0

So I have this site that requires the user to authenticate and it opens reports in new tabs. When the report opens it checks the session to make sure the user is authenticated and continues on. This has always worked.

Now it's not working and I believe it has to do with the fact that I'm now using a subdomain because this is the main change I'm making to my site. Previously the site was www.timesavr.net. Now it's either serenity.timesavr.net or solomon.timesavr.net.

I'm able to authenticate and navigate around and even open popup windows which also check for authentication and those work fine. This is the method I use for those popups.

// Open new window
window.open('popout.php',filename,'location=yes,scrollbars=yes,status=yes');

// Then load main content into new window
$(filename).load("popout.php",parsedparams);

That works fine.

The reports however open in a new tab, as opposed to a popup window, and are opened by submitting a form to the report window, using the following function:

function runReport(reportid,params,subfolder){
  var windowname = reportid.replace(/-/gi,"");
  var form = document.createElement("form");

  form.setAttribute("method", "post");
  if(subfolder == "Y"){
    form.setAttribute("action", "../report.php?report=" + reportid);
  }else{
    form.setAttribute("action", "report.php?report=" + reportid);
  }
  form.setAttribute("target", "_blank");

  if(params > ""){

    var pairs = params.split('&');
    var result = {};
    pairs.forEach(function(pair) {
          pair = pair.split('=');
          result[pair[0]] = decodeURIComponent(pair[1] || '');

      var hiddenField = document.createElement("input");
      hiddenField.setAttribute("type", "hidden");
      hiddenField.setAttribute("name", pair[0]);
      hiddenField.setAttribute("value", pair[1]);
      form.appendChild(hiddenField);
    });
  }

  document.body.appendChild(form);
  form.submit();
  document.body.removeChild(form);
}

Is use this method so that I can pass in a random number of parameters to the report. I'm open to running the reports via a different method, but I do need to be able to maintain my session (to authenticate) and open the report in a new browser tab.

I am calling session_start() at the top of the report window.

I've also added session_set_cookie_params(0, '/', '.timesavr.net'); as this is supposed to maintain sessions among all subdomains but it doesn't seem to make any difference at all.

// Set cookie params to maintain session state across subdomains
session_set_cookie_params(0, '/', '.timesavr.net');
session_start();

And I've tried hard coding the fully qualified path to the report page in the action property but that makes no difference.

Vincent
  • 1,741
  • 23
  • 35
  • Server configuration might be in cause. See https://stackoverflow.com/questions/9153716/sharing-session-variables-between-multiple-subdomains or search for`apache subdomain session` – Louis Loudog Trottier Feb 19 '18 at 01:04
  • Thanks, I gave it a try but no dice. Added session.cookie_domain = ".timesavr.net" to my php.ini, but I think that's supposed to do the same thing as the code I'm already including which is session_set_cookie_params(0, '/', '.timesavr.net');. Neither of these are solving my problem. – Vincent Feb 19 '18 at 15:55
  • 1
    Turns out I was overriding a variable that I was using to check if the user was authenticated. I don't know why that code wasn't a problem on the old server, so that's why I thought it was a config issue, but it was my code. – Vincent Feb 19 '18 at 16:31

0 Answers0