List Fails on some computers - www missing in url

**Rik** · Mar 3 '07, 11:35 PM

Re: List Fails on some computers - www missing in url

On Sat, 03 Mar 2007 20:50:02 +0100, Vic Spainhower <vic@showsec.co mwrote:

Hello,
>
Can someone tell me why on some computers the following list will fail .
I
have a user reported that some of the links in the below list will fail
and
some will work. The ones that fail will have the www missing in the URL.
For
example when this particular computer will have the link as
http://mysite.com/entry_page.php instead of

Page Not Found - 404 Error Page

http://www.mysite.com/entry_page.php

>
This is only happening on 1 computer as far as I know and I sure can't
explain it. Hope you can!

Euhm, this is a HTML question. But i'd bet the user entered the site on
http://example.com instead of http://www.example.com. If one of the 2
doesn't work, I'd set a webserver-level redirect to the right domain.
--
Rik Wasmus

**zorro** · Mar 4 '07, 03:45 PM

Re: List Fails on some computers - www missing in url

On Mar 3, 8:50 pm, "Vic Spainhower" <v...@showsec.c omwrote:

Hello,
>
Can someone tell me why on some computers the following list will fail . I
have a user reported that some of the links in the below list will fail and
some will work. The ones that fail will have the www missing in the URL. For
example when this particular computer will have the link ashttp://mysite.com/entry_page.php instead ofhttp://www.mysite.com/entry_page.php
>
This is only happening on 1 computer as far as I know and I sure can't
explain it. Hope you can!
>
This you very much!
>
Vic
>
<div id="navcontaine r">
<ul id="navlist">
<li><a href="judges.ph p" >Judges</a></li>
<li><a href="entry_pag e.php" >Enter Horse</a></li>
<li><a href="fileuploa d.php?do=upload ">Show Schedule</a></li>
<li><a href="classes_l istdetail.php?d o=<?php echo $_SESSION['ShowID'];
?>">Class List</a></li>
<li><a href="showresul ts.php">Show Results</a></li>
<li><a href="myhorses. php">My Horses</a></li>
<li><a href="removesho w.php?remove=<? php echo $_SESSION['ShowID'];
?>">Remove Show</a></li>
</ul>
</div>

On Mar 3, 8:50 pm, "Vic Spainhower" <v...@showsec.c omwrote:

Hello,
>
Can someone tell me why on some computers the following list will fail . I
have a user reported that some of the links in the below list will fail and
some will work. The ones that fail will have the www missing in the URL. For
example when this particular computer will have the link ashttp://mysite.com/entry_page.php instead ofhttp://www.mysite.com/entry_page.php
>
This is only happening on 1 computer as far as I know and I sure can't
explain it. Hope you can!
>
This you very much!
>
Vic
>
<div id="navcontaine r">
<ul id="navlist">
<li><a href="judges.ph p" >Judges</a></li>
<li><a href="entry_pag e.php" >Enter Horse</a></li>
<li><a href="fileuploa d.php?do=upload ">Show Schedule</a></li>
<li><a href="classes_l istdetail.php?d o=<?php echo $_SESSION['ShowID'];
?>">Class List</a></li>
<li><a href="showresul ts.php">Show Results</a></li>
<li><a href="myhorses. php">My Horses</a></li>
<li><a href="removesho w.php?remove=<? php echo $_SESSION['ShowID'];
?>">Remove Show</a></li>
</ul>
</div>

Maybe the SESSION data is lost on 2nd domain :

If on http://mysite.com/page.php you do:
session_start() ;
$_SESSION['data']='something';

on http://www.mysite.com/page.php:
session_start() ;
$_SESSION['data'] might be nothing...

because cookie is different for
http://www.mysite.com and http://mysite.com

**paul** · Mar 5 '07, 10:55 PM

Re: List Fails on some computers - www missing in url

In article <1173022525.228 492.298190@p10g 2000cwp.googleg roups.com>,
myahact@yahoo.c a says...

>
because cookie is different for
http://www.mysite.com and http://mysite.com
>

It shouldn't be it's the same domain just addressed differently.
If PHP does that it's a bug that should be reported as critical.

Paul
--------------------
"It's better to burn out, than to fade away."
Highlander.

