Domain Redirect - loses session variables

Re: Domain Redirect - loses session variables

oops - sorry it is not working on my computer. I think I logged in from the
main site and the session variables got set. I just tested again and it is
acting the same way.


Vic

Re: Domain Redirect - loses session variables

Do you have session_start() at the beginning of every page that uses
session variables?

--
Bradley Holt <bradley.holt@g mail.com>

Re: Domain Redirect - loses session variables

Bradley,

Yes I do ...

The entire app works fine if started from the main site. However, when
started from a domain that does a redirect then it fails to keep the session
variables.

Vic
"Bradley Holt" <Bradley.Holt@g mail.com> wrote in message
news:1128820436 .724954.112900@ g47g2000cwa.goo glegroups.com.. .[color=blue]
> Do you have session_start() at the beginning of every page that uses
> session variables?
>
> --
> Bradley Holt <bradley.holt@g mail.com>
> http://www.gtalkprofile.com/profile/2.html
>[/color]

Re: Domain Redirect - loses session variables

Vic Spainhower wrote:[color=blue]
> Bradley,
>
> Yes I do ...
>
> The entire app works fine if started from the main site. However, when
> started from a domain that does a redirect then it fails to keep the session
> variables.
>
> Vic
> "Bradley Holt" <Bradley.Holt@g mail.com> wrote in message
> news:1128820436 .724954.112900@ g47g2000cwa.goo glegroups.com.. .
>[color=green]
>>Do you have session_start() at the beginning of every page that uses
>>session variables?
>>
>>--
>>Bradley Holt <bradley.holt@g mail.com>
>>http://www.gtalkprofile.com/profile/2.html
>>[/color]
>
>
>[/color]

Vic,

Sessions can't be used across multiple domains.

--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attgl obal.net
=============== ===

Re: Domain Redirect - loses session variables

>I just purchased a new domain name and I've set it up as a redirect to a[color=blue]
>folder on my main site. What is happening is the index.php page checks a
>session variable to see if the user is logged on and if not it displays a
>login screen. However, after loggin in it just keeps coming back to the
>login screen because the session variables are getting lost.[/color]

Cookies set in one domain are *SUPPOSED* to get lost (or at least not
be sent to) a site in another domain. It's a security feature. It's
also not clear whether that's what you are doing or not.
[color=blue]
>I inserted "session_write_ close()" prior to the header("Locatio n:
>Index.PHP)[/color]

Aren't redirects supposed to use ABSOLUTE (full path) URLs?
[color=blue]
>and it now is working on my developement computer but on 2 other
>computers it is still just coming back to the login screen.[/color]

Gordon L. Burditt

Re: Domain Redirect - loses session variables

[color=blue]
> Sessions can't be used across multiple domains.[/color]

Thanks Jerry - not really what I wanted to hear though!


Vic

Re: Domain Redirect - loses session variables

On Sat, 8 Oct 2005 20:56:41 -0700, "Vic Spainhower" <vic@showsec.co m> wrote:
[color=blue][color=green]
>> Sessions can't be used across multiple domains.[/color]
>
>Thanks Jerry - not really what I wanted to hear though![/color]

If you want this to work, you'd need a method of migrating the session data
from one domain to the other through some shared data storage.

For example, save all session data to a database accessible by both domains,
mark this with a unique identifier, and pass that ID as a parameter across to
the other domain in the redirect.

Start a new session on the new domain, and populate it with data from the ID
passed, read from the shared database.
--
Andy Hassall :: andy@andyh.co.u k :: http://www.andyh.co.uk
http://www.andyhsoftware.co.uk/space :: disk and FTP usage analysis tool

Re: Domain Redirect - loses session variables

> If you want this to work, you'd need a method of migrating the session[color=blue]
> data
> from one domain to the other through some shared data storage.[/color]

Thanks Andy, I think I'll just move the entire application to the new domain
name. I was just trying to not have to do this. This will also provide me a
test environment for the app so it's probably worthwhile.

Vic



"Andy Hassall" <andy@andyh.co. uk> wrote in message
news:il4ik1pimm lp33opvbt1ltvgm le5l7knnk@4ax.c om...[color=blue]
> On Sat, 8 Oct 2005 20:56:41 -0700, "Vic Spainhower" <vic@showsec.co m>
> wrote:
>[color=green][color=darkred]
>>> Sessions can't be used across multiple domains.[/color]
>>
>>Thanks Jerry - not really what I wanted to hear though![/color]
>
> If you want this to work, you'd need a method of migrating the session
> data
> from one domain to the other through some shared data storage.
>
> For example, save all session data to a database accessible by both
> domains,
> mark this with a unique identifier, and pass that ID as a parameter across
> to
> the other domain in the redirect.
>
> Start a new session on the new domain, and populate it with data from the
> ID
> passed, read from the shared database.
> --
> Andy Hassall :: andy@andyh.co.u k :: http://www.andyh.co.uk
> http://www.andyhsoftware.co.uk/space :: disk and FTP usage analysis tool[/color]

Re: Domain Redirect - loses session variables

Andy Hassall wrote:[color=blue]
> If you want this to work, you'd need a method of migrating the session data
> from one domain to the other through some shared data storage.[/color]

I think you might have misunderstood the situation described by the OP.
He said he had purchased a new domain name. Presumbly, the name points
to the same machine. Unless the web server is set up to have different
session save-path per virtual host, session data are shared by default.
In any event, I believe you can override the save-path with ini_set().

