$_SESSION not working across domain

Question

68thorby68 4 Junior Poster in Training

10 Years Ago

I have an issue with $_SESSION global across a single domian, on my local machine, running PHP 5.1 build 2600

I'm creating a session in the domain root.

$first_name='martin';
$second_name='thorburn';
$login_array=array("first_namet"=>$first, "second_name"=>$second);
$_SESSION['login']=$login_array;

When I run print_r($_SESSION['login']); in the root, I get the expected response "Array ( [first_name] => martin [second-name] => Thorburn )

However, when I run the same print_r($_SESSION['login']); in any sub-folder I get an error Notice: Undefined index: login in subfolder\test.php on line 3.

I have ensured that session_start() is the first line of code in every file, and I ensured all my links and redirects go to the same WWW DOMAIN

Additionally when I run phpinfo() the following is set:

session.cookie_domain   //local value= /     master value= /
session.cookie_path //local value= /         master value= /
session.save_path  //local value= localdrive\htdocs\session master value= localdrive\htdocs\session\ (this is outside of the root).

Can anyone help me with a configuration that will allow the session to be used in any sub-folder from which it was created?

Many thanks for your help.

apache php php.ini session token

2 Contributors
3 Replies
384 Views
18 Hours Discussion Span
Latest Post 10 Years Ago Latest Post by 68thorby68

All 3 Replies

richieking 44 Master Poster

10 Years Ago

very strange. can you show your code?

Edited 10 Years Ago by richieking

Reply to this topic

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.

68thorby68 4 Junior Poster in Training · Answer 1 · 2013-07-08T23:32:24+00:00

Many thanks forlooking at this for me. It's been driving me crazy.

Please note, the root domain on my local server for this project is stabiliser

so my server looks like:

/ htdocs -a subfolder of Apache
/session/ -a subfolder of htdocs. This is where the session token is stored
/stabiliser -a subfolder of htdocs. The root for this project
/config -Sub folder of stabiliser for css, js, etc
/user -sub folder of stabiliser for user files & functions
/agent -sub folder of stabiliser for the agent files
/images -sub folder of stabiliser for the images....and so on.
/other/ -a subfolder of htdocs. The root for another project

I have a couple of process in other files that link to the code below, but all the other processes do is validate the data format in case my javascript validator is not allowed in the browser (i.e. if strlen> or < etc, and check for multiple account with the same email address (a user can have three accounts with the same email) and determine which account the user wants to authenticate against.

Once most of the data formatting is complete, we get to this point, the exciting bit.

<?PHP
session_start();
require_once('config/functions/connect.php');
require_once('config/functions/functions.php');
$functions= new functions;
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>Login</title>
</head>
<body>
<?PHP
$user_number=$_POST['user_number'];
$password=md5($_POST['password']);
$user_get=mysql_query("SELECT email, password, suspend, confirm FROM user_account WHERE user_number='$user_number'");
if(!$user_get)
    {
        $err_no=27;
        $err_msg = $functions->getErr($err_no);
        $msg=$err_msg."user_number - ".$user_number." - ";
        $err_report = $functions->putLog($msg);
        echo "<script language='javascript'>";
        echo "document.location.href='/stabiliser/user_landing.php?err=27'";
        echo "</script>";
        die();
    }
    else
    {
        $user_result=mysql_fetch_array($user_get);
        $username=$user_result['email'];
        $db_password=$user_result['password'];
        $suspend=$user_result['suspend'];
        $confirm=$user_result['confirm'];

        //ensure user account is not suspended
        if($suspend=='1')
        {
            $err_no=1004;
            $err_msg = $functions->getErr($err_no);
            $msg=$err_msg." - ".$username." - ";
            $err_report = $functions->putLog($msg);
            echo "<script language='javascript'>";
            echo "document.location.href='/stabiliser/index.php?err=1004'";
            echo "</script>";
            die();
        }
        else
        {

//confirm user account has been validated
            if($confirm!='confirmed')
            {
                $err_no=1005;
                $err_msg = $functions->getErr($err_no);
                $msg=$err_msg." - ".$username." - ";
                $err_report = $functions->putLog($msg);
                echo "<script language='javascript'>";
                echo "document.location.href='/stabiliser/user/user_landing.php?err=1005'";
                echo "</script>";
                die();
            }
            else
            {
                //Make sure the passwords match
                if($db_password!=$password)
                {
                    $err_no=1003;
                    $err_msg = $functions->getErr($err_no);
                    $msg=$err_msg." - ".$username." - ";
                    $err_report = $functions->putLog($msg);
                    echo "<script language='javascript'>";
                    echo "document.location.href='/stabiliser/user/user_landing.php?err=1003'";
                    echo "</script>";
                    die();
                }
                else
                {
                    //Write to log the user is logging in

