FRIHOSTFORUMSFAQTOSBLOGSDIRECTORY
You are invited to Log in or Register a Frihost Account!

session not working behind router

   Frihost Forum Index -> Scripting -> Php and MySQL
 


powers1983
I have a login script using sessions and it checks that a user is logged in at the start of each page:

Code:


session_start();

if (isset($_SESSION['user_id']))
{
 // connect to MySQL
 mysql_connect("host", "user", "pass");
 // try and open game database
 $result = mysql_select_db("database");
 // Report error if no database
 if ($result != true){
  print "No database!";
  exit("<p><a href=\"index.php\">Back to menu</a>");
  }//endif
 
  }
else{
 print "Please log in first.";
 exit("<p><a href=\"index.php\">Back to menu</a>");
 }
$user_id=$_SESSION['user_id'];


Its very simple and all but it works fine for now. I know it isn't secure but can't do that until the problems are ironed out.

However when my friend attempts to log in from his flat it seems that the session is not able to start.

Using his same machine with no changes he was able to use it fine from home but when he is behind a wireless router at his flat it doesn't work.

I am wondering how I can get the same effect (ensuring people are logged in) when users are behind a router.

I can't expect users to change hardware settings just for me so there must be a workaround as he is able to use other sites which I assume use sessions or something similar (hotmail etc.)

If anyone could even identify the problem that would be handy so I can come up with a solution.

David.
sonam
Hi,
I cannot help you in your problem, but I have friend in USA, and she have wireless connection. Sometimes, when we are chat on Google she disapire from chat without any reason. I am asking her what is problem, and she tell me how she have connection but only gmail drop down.

Maybe some browser have problem with wireless connection and that is create session problem. Try to get your site with different browsers because I think this is not in correlation with your script.

Sonam
powers1983
Yeah I think it is just an intermittent problem because now he can access it no problem. I have no idea what happened but since it is working now I'll probably get the rest of the site working before trying to figure out what is wrong because it seems like it will probably be a fairly obscure thing.
Manofgames
The very simple answer(I hope) is session cookies.
Basicly when a session is started with session_start(), the server makes a session name, a session id, and sends the user a session cookie (which is why session_start() has to be called before anything else)

But if some people have cookies disabled, then this causes a problem for php, as there's no way for it to pass the session id onto any other pages on your site.

Luckily though, there's an easy(ish) way to get around it, and I currently do it on all websites I'm making.

In the beginning of your config file (or the top of your script, whichever) type the following:
Code:

$trailurl = strip_tags(SID);

Then whenever you have a link to another page in WHATEVER way(forms, links, javascript events etc) attach the var $trailurl to the end.

IE:
Code:

echo '<a href="'.$_SERVER['PHP_SELF'].'?&'.$trailurl.'">A link</a>';


If the cookie is set then the SID is not set, so the value of $trailurl will be null.
However, if the cookie does not set, SID becomes PHPSESSID=Sessionid

Hope this helps you Wink
powers1983
Found this on the php.net documentation too:
http://us3.php.net/manual/en/ref.session.php
Quote:
Passing the Session ID
There are two methods to propagate a session id:

Cookies
URL parameter

The session module supports both methods. Cookies are optimal, but because they are not always available, we also provide an alternative way. The second method embeds the session id directly into URLs.

PHP is capable of transforming links transparently. Unless you are using PHP 4.2.0 or later, you need to enable it manually when building PHP. Under Unix, pass --enable-trans-sid to configure. If this build option and the run-time option session.use_trans_sid are enabled, relative URIs will be changed to contain the session id automatically.

Note: The arg_separator.output php.ini directive allows to customize the argument seperator. For full XHTML conformance, specify &amp; there.


Alternatively, you can use the constant SID which is defined if the session started. If the client did not send an appropriate session cookie, it has the form session_name=session_id. Otherwise, it expands to an empty string. Thus, you can embed it unconditionally into URLs.

The following example demonstrates how to register a variable, and how to link correctly to another page using SID.

Example 2135. Counting the number of hits of a single user

Code:
<?php

session_start();

if (empty($_SESSION['count'])) {
   $_SESSION['count'] = 1;
} else {
   $_SESSION['count']++;
}
?>

<p>
Hello visitor, you have seen this page <?php echo $_SESSION['count']; ?> times.
</p>

<p>
To continue, <a href="nextpage.php?<?php echo htmlspecialchars(SID); ?>">click
here</a>.
</p>



The htmlspecialchars() may be used when printing the SID in order to prevent XSS related attacks.

Printing the SID, like shown above, is not necessary if --enable-trans-sid was used to compile PHP.

Note: Non-relative URLs are assumed to point to external sites and hence don't append the SID, as it would be a security risk to leak the SID to a different server.


Which looks to be exactly what you are saying cheers. I checked but it seems that the default condition for the trans-sid condition is off otherwise php would automatically add the session ID to URL's but I suppose that would be too easy, ha.

The only bit I'm a bit unclear on is where it says at the end that non-relative URLs won't have the session ID appended. Does this mean that even if I try it won't? Or is it only talking about the case when --trans-sid is on?
That might pose a slight problem if the website uses all absolute URLs for whatever reason (maybe trying to 'break out' of frames from a redirect or link maybe?).
Manofgames
It means when the server parses urls, and adds the sessid on the end (--trans-sid on).

With my method, PHP is just adding strings together, but as a point, it'd be a good idea to follow their advice and not put the $trailurl at the end of outgoing links, just to be safe.

Glad this has helped Smile
Good luck
Alex
powers1983
Yup cheers.

David.
Reply to topic    Frihost Forum Index -> Scripting -> Php and MySQL

FRIHOST HOME | FAQ | TOS | ABOUT US | CONTACT US | SITE MAP
© 2005-2007 Frihost, forums powered by phpBB.