The problem here is that cookies--hence session ids--don't travel
across domains. So you need to manually sync the cookies of the two
domains. One way to do this is to do a round-trip redirection at the
very beginning. From domain_1, redirect to a page on domain_2 with the
session id passed on the URL. This page calls session_id($_GE T['SID'])
and session_start() , then redirect back to the original page in
domain_1. Now both domains will use the same session id. A simpler way
is to use an invisible inner frame to initialize the cookie in
domain_2.

All this is very confusing of course. Unless there a real reason to use
multiple domain names it'd be easier to just redirect all requests to
one name, possibly with the help of Apache rewrite.

Re: Domain Redirect - loses session variables

On 9 Oct 2005 10:40:11 -0700, "Chung Leong" <chernyshevsky@ hotmail.com> wrote:
[color=blue]
>Andy Hassall wrote:[color=green]
>> If you want this to work, you'd need a method of migrating the session data
>> from one domain to the other through some shared data storage.[/color]
>
>I think you might have misunderstood the situation described by the OP.
>He said he had purchased a new domain name. Presumbly, the name points
>to the same machine. Unless the web server is set up to have different
>session save-path per virtual host, session data are shared by default.
>In any event, I believe you can override the save-path with ini_set().[/color]

In that case he already has the shared data storage.
[color=blue]
>The problem here is that cookies--hence session ids--don't travel
>across domains. So you need to manually sync the cookies of the two
>domains. One way to do this is to do a round-trip redirection at the
>very beginning. From domain_1, redirect to a page on domain_2 with the
>session id passed on the URL. This page calls session_id($_GE T['SID'])
>and session_start() , then redirect back to the original page in
>domain_1. Now both domains will use the same session id. A simpler way
>is to use an invisible inner frame to initialize the cookie in
>domain_2.[/color]

Since the shared data storage is the same PHP session data area, then this is
essentially just a simpler case of what I said - the unique ID passed to get at
the shared data is already the session ID.
--
Andy Hassall :: andy@andyh.co.u k :: http://www.andyh.co.uk
http://www.andyhsoftware.co.uk/space :: disk and FTP usage analysis tool

Re: Domain Redirect - loses session variables

I purchased this Domain from DirectNic and they have the option to redirect
with no frame which works like a charm. What it does is put the redirected
address in the address bar so it appears to be coming from the same domain
name. Session variables are saved and it works great! Don't have to make
any changes to the app.


Vic



"Andy Hassall" <andy@andyh.co. uk> wrote in message
news:piqik11kbk sse3ci0a29og051 5jhgabfir@4ax.c om...[color=blue]
> On 9 Oct 2005 10:40:11 -0700, "Chung Leong" <chernyshevsky@ hotmail.com>
> wrote:
>[color=green]
>>Andy Hassall wrote:[color=darkred]
>>> If you want this to work, you'd need a method of migrating the session
>>> data
>>> from one domain to the other through some shared data storage.[/color]
>>
>>I think you might have misunderstood the situation described by the OP.
>>He said he had purchased a new domain name. Presumbly, the name points
>>to the same machine. Unless the web server is set up to have different
>>session save-path per virtual host, session data are shared by default.
>>In any event, I believe you can override the save-path with ini_set().[/color]
>
> In that case he already has the shared data storage.
>[color=green]
>>The problem here is that cookies--hence session ids--don't travel
>>across domains. So you need to manually sync the cookies of the two
>>domains. One way to do this is to do a round-trip redirection at the
>>very beginning. From domain_1, redirect to a page on domain_2 with the
>>session id passed on the URL. This page calls session_id($_GE T['SID'])
>>and session_start() , then redirect back to the original page in
>>domain_1. Now both domains will use the same session id. A simpler way
>>is to use an invisible inner frame to initialize the cookie in
>>domain_2.[/color]
>
> Since the shared data storage is the same PHP session data area, then this
> is
> essentially just a simpler case of what I said - the unique ID passed to
> get at
> the shared data is already the session ID.
> --
> Andy Hassall :: andy@andyh.co.u k :: http://www.andyh.co.uk
> http://www.andyhsoftware.co.uk/space :: disk and FTP usage analysis tool[/color]