                    $err_no=1002;
                    $err_msg = $functions->getErr($err_no);
                    $msg=$err_msg." - ".$username." - ";
                    $err_report = $functions->putLog($msg);

                    //ensure no login other login sessions have been started since the login process has bee initiated
                    unset($_SESSION['login']);


                    //Call the functions to get the session data in the form of an array

                    //$login_array=$functions->createLoginSess($username);

//****BELOW THE SESSION DATA FUNCTION createLoginSess . I moved it to run inline in case there the require_once, or return array  was causing some kind of conflict

                    $login_get=mysql_query("SELECT user_number, user_type, title, fname, lname, telephone, email FROM user_account WHERE email='$username'");
            if(!$login_get)
            {
                $err_no=1009;
                $err_msg = $functions->getErr($err_no);
                $msg=$err_msg." - ".$username." - ";
                $err_report = $functions->putLog($msg);
                echo "<script language='javascript'>";
                echo "document.location.href='/stabiliser/index.php?err=1004'";
                echo "</script>";
                die();
            }
            $login_result=mysql_fetch_array($login_get);
            $user_number=$login_result['user_number'];
            $user_type=$login_result['user_type'];
            $title=$login_result['title'];
            $first_name=$login_result['fname'];
            $last_name=$login_result['lname'];
            if($user_type=='admin'||$user_type=='agent')
            {
                $agency_get1=mysql_query("SELECT agency_number FROM user_agency_agent WHERE user_number='$user_number'");
                if(!$agency_get1)
                {
                    $err_no=1010;
                    $err_msg = $functions->getErr($err_no);
                    $msg=$err_msg." - ".$username." - ";
                    $err_report = $functions->putLog($msg);
                    echo "<script language='javascript'>";
                    echo "document.location.href='/stabiliser/index.php?err=1004'";
                    echo "</script>";
                    die();
                }
                $agency_result1=mysql_fetch_array($agency_get1);
                $agency_number=$agency_result1['agency_number'];
                $agency_get2=mysql_query("SELECT company FROM agent_account WHERE admin_user='$user_number'");
                if(!$agency_get1)
                {
                    $err_no=1011;
                    $err_msg = $functions->getErr($err_no);
                    $msg=$err_msg." - ".$username." - ";
                    $err_report = $functions->putLog($msg);
                    echo "<script language='javascript'>";
                    echo "document.location.href='/stabiliser/index.php?err=1004'";
                    echo "</script>";
                    die();
                }
                $agency_result2=mysql_fetch_array($agency_get2);
                $company=$agency_result2['company'];
                $login_array = array("user_number"=>$user_number, "user_type"=>$user_type, "title"=>$title, "first_name"=>$first_name, "last_name"=>$last_name, "company"=>$company);
                //return $login_array;
            }
            else
            {
                $login_array = array("user_number"=>$user_number, "user_type"=>$user_type, "title"=>$title, "first_name"=>$first_name, "last_name"=>$last_name);
                //return $login_array;

            }
            //***** END OF THE createLoginSess FUNCTION ******************** 


                    $_SESSION['login']=$login_array;

                    print_r($_SESSION['login']);

                    /*echo "<script language='javascript'>";
                    echo "document.location.href='/stabiliser/index.php'";
                    echo "</script>";                            
                    die();*/
                }                       
            }
        }
    }
?>
</body>
</html>

Once the above script is complete I run two identical files. One called roottest.php (located in the root) and the other usertest.php, located in the user folder.

<?PHP
    session_start();
    ?>
    <!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
    <html xmlns="http://www.w3.org/1999/xhtml">
    <head>
    <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
    <title>Login</title>
    </head>
    <body>
    <?PHP
    print_r($_SESSION['login']);
    ?>
    </body>
    </html>

roottest.php always echo's the array
usertest always reposts error index login cannot be found

Again many thanks, I hope this helps.
If you have any ideas I greatfully accept them.

68thorby68 4 Junior Poster in Training · Answer 2 · 2013-07-09T11:55:22+00:00

OK...I'm getting some where. I think I've now determined the issue is NOT with PHP or Apache, but with Google Chrome. I've changed all my redirects to a full URL "http://localhost/blablabla" to remove any suggestion of domian switching (www.blablabla.com) to (blablabla.com).

I then tested the above script with roottest.php and usertest.php in IE and firefox and all seems OK. I will now try and find if anyone else has experienced a similar issue with google chrome.

$_SESSION not working across domain

Recommended Answers Collapse Answers

All 3 Replies

Recommended Answers