**Jerry Stuckle** · Mar 5 '07, 11:15 PM

Re: List Fails on some computers - www missing in url

paul wrote:

In article <1173022525.228 492.298190@p10g 2000cwp.googleg roups.com>,
myahact@yahoo.c a says...

>because cookie is different for
>http://www.mysite.com and http://mysite.com
>>

>
It shouldn't be it's the same domain just addressed differently.
If PHP does that it's a bug that should be reported as critical.
>
>
Paul
--------------------
"It's better to burn out, than to fade away."
Highlander.

Paul,

It's not PHP. It's how the browser and HTTP protocol work.

www.example.com is not the same as example.com. It may or may not be on
the same server. And if it were on a different server, there could be a
security exposure.

So the browser doesn't send a cookie stored by example.com to
www.example.com (or vice versa). There is nothing special about the www
identifier other than it is a convention.

The same would be true if you had xyz.example.com or
thisisanothersu bdomain.example .com.

P.S. When using example url's, use example.com, example.org, etc.
That's what they were set up for.

--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attgl obal.net
=============== ===

**paul** · Mar 5 '07, 11:45 PM

Re: List Fails on some computers - www missing in url

In article <R4udnVVI6J35PH HYnZ2dnUVZ_hadn Z2d@comcast.com >,
jstucklex@attgl obal.net says...

www.example.com is not the same as example.com. It may or may not be on
the same server. And if it were on a different server, there could be a
security exposure.
>

It is always the same domain. What server hardware is used is irrelevant.
An HTML request for www.thisdoman.com will always produce the same
resulting connection as thisdomain.com. The fact it may be on different
hardware is totally irrelevant.

Sessions identify domains not hardware.
Organisations register domain names not the hardware they run them on
or the server types they provide. And conventions exist because thats how
things work.

I say again. If that is indeed what happens then its a critical bug in
PHP and people all over the world will be scratching their heads
wondering why their secured by password connections frequently fail.

If this does happen I guess PHP could create 2 sessions for the same user
connection and that would be a security hazard as data that should exist
would simply vanish.

That is your real security exposure and it would indeed be caused by PHP
not HTML.

Paul

**Gordon Burditt** · Mar 6 '07, 01:25 AM

Re: List Fails on some computers - www missing in url

>www.example.com is not the same as example.com. It may or may not be on

>the same server. And if it were on a different server, there could be a
>security exposure.
>>

>It is always the same domain. What server hardware is used is irrelevant.
>An HTML request for www.thisdoman.com will always produce the same
>resulting connection as thisdomain.com.

False. And there is nothing in DNS that even requires both or neither
of www.example.com and example.com to exist and have an A record.

Apache also has features that allow the content served to depend on the
host name presented, and it's perfectly possible to have www.example.com
and example.com have different content. VERY often, they DO have
different content: one just sends a redirect to the other domain,
which is not the same thing.

>The fact it may be on different
>hardware is totally irrelevant.

The fact that it may have totally different content IS relevant.

>Sessions identify domains not hardware.

Have you noticed that www.microsoft.com and support.microso ft.com
have different content? They are in the same domain.

>Organisation s register domain names not the hardware they run them on
>or the server types they provide. And conventions exist because thats how
>things work.

Conventions about www being the web server are just that, conventions.
You cannot depend on no one violating them. Everyone drives on the right
hand side of the road, right? It's a convention. So there can't possibly
be anyone driving on the left ha....<splat>!

>I say again. If that is indeed what happens then its a critical bug in
>PHP and people all over the world will be scratching their heads
>wondering why their secured by password connections frequently fail.

Why would a "secured by password" connection randomly switch between
two domains?

I will also comment that if you think that this is a bug in PHP, you've
got a problem, because THERE IS NO CHANGE YOU CAN MAKE IN PHP TO FIX IT.
You have to change people's browsers.

>If this does happen I guess PHP could create 2 sessions for the same user
>connection and that would be a security hazard as data that should exist
>would simply vanish.

PHP has no way of realizing that it should not create 2 sessions for the
same user.

>That is your real security exposure and it would indeed be caused by PHP
>not HTML.

