Hello, Everyone,
I'm having some problem with the session handling in my code, it's kind of
hard to explain the whole problem but let me try.
I currently have a login page login.php which will take user input for
userid and passwd and check them against my backend PostgreSQL database,
after the password is verified I then open a session with

session_start();  <--  presumebly this will set a cookie with session_name
as the cookie name and session_id as the cookie value

then I redirect user to his/her own custome page (like my place or my site)
using "header("Location: https://www.domain.com/cgi/mysite?userid=$userid";)"
function call. in "mysite.php" script I will then open the session with the
session_name with

session_start();  <--presumebaly this will get the session opened previously
by login page.

This arrangement works correctly in the regular IE v5 and Netscape v4.72
without a problem, I can tell the session is being opened by login.pho page
and passed onto mysite.php page. However, it doesn't work in frameset/frame
setup at all, for example, if I put the whole login.php page which is
login.php under a frame within a frameset

<frame src="cgi/login.php" target="body">

The problem is that I can't get the same session previously opened in
login.php in mysite.php, mysite.php will start a different session if it
can't find previous opened session with session_name as "userid" as this is
the default behavior of session_start() function. So I assume that login.php
either didn't set the cookie or the cookie can't be read by mysite.php.

If it helps the situation, I also noticed that my SSL cerificate warning
page being prompt twice, the first time is when opening page login.php(it's
also under https), the second time is when opening mysite.php, I'm currently
using self-signed certificate so every time the https page opens up in a new
browser it will prompt you for whether or not accept the ceritificate).

I'm currently runing php v4.2.0 on a solaris 2.7 box with apache
v1.3.26/mod_ssl-2.8.10-1.3.26. If you need any more info to help me with it,
let me know.


PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Reply via email to