Session wont work with www
Ok here is my problem: When a user logs into my site I put all their user info into a session like this
session_start();
//Put all user info into session cookie
$_SESSION["login"] = 'true';
$_SESSION["id"] = $user_info['id'];
$_SESSION["firstname"] = $user_info['firstname'];
$_SESSION["lastname"] = $user_info['lastname'];
$_SESSION["screen_name"] = $user_info['screen_name'];
$_SESSION["facebook"] = $user_info['facebook'];
$_SESSION["email"] = $user_info['email'];
$_SESSION["date_joined"] = $user_info['date_joined'];
$_SESSION["account_type"] = $user_info['account_type'];
$_SESSION["account_active"] = $user_info['account_active'];
$_SESSION["hashed_password"] = $user_info['hashed_password'];
The problem is if they logged in from www.domain.com and then end up on a page at domain.com or the other way around they login from domain.com and end up on a page at www.domain.com the info stored in the session is not available.
How can I have the session info available no matter if they logged in with www or not?
@ Mr. Grossman
Would it be proper to do something like this:
<?php
//Ok I modified the code so I don't get the undefined errors I was getting
//OLD CODE
//$currentCookieParams = session_get_cookie_params();
//$rootDomain = '.domain.com';
//session_set_cookie_params(
//$currentCookieParams["3600"],
//$currentCookieParams["/"],
//$rootDomain,
//$currentCookieParams["false"],
//$currentCookieParams["false"]
//);
//session_name('mysessionname');
//NEW CODE
$rootDomain = '.beckerfamily1.com';
session_set_cookie_params( 3600, '/', $rootDomain, false, false);
session_start();
if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > 2700)) {
// last request was more than 45 min ago
if(isset($_SESSION['id'])){
$connection = mysql_connect('localhost', '******', '*******');
if (!$connection){
die('Database connection failed: ' . mysql_error());
}
$db_select = mysql_select_db('beckerfamily');
if(!$db_select){
die('Could not select database: ' . mysql_error());
}
$query = "UPDATE users SET online='no' WHERE id='{$_SESSION['id']}' LIMIT 1";
$result = mysql_query($qu开发者_如何转开发ery);
if (!$result) {
die("Database query failed: " . mysql_error());
}
}
$_SESSION = array();
if(isset($_COOKIE[session_name()])) {
setcookie(session_name(), '', time()-42000, '/');
}
session_destroy(); // destroy session data in storage
session_unset(); // unset $_SESSION variable for the runtime
if(isset($connection)){
mysql_close($connection);
}
}
$_SESSION['LAST_ACTIVITY'] = time(); // update last activity time stamp
?>
Also is it necessary to have session_name('mysessionname'); or can I just omit that and PHP will set the session name on its own?
Cookies (like the PHPSESSID cookie) are only available on the domain they were set on. You can make the domain include all subdomains:
ini_set('session.cookie_domain', '.example.com' );
or if configuration does not allow you to override that,
$currentCookieParams = session_get_cookie_params();
$rootDomain = '.example.com';
session_set_cookie_params(
$currentCookieParams["lifetime"],
$currentCookieParams["path"],
$rootDomain,
$currentCookieParams["secure"],
$currentCookieParams["httponly"]
);
session_name('mysessionname');
session_start();
http://php.net/manual/en/function.session-set-cookie-params.php
Even better might be to choose whether you want your site accessed through www or not, and redirect all requests to the other.
I'm not sure what language you are using, but you need to change the "domain" property of your session cookie. If you set the cookie domain to "domain.com", it will be accessible on both "domain.com" and "www.domain.com".
加载中,请稍侯......
精彩评论