**Jerry Stuckle** · Mar 6 '07, 01:35 AM

Re: List Fails on some computers - www missing in url

paul wrote:

In article <R4udnVVI6J35PH HYnZ2dnUVZ_hadn Z2d@comcast.com >,
jstucklex@attgl obal.net says...

>www.example.com is not the same as example.com. It may or may not be on
>the same server. And if it were on a different server, there could be a
>security exposure.
>>

>
It is always the same domain. What server hardware is used is irrelevant.
An HTML request for www.thisdoman.com will always produce the same
resulting connection as thisdomain.com. The fact it may be on different
hardware is totally irrelevant.
>
Sessions identify domains not hardware.
Organisations register domain names not the hardware they run them on
or the server types they provide. And conventions exist because thats how
things work.
>
I say again. If that is indeed what happens then its a critical bug in
PHP and people all over the world will be scratching their heads
wondering why their secured by password connections frequently fail.
>
If this does happen I guess PHP could create 2 sessions for the same user
connection and that would be a security hazard as data that should exist
would simply vanish.
>
That is your real security exposure and it would indeed be caused by PHP
not HTML.
>
Paul
>
>

Paul,

That's what you don't get. www.example.com is NOT the same as example.com.

Whether or not it creates the same connection is immaterial. That is
below the HTTP protocol.

Yes, organizations register the domain. But www.example.com is NOT the
same as example.com which is not the same as ftp.example.com which is
not the same as xyz.example.com .

The HTTP protocol sees each of the above as a different server. And
browsers do not send cookies from one server to another.

Creating two sessions is not a security hazard - it is required by the
protocol. If you have any bitches, it's with the HTTP protocol, not PHP.

But good luck - every language (i.e. VBScript, Perl, Python, Java, etc.)
using the HTTP protocol and every browser (i.e. IE, Opera, Firefox,
Mozilla, etc.) works the same way. You need to change the protocol, not
complain about PHP.

--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attgl obal.net
=============== ===

**Vic Spainhower** · Mar 6 '07, 04:25 AM

Re: List Fails on some computers - www missing in url

>>www.example.com is not the same as example.com. It may or may not be on

>>the same server. And if it were on a different server, there could be a
>>security exposure.
>>>

I placed the following re-direct in index.php and it goes into a re-direct
loop. This would tell me they are in fact the same domain and a re-direct
will not solve the problem.

<meta http-equiv="REFRESH" content="2; URL=http://www.mysite.com" >

Vic

"Jerry Stuckle" <jstucklex@attg lobal.netwrote in message
news:Jv6dnSgFtc WwX3HYnZ2dnUVZ_ tGlnZ2d@comcast .com...

paul wrote:

>In article <R4udnVVI6J35PH HYnZ2dnUVZ_hadn Z2d@comcast.com >,
>jstucklex@attgl obal.net says...

>>www.example.com is not the same as example.com. It may or may not be on
>>the same server. And if it were on a different server, there could be a
>>security exposure.
>>>

>>
>It is always the same domain. What server hardware is used is irrelevant.
>An HTML request for www.thisdoman.com will always produce the same
>resulting connection as thisdomain.com. The fact it may be on different
>hardware is totally irrelevant.
>>
>Sessions identify domains not hardware.
>Organisation s register domain names not the hardware they run them on
>or the server types they provide. And conventions exist because thats how
>things work.
>>
>I say again. If that is indeed what happens then its a critical bug in
>PHP and people all over the world will be scratching their heads
>wondering why their secured by password connections frequently fail.
>>
>If this does happen I guess PHP could create 2 sessions for the same user
>connection and that would be a security hazard as data that should exist
>would simply vanish.
>>
>That is your real security exposure and it would indeed be caused by PHP
>not HTML. Paul

>
Paul,
>
That's what you don't get. www.example.com is NOT the same as
example.com.
>
Whether or not it creates the same connection is immaterial. That is
below the HTTP protocol.
>
Yes, organizations register the domain. But www.example.com is NOT the
same as example.com which is not the same as ftp.example.com which is not
the same as xyz.example.com .
>
The HTTP protocol sees each of the above as a different server. And
browsers do not send cookies from one server to another.
>
Creating two sessions is not a security hazard - it is required by the
protocol. If you have any bitches, it's with the HTTP protocol, not PHP.
>
But good luck - every language (i.e. VBScript, Perl, Python, Java, etc.)
using the HTTP protocol and every browser (i.e. IE, Opera, Firefox,
Mozilla, etc.) works the same way. You need to change the protocol, not
complain about PHP.
>
--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attgl obal.net
=============== ===

