By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
448,563 Members | 1,205 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 448,563 IT Pros & Developers. It's quick & easy.

PHPSESSID problem

P: n/a
I have a page that contains just

<?php
session_start();
$_SESSION['test'] = 'HELLO';
$host = $_SERVER['HTTP_HOST'];
$uri = rtrim(dirname($_SERVER['PHP_SELF']), '/\\');
$extra = '../listings/store.php';
header("Location: http://$host$uri/$extra");
exit;
?>

store.php would then start with:

<?php
session_start();
echo($_SESSION['test']);
// and so on
?>
The purpose of the page is just to do a re-direct but is needed.

The problem I have is this:

If a user comes to my site with: www.mysite.com and then visits
the above re-direct script/page all is well and the page store.php can do

echo($_SESSION['test']); and get HELLO out.

BUT

If the user comes to the site with just mysite.com
PHP sets TWO PHPSESSID cookies : one for mysite.com and another for
www.mysite.com

This causes the $_SESSION['test'] variable to be lost.

Hard coding the re-direct page can't cure this for me.

Can anyone shed any light or help me prevent the second PHPSESSID from
losing the variable please?

thanks.

nigel.

Oct 9 '06 #1
Share this Question
Share on Google+
5 Replies


P: n/a

<ni*****@by.ukwrote in message
news:MP************************@news-text.blueyonder.co.uk...
>I have a page that contains just

<?php
session_start();
$_SESSION['test'] = 'HELLO';
$host = $_SERVER['HTTP_HOST'];
$uri = rtrim(dirname($_SERVER['PHP_SELF']), '/\\');
$extra = '../listings/store.php';
header("Location: http://$host$uri/$extra");
exit;
?>

store.php would then start with:

<?php
session_start();
echo($_SESSION['test']);
// and so on
?>
The purpose of the page is just to do a re-direct but is needed.

The problem I have is this:

If a user comes to my site with: www.mysite.com and then visits
the above re-direct script/page all is well and the page store.php can do

echo($_SESSION['test']); and get HELLO out.

BUT

If the user comes to the site with just mysite.com
PHP sets TWO PHPSESSID cookies : one for mysite.com and another for
www.mysite.com

This causes the $_SESSION['test'] variable to be lost.

Hard coding the re-direct page can't cure this for me.

Can anyone shed any light or help me prevent the second PHPSESSID from
losing the variable please?
You could always use a htaccess redirect to ensure that people who came to
yoursite.com would be redirected to www.yoursite.com

Oct 10 '06 #2

P: n/a
In article <eg**********@emma.aioe.org>, su****@flexiwebhost.com says...
>
<ni*****@by.ukwrote in message
news:MP************************@news-text.blueyonder.co.uk...
I have a page that contains just

<?php
session_start();
$_SESSION['test'] = 'HELLO';
$host = $_SERVER['HTTP_HOST'];
$uri = rtrim(dirname($_SERVER['PHP_SELF']), '/\\');
$extra = '../listings/store.php';
header("Location: http://$host$uri/$extra");
exit;
?>

store.php would then start with:

<?php
session_start();
echo($_SESSION['test']);
// and so on
?>
The purpose of the page is just to do a re-direct but is needed.

The problem I have is this:

If a user comes to my site with: www.mysite.com and then visits
the above re-direct script/page all is well and the page store.php can do

echo($_SESSION['test']); and get HELLO out.

BUT

If the user comes to the site with just mysite.com
PHP sets TWO PHPSESSID cookies : one for mysite.com and another for
www.mysite.com

This causes the $_SESSION['test'] variable to be lost.

Hard coding the re-direct page can't cure this for me.

Can anyone shed any light or help me prevent the second PHPSESSID from
losing the variable please?

You could always use a htaccess redirect to ensure that people who came to
yoursite.com would be redirected to www.yoursite.com
Thanks for the idea peter but that doesn't do it I'm afraid as I'd need
the redirect everywhere on the site.

This is turning into a worrying problem here. Fortunately we havn't
implemented passwords with PHP sessions! That would have been a disaster.

nigel.

Oct 10 '06 #3

P: n/a
Thanks for the idea peter but that doesn't do it I'm afraid as I'd need
the redirect everywhere on the site.

This is turning into a worrying problem here. Fortunately we havn't
implemented passwords with PHP sessions! That would have been a disaster.
you only need do it once in your root folder in a .htaccess file and it will
work for all pages.
Oct 10 '06 #4

P: n/a
In article <eg**********@emma.aioe.org>, su****@flexiwebhost.com says...
>
Thanks for the idea peter but that doesn't do it I'm afraid as I'd need
the redirect everywhere on the site.

This is turning into a worrying problem here. Fortunately we havn't
implemented passwords with PHP sessions! That would have been a disaster.

you only need do it once in your root folder in a .htaccess file and it will
work for all pages.
Not if people never go to that page peter. It would need to be in every
folder we have a web page in. According to the PHP docs this would
generate a massive performance and memory hit.

Oct 11 '06 #5

P: n/a
ni*****@by.uk wrote:
In article <eg**********@emma.aioe.org>, su****@flexiwebhost.com says...
>>>Thanks for the idea peter but that doesn't do it I'm afraid as I'd need
the redirect everywhere on the site.

This is turning into a worrying problem here. Fortunately we havn't
implemented passwords with PHP sessions! That would have been a disaster.

you only need do it once in your root folder in a .htaccess file and it will
work for all pages.

Not if people never go to that page peter. It would need to be in every
folder we have a web page in. According to the PHP docs this would
generate a massive performance and memory hit.
Incorrect.

Apache searches the current directory and all directories above it (up
to your document root). A .htaccess file in your root directory will
affect all pages in your site.

And it can be a slight performance hit, but unless you have a large
..htaccess file or your server is already way overloaded you shouldn't
notice any difference.

If that is still a concern to you just place it in your httpd.conf.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================
Oct 11 '06 #6

This discussion thread is closed

Replies have been disabled for this discussion.