL like http://somebody.com/foo/bar to a URL like https://somebody.com/bar. I have had no luck getting sessions, session ids, HTTP_POST_VARS, etc to successfully survive the redirect when the user moves between pages in the site. (passing variables through the url works, but we need something more secure than that). My feeling is that I'm missing something obvious. Cookies are enabled and working. I can start sessions and store variables, but only within one page. Once the user goes through a redirect (to the same server), everything is lost. It doesn't _seem_ like this should be a limitation of PHP, but maybe it is. Can anyone help clarify this? Thanks, Andrew Elliston -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] sessions broken when redirected?
I don't know 100 for sure, but I believe since it is going to an https link, it considers it a new domain(or something) and that's why the sessions aren't persisting. The same thing happens if you redirect from say www.domain.com to www2.domain.com. I odn't know any way around it, except encoding, passing in URL and decoding on the other side. jon - Original Message - From: [EMAIL PROTECTED] To: "Php-General@Lists. Php. Net" [EMAIL PROTECTED] Sent: Thursday, March 29, 2001 2:57 PM Subject: [PHP] sessions broken when redirected? I've searched the archives and relevant web sites to no avail, so as a last resort I'm turning to this knowledgeable group of people. I'm working to set up a user authentication system using native PHP 4 sessions on a box running Apache, mod_perl, mod_ssl, PHP (the lastest), etc. PHP was compiled with the following options: './configure' '--with-sybase-ct=/usr/local/freetds' '--with-config-file-path=/usr/local/lib' '--with- apache=../apache_1.3.19' '--enable-track-vars' '--enable-memory- limit=yes' Here's the problem: The browser is redirected by Apache (in the current setup, which for other reasons won't be changed) from a URL like http://somebody.com/foo/bar to a URL like https://somebody.com/bar. I have had no luck getting sessions, session ids, HTTP_POST_VARS, etc to successfully survive the redirect when the user moves between pages in the site. (passing variables through the url works, but we need something more secure than that). My feeling is that I'm missing something obvious. Cookies are enabled and working. I can start sessions and store variables, but only within one page. Once the user goes through a redirect (to the same server), everything is lost. It doesn't _seem_ like this should be a limitation of PHP, but maybe it is. Can anyone help clarify this? Thanks, Andrew Elliston -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] sessions broken when redirected?
Hi Andrew, I`m not sure if switching from http to https will count as a *new* domain, but here is a link to some information which may solve your problem. http://phpbuilder.com/columns/chriskings20001128.php3 HTH Ade -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] sessions broken when redirected?
I had this same problem and it constantly broke our whole site. So I tried a different approach and this has been working great: Instead of ? header ("Location: sometoherpage.php"); ? Consider: ? include "someotherpage.php"; ? It works flawlessly, always, and maintains your session. Because my site ( a shopping cart/store ) is so dependent on sessions, I stopped using redirects and "Location: " functions entirely. We just use ? include "..." ? now and all sessions work wonderfully. Even without cookies, etc. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]