0

I am new to php. I am facing problem with sessions. I mean, after I get logged in and I click on any link in the website , its immediately getting logged out. Not sure why.

In chrome console: I entered as : document.cookie , it showing me "", then I got to understand that cookie is somehow getting deleted immediately or some other issue.

This problem exists for below 2 websites.

We have a websites like :

www.mysite.site1.com/folder1
www.mysite.site2.com/folder2

Below is my code of MySite.com/folder1 

   function MySession() {
      $params = session_get_cookie_params();
      session_set_cookie_params($params['lifetime'], '/v/folder1');
      session_start();
   }

   function clear()
   {
      $_SESSION=array();
      session_destroy();
   }

Below is my code of MySite.com/folder2 

 function MySession() {
      $params = session_get_cookie_params();
      session_set_cookie_params($params['lifetime'], '/v/folder2');
      session_start();
   }

   function clear()
   {
      $_SESSION=array();
      session_destroy();
   }
John
  • 281
  • 1
  • 4
  • 9
  • [Read the manual](http://php.net/manual/en/function.session-set-cookie-params.php) ... by setting a path for the session cookie you limiting what urls it is transfered to. – Orangepill Sep 02 '15 at 06:20
  • @Orangepill How path value effects mysite? I am sorry i didn't, Could you please tell me what I have to change in my code? – John Sep 02 '15 at 06:43
  • use session_set_cookie_params($params['lifetime'], '/'); if you want to use differ-differ session for folder1 and folder2 you can create virtual host and setup it. – Prashant Srivastav Sep 02 '15 at 06:55
  • @PrashantSrivastav Whats wrong if I use as : session_set_cookie_params($params['lifetime'], '/v/folder2'); ?? – John Sep 02 '15 at 07:05
  • for chrome go to your browser inspect Element resource cookies in cookies you get a path column and domain which is very important to maintain session. giving a path for cookies you are setting limitation of cookies which is only access for that folder. – Prashant Srivastav Sep 02 '15 at 07:08
  • in PHP if your are setting `$_SESSION['VALUE']` then you need to start `session_start()` in every page and make sure website base url shouldn't change, if this happens then you'll logged out. – Kaleem Ullah Sep 02 '15 at 07:17
  • @LukyBoy-KU I just edited my domain names above, previously entered wrong. here is one: www.mysite.site1.com/folder1 Now please tell me what really I have to change..? – John Sep 02 '15 at 07:24

3 Answers3

0

Setting the domain for cookies in session_set_cookie_params() only affects the domain used for the session cookie .

So to make all your cookies be available across all sub-domains of your site you need to set your cookies on root domain.

when setting the path that the cookie is valid for, always remember to have that trailing '/'.

CORRECT:

session_set_cookie_params (0, '/yourpath/');

INCORRECT:

session_set_cookie_params (0, '/yourpath');
Prashant Srivastav
  • 1,723
  • 17
  • 28
  • I just edited my domain names above, previously entered wrong. here is one: www.mysite.site1.com/folder1 Now please tell me what really I have to change..? I even tried 'trailer' slash as you said, but still not working... – John Sep 02 '15 at 07:24
0

mysite.site1.com is your base url.

when you switched from www.mysite.site1.com/folder1 to www.mysite.site2.com/folder2

you'll surely be logged out.

Kaleem Ullah
  • 6,799
  • 3
  • 42
  • 47
  • Sorry to ask like this, where do I set this base url? and how? and how about if I try using session_name('FOLDER1'); for www.mysite.site1.com/folder1 and similar way for other folder too.. – John Sep 02 '15 at 08:07
  • using codeigniter will handle all these things for you. session urls security encryption etc. since you are not using let me tell you simple solution – Kaleem Ullah Sep 02 '15 at 08:11
  • [set site base url](http://stackoverflow.com/questions/15481629/how-do-i-set-base-url-for-all-pages-of-my-website) – Kaleem Ullah Sep 02 '15 at 08:17
  • ` – Kaleem Ullah Sep 02 '15 at 08:21
  • Just for the sake of 1 issue, I can think its not advisable to go with some framework especially for the already existing running project.. – John Sep 02 '15 at 09:08
  • Let us [continue this discussion in chat](http://chat.stackoverflow.com/rooms/88557/discussion-between-lukyboy-ku-and-john). – Kaleem Ullah Sep 02 '15 at 09:11
0

Well, I am able to find out answer for my query:

since in my case I have 2 folders ie., www.mysite.com/folder1 && www.mysite.com/folder2 , then we MUST keep session_name('folder1') for 'folder1' and session_name('folder2') for 'folder2' , otherwise both folders share the same session ID and so user gets logged in automatically in folder2 (assuming if he already got loggedin folder1)

 function Session() {
      session_name('FOLDER_SID');
      session_start();
   }

Regarding more info about session_name, here: http://stackoverflow.com/a/7551430/4956785

John
  • 281
  • 1
  • 4
  • 9