Page 1 of 1

session lost when using www.

Posted: Fri Aug 10, 2012 12:21 am
by Thunderbob
Not sure what is going on but I have been having issues with automatically logging out when "www." is used in the header.

when I log into the site such as www.blahblah.com ..

then my session is working as long as "www." is in the header..

If the header is changed to blahblah.com then the session goes bye bye.

Any tips?

Re: session lost when using www.

Posted: Fri Aug 10, 2012 10:31 am
by bowersbros

Re: session lost when using www.

Posted: Sun Aug 12, 2012 12:25 am
by jacek
That's something I have never even though about ! Luckily I usually redirect the www. to the non www.

Re: session lost when using www.

Posted: Sun Aug 12, 2012 6:18 am
by Helx
I had this issue when I was obsessed with subdomains. :3

I would have the user login to something like 'login.website.net' then redirect them to 'website.net'. I face-palmed so hard when I found out that PHP's $_SESSION only worked with that domain.

For example, 'www' is an extension of 'website.net' (thats why subdomains wont work with http://www.login.website.net, and why 'www' and website.net have to be 2 different domains in 'A' records) therefore, PHP's security pops in and only assigns sessions to that one domain. It would be hectic otherwise.

If you want to have a session for all subdomains on your website, you are not going to get a decent result. I found that the best way (other than just to keep users on one domain) was to use cookies.

An example of a multi-domain cookie:
[syntax=php]<?php
// Do all the authentication first, then if its correct:
setcookie("Login", $username, time()+3600, "/", "website.net", 1);
?>[/syntax]
"Login" is the cookie name. This should be something complicated (my opinion)

"$username" is the... Username... Can be accessed like a session: $_COOKIE["Login"]; (if the cookies name was "Login")

"time()+3600" is the expiration time. In this case, 1 hour.

"/" is the directory the cookie will be available on, "/" means ALL directories. "/stuff/" will only be valid on "website.net/stuff/"

"website.net" is the domain that it will be available on. Since this is the root domain, it will be available on higher levels, like "login.website.net". If you wanted to be silly, putting ".net" will make the cookie available on ALL domains that have ".net"

"1" means httponly, A.K.A. if you had http:// instead of https:// then you leave it 1. Otherwise, make it 0.

This is the way I use cookies, so please, if there is anything in-secure about this... be sure to let me know :)

Re: session lost when using www.

Posted: Tue Aug 14, 2012 2:07 pm
by sevvlor
Or what about just redirecting the domain.com to www.domain.com?
I believe this is recommended for the SEO, correct me if I'm wrong.

you can combine this with the fix as told by Abcedea.

This is how I do it.
[syntax=php]if (!strstr($_SERVER['HTTP_HOST'], 'www.')) {
header ('HTTP/1.1 301 Moved Permanently');
header("Location: http://www.industrialgaming.net".$_SERVER['REQUEST_URI']);
exit;
}[/syntax]