**Jerry Stuckle** · Mar 6 '07, 04:55 AM

Re: List Fails on some computers - www missing in url

Vic Spainhower wrote:

>>>www.example.com is not the same as example.com. It may or may not be on
>>>the same server. And if it were on a different server, there could be a
>>>security exposure.
>>>>

"Jerry Stuckle" <jstucklex@attg lobal.netwrote in message
news:Jv6dnSgFtc WwX3HYnZ2dnUVZ_ tGlnZ2d@comcast .com...

>paul wrote:

>>In article <R4udnVVI6J35PH HYnZ2dnUVZ_hadn Z2d@comcast.com >,
>>jstucklex@attgl obal.net says...
>>>www.example.com is not the same as example.com. It may or may not be on
>>>the same server. And if it were on a different server, there could be a
>>>security exposure.
>>>>
>>It is always the same domain. What server hardware is used is irrelevant.
>>An HTML request for www.thisdoman.com will always produce the same
>>resulting connection as thisdomain.com. The fact it may be on different
>>hardware is totally irrelevant.
>>>
>>Sessions identify domains not hardware.
>>Organisatio ns register domain names not the hardware they run them on
>>or the server types they provide. And conventions exist because thats how
>>things work.
>>>
>>I say again. If that is indeed what happens then its a critical bug in
>>PHP and people all over the world will be scratching their heads
>>wondering why their secured by password connections frequently fail.
>>>
>>If this does happen I guess PHP could create 2 sessions for the same user
>>connection and that would be a security hazard as data that should exist
>>would simply vanish.
>>>
>>That is your real security exposure and it would indeed be caused by PHP
>>not HTML. Paul

>Paul,
>>
>That's what you don't get. www.example.com is NOT the same as
>example.com.
>>
>Whether or not it creates the same connection is immaterial. That is
>below the HTTP protocol.
>>
>Yes, organizations register the domain. But www.example.com is NOT the
>same as example.com which is not the same as ftp.example.com which is not
>the same as xyz.example.com .
>>
>The HTTP protocol sees each of the above as a different server. And
>browsers do not send cookies from one server to another.
>>
>Creating two sessions is not a security hazard - it is required by the
>protocol. If you have any bitches, it's with the HTTP protocol, not PHP.
>>
>But good luck - every language (i.e. VBScript, Perl, Python, Java, etc.)
>using the HTTP protocol and every browser (i.e. IE, Opera, Firefox,
>Mozilla, etc.) works the same way. You need to change the protocol, not
>complain about PHP.
>>

>
>
I placed the following re-direct in index.php and it goes into a

re-direct

loop. This would tell me they are in fact the same domain and a

re-direct

will not solve the problem.
>
<meta http-equiv="REFRESH" content="2;

URL=http://www.mysite.com" >

>
Vic
>
>

(Top posting fixed)

It doesn't say anything about them being the same domain. All it says
is the same server is handling both requests.

You could be on www.example.com and redirect to www.example.org. If
they are the same host, you will also get the loop.

You will even get the same loop if example.com redirects to example.org
and example.org redirects to example.com (when they are on different
servers).

P.S. Please don't top post.

--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attgl obal.net
=============== ===

**Rik** · Mar 6 '07, 05:55 AM

Re: List Fails on some computers - www missing in url

Vic Spainhower <vic@showsec.co mwrote:

>>>www.example.com is not the same as example.com. It may or may not be
>>>on
>>>the same server. And if it were on a different server, there could
>>>be a
>>>security exposure.
>>>>
>>It is always the same domain. What server hardware is used is
>>irrelevant.
>>An HTML request for www.thisdoman.com will always produce the same
>>resulting connection as thisdomain.com.

No it will not, and I'm amazed you dare to state such a huge error as an
absolute truth.

