1

I am facing a really weird issue here.

I have two websites: **A** and **B**

**A** is the landing page (a micro website). **A** is running Joomla.

**B** - payment pages. Coded with CodeIgniter. Uses session library and stores session data in a database.

=================

Scenario: a user visits a landing page (website A), chooses a service package and clicks buy. Then he is taken to the payment page (website B) and starts filling in his application form. Once he is done, he is taken to a payment gateway (provided by SecureTrading) and makes a payment. After a successful payment, a user is taken back to website B, where he has to finish the last bit of his application.

Problems: After a successful payment, user is redirected back to website B, but for some reason all session data is lost.

When does this happen: Session data is lost only when a user is coming from the landing page (A). If i start filling the application form without visiting the landing page at first, everything works just fine.

Why is this happening? How do i fix this?

saravankg
  • 909
  • 1
  • 10
  • 21
chuckfinley
  • 2,577
  • 10
  • 32
  • 42
  • Clear your session table and carry out the steps you have outlined. When you get to the point where the session data is lost check the session table for either of these. 1) the table is empty, 2) the table has one entry, but the session data is empty/invalid, 3) there are now two entries. Report back with results. – kittycat Feb 13 '13 at 12:20
  • There are now two entries - one has correct data within it (as well as the primary session_id), meanwhile the other one was added to the database after making a payment and has no data within it, except a new session_id. Obviously, my session gets reset for some reason... This only happens when i visit payment pages from an external site. Joomla has nothing to do with it. – chuckfinley Feb 13 '13 at 12:29
  • Can you post your code where you determine if a session exists etc and creates a session if it fails the checks. That is likely your culprit. The system is not properly determing if session already exists so it's creating a new one and thus overwriting the user's session cookie so valid one is no longer being sent to server to retrieve the first/real session. You may have such problem code in multiple places so think of all the places where you perform session checks. – kittycat Feb 13 '13 at 12:32
  • There are no such checks. I just autoload session library. – chuckfinley Feb 13 '13 at 13:11
  • Make sure the domains are matching then. If you start on mysite.com and end up at www.mysite.com it will be a different session as cookies will be set for a different domain. – kittycat Feb 13 '13 at 13:15
  • Well the domain matches, so that is not a problem :/ Again - the problem arises only when a user is coming from an external site... – chuckfinley Feb 13 '13 at 13:21

1 Answers1

2

Make sure in your application/config.php file you have the following setting set to this value:

$config['cookie_domain'] = ".mysite.com";

Take note of the leading . which denotes that the cookie domain is site-wide. This will make sure the cookie can be accessed from all sub-domains. Here is more information on how cookie domains work. You should always setup this config option as it defaults to empty and will thus use the default cookie setting which in most setups is not what the developer will want.

Community
  • 1
  • 1
kittycat
  • 14,983
  • 9
  • 55
  • 80