Hello All,
I have been racking my head over a problem where a large percentage of users
are unable to log into my php site due to what seems to be a problem with
setting php session variables on certain end user browsers (certain versions
of AOL seem to be particularly problematic). Below are some snippets of code
that are used to do the authentication/ login.
Has anyone encountered the same problem and if so do you have a solution?
The only solution I can think of is to pass the session using PHPSESSION in
the URL however I would like to avoid this if at all possible as it involves
a major re-write of the code (as session variables are used elsewhere in the
session) and if I am not mistaken if a user accesses a non-php page then the
session is lost requiring them to log in again.
Currently the following code is used to check whether a user is logged in:
<?php
$notAuthenticated = !isset($HTTP_SESSION_VARS['authenticatedUser']);
$notLoginIp = isset($HTTP_SESSION_VARS['loginIpAddress']) &&
($HTTP_SESSION_VARS['loginIpAddress'] != $_SERVER["REMOTE_ADDR"]);
if ($notAuthenticated || $notLoginIp) {
if (!session_is_registered("targetURL"))
session_register("targetURL");
$HTTP_SESSION_VARS['targetURL'] = $_SERVER["REQUEST_URI"];
header("Location: /smartbid/php/Login.php");
}
?>
And in Login.php after doing a check on the username and password the
following session variables are set:
session_start();
session_register("authenticatedUser");
$HTTP_SESSION_VARS['authenticatedUser'] = $userId;
session_register("loginIpAddress");
$HTTP_SESSION_VARS['loginIpAddress'] = $_SERVER["REMOTE_ADDR"];
It is the setting of the above session variables in Login.php that appears
to be failing for some browsers resulting in users using these browsers
continually being redirected to the Login page when the above check to see
if they are logged in is done.
Any help that could be supplied would be greatly appreciated.
Thank you.
Regards,
Andy
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