I placed the following re-direct in index.php and it goes into a
re-direct
loop. This would tell me they are in fact the same domain and a re-direct
will not solve the problem.
>
<meta http-equiv="REFRESH" content="2;
URL=http://www.mysite.com" >

You have to check wether they're at the right domain offcourse. If it
resolves to the same directory, I'd either make _all_ links relative, or
I'd use mod_rewrite in apache for this:

RewriteEngine On
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ %{SERVER_PROTOC OL}://www.%{HTTP_HOST }/$1 [R,QSA]

--
Rik Wasmus
Posted on Usenet: any site claiming this as original content or me as an
contributing member is stealing content.
Ask Smart Questions: http://tinyurl.com/anel

**Vic Spainhower** · Mar 6 '07, 03:35 PM

Re: List Fails on some computers - www missing in url

You have to check wether they're at the right domain offcourse. If it
resolves to the same directory, I'd either make _all_ links relative, or
I'd use mod_rewrite in apache for this:

RewriteEngine On
RewriteCond %{HTTP_HOST} !^www\.
RewriteRule ^(.*)$ %{SERVER_PROTOC OL}://www.%{HTTP_HOST }/$1 [R,QSA]

--
Rik Wasmus

Thanks Rik,

This seems to have worked for me. However, I have to check with the user who
was having the problem and see if it works on his machine. Appreciate your
help.

if ($_SERVER["HTTP_HOST"] == 'mysite.com')
echo '<meta http-equiv="REFRESH" content="0; URL=http://www.mysite.com" >';
?>

Vic

Posted on Usenet: any site claiming this as original content or me as an
contributing member is stealing content.
Ask Smart Questions: http://tinyurl.com/anel

**zorro** · Mar 6 '07, 04:45 PM

Re: List Fails on some computers - www missing in url

On Mar 6, 12:30 am, paul<paul.mast. ..@dummy.comwro te:

If this does happen I guess PHP could create 2 sessions for the same user

That's exactly what happened to me just 2 weeks ago. I spent a whole
day debugging to find that I had a session cookie for example.com/
p.php and another for www.example.com/p.php. The browser of course
kept serving up the same page so it took me a long time to notice that
some links had www and others not. It was a Joomla site btw, and in
the admin panel the @@@@@@@ admin didn't put www in one of the links.

**Rik** · Mar 6 '07, 08:05 PM

Re: List Fails on some computers - www missing in url

Vic Spainhower <vic@showsec.co mwrote:

This seems to have worked for me. However, I have to check with the user
who
was having the problem and see if it works on his machine. Appreciate
your
help.
if ($_SERVER["HTTP_HOST"] == 'mysite.com')
echo '<meta http-equiv="REFRESH" content="0;
URL=http://www.mysite.com" >';
?>

When given the chance, alwyas opt for a HTTP header redirect instead of
meta and/or javascript redirect. They're much more reliable.

PS: Please don't quote signatures. Your reply looks rather odd in real
newsreaders.

--
Rik Wasmus
Posted on Usenet, not any forum you might see this in.
Ask Smart Questions: http://tinyurl.com/anel

**Jonathan N. Little** · Mar 7 '07, 04:25 AM

Re: List Fails on some computers - www missing in url

Vic Spainhower wrote:

>>>www.example.com is not the same as example.com. It may or may not be on
>>>the same server. And if it were on a different server, there could be a
>>>security exposure.
>>>>

>
I placed the following re-direct in index.php and it goes into a re-direct
loop. This would tell me they are in fact the same domain and a re-direct
will not solve the problem.
>
<meta http-equiv="REFRESH" content="2; URL=http://www.mysite.com" >
>

To Vic and Paul:

You do realize that 'mysite.com' *is* a real domain register to someone
and 'thisdomain.com ' is not register at this moment, but is a valid
domain name. In case you haven't figured it out yet, if you need to use
a domain name for your example you're are supposed to use:

example.com
example.net
example.org

and not use a valid domain that could be registered to someone...

--
Take care,

Jonathan
-------------------
LITTLE WORKS STUDIO

Little Works Studio Site Maintainance

http://www.LittleWorksStudio.com

List Fails on some computers - www missing in url

List Fails on some computers - www missing in url

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment

Comment