p dont think wrote:
Cause Of My Problem: The URL hostname does not change at any point in the process. I was able to trace SM execution from the top all the way to the session_start() call. (That was when I realized that the session cookie should have been set at the login page itself, not merely afterward, and then I was able to quickly solve my problem.) The session cookie domain field was never set within the code that I could tell, and arrived to the browser blank; therefore the browser discarded it under the "originating server only" rule. There is no config.php option to set the cookie domain either, at least not that I saw, so the only thing that will set it other than the code itself is php.ini or the Apache configuration. (My only guess as to why the "key" and "squirrelmail_language" cookies did have a domain field set is because they are created via a setcookie() call, not a session_start() call. These calls might use separate cookie logic under the covers. Or maybe there is some subtle config problem with my PHP 4.3.5?) Since I'm running a virtual host environment, setting the session cookie domain in php.ini won't do for me; I had to choose between php_admin_value verbs in each Apache <VirtualHost> record, or add a single line of code that I believe should have been there all along. I think it only makes sense that the domain of the session cookie should equal $domain from the config/config.php file unless the administrator says otherwise. (I even have code in config_local.php to set the $domain variable dynamically, and this design works well for me.) So yeah, it is strange that only the session cookie had no domain field for me, but it wasn't because of a changing hostname, and adding a sensible line of code fixes everything. Maybe my configuration, being unusual, exposes some idiosyncracies (I dare not use the "B" word) in the PHP internals. -- Will Berry Co-founder, Second Brain website hosting http://www.secondbrainhosting.com/ |
