I have diagnosed a problem with sessions I am having. I'm don't believe
it's necessarily a PHP problem, but I thought someone must have seen
this before.
The first thing I do is a
session_start()
and then determine if (using session variables) whether the user has
logged in successfully using a password and their session has not timed
out (to some value I keep track of, not the php.ini variables). Anyway,
if I come in to my site using a fully qualified domain name such as
http://mysubsite.mycompany.com/index.php
and start a session and then have the user log in, I then pass them
along to:
http://mysubsite/index.php
internal to my organization (using the non-qualified domain name). But
this starts a different session than the one they came in as, so this
user now has two different sessions, the one that determined they needed
to log in on (using the fully qualified domain name) and the second
session that was started after they logged in (using the non-qualified
name).
I see this problem when you set your default browser 'home' page to be
http://mysubsite.mycompany.com/index.php
and attempt to use that. Every time you click on that (after you've
logged in initially and haven't timed out) you go immediately to a login
window since that session is still around and was never logged in.
If my default browser home page is:
http://mysubsite/index.php
you then get into the session that was started after you log in.
The reason I think this issue must have come up for someone before is
that almost all of my users should be able to use
http://mysubsite/index.php
BUT if you're coming in (from home for example), you need to come in as
http://mysubsite.mycompany.com/index.php for it to find my site.
Is there some way for a session to be registered to both?
mysubsite.mycompany.com (using the fully qualified domain name)
AND
mysubsite (using the non-fully qualified domain name)
Thanks,
Bruce
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php