Sessions. From http:// to http://www.

Duskwalker

Hey there,

I haven't been here in awhile, but I'm back for alittle more help. I've had the biggest headaches over the past month with this.

I have the site going to thesite.com/ to thesite.com/help and they have the header included. So I used relative locations such as http://thesite.com/thispage.php instead of just thispage.php to prevent it from messing up when it is at thesite.com/help/

Hope I explained that right.

The thing is people login at www.thesite.com and the session ends when they go from a www.thesite.com to http://thesite.com/thispage.php

The session doesn't really end, it just becomes unavailable when they are on a page with [url]http://[/url] instead of http://www. if they logged in from http://www.

If they fix the URL in their address bar everything works again.

Regards.

rehfeld

the reason is because if they log in at a www.foo.com

the cookie domain paramter will be

www.foo.com

so the browser will only send that cookie if the url is exactly www.foo.com

same goes for if they log in on
foo.com

the browser would not send the cookie to pages a url named
www.foo.com

why? because they are essentially different domains, and the browser must play it safe

it doesnt know if your server is configured so that www.foo.com is the same as foo.com

for example, this is common
http://duskwalker.freewebhosting.com
http://rehfeld.freewebhosting.com

so the browser plays it safe so that, for example, if the user visited my site after yours, that i wouldnt be able to read the cookies set from your website.

www IS a legitimate subdomain, its just most servers are configured to make it seem like a useless prefix for convienece

you can inform the browser that its safe to send the cookie to the current domain, and all subdomains as well.

before calling session_start, you must call this


ini_set('session.cookie_domain', '.foo.com'); // notice the leading .