[ENHANCEMENT] make script keeping the session even on multiple vhost/alias setups #82
Comments
|
I'm using it for a single sign on right now. But, generally you don't need your other sites to read the cookies for your login portal... I've added some post login methods to login to mediawiki and then I set the cookie domain to I looked at my cookies and for Open up chrome, do inspect element, resources -> cookies and see what the path is being set to for the PHPSESSID. If it has a path, you'll need to figure out how to fix that in your php.ini I suspect. The login script as far as I can tell isn't setting this cookie explicitly it's being handled by PHP Sessions. On a related note... here are my set cookie helper methods that I'm using for setting the cookies for another site... define("MEDIAWIKI_COOKIE_DOMAIN", ".domain.com");
/**
* @param string $name
* @param string $value
* @param int $expiresIn optional by default is set to 3600. This value is added to time to set a future expiration.
* to expire in one month you'd set it to "31*24*60"
* @param string $domain optional sets the domain of the cookie, set it to MEDIAWIKI_COOKIE_DOMAIN
*/
function setCookieForDomain($name, $value, $expiresIn=3600, $domain=MEDIAWIKI_COOKIE_DOMAIN) {
setcookie($name,$value, time()+$expiresIn, '/', $domain);
}
/**
* Creates a "session" cookie.
* @param $name
* @param $value
* @param $domain - optional will be set to MEDIAWIKI_COOKIE_DOMAIN by default
*/
function setSessionCookieForDomain($name, $value, $domain=MEDIAWIKI_COOKIE_DOMAIN) {
setcookie($name,$value, 0, '/', $domain, FALSE, TRUE);
}
/**
* Sets the expiration time to 1 week ago so browser will immediately remove the cookie.
* @param $name
* @param string $value
* @param string $domain
*/
function deleteCookieForDomain($name,$value="Deleted", $domain=MEDIAWIKI_COOKIE_DOMAIN) {
setcookie($name,$value, time()-(60*60*24*7), '/', $domain, FALSE, TRUE);
} |
|
I got curious so I looked into PHPSESSIONS... You could add the session_set_cookie_params line like the one shown below in Be sure to clear all your cookies before trying it... (can't just logout) as you'll still have a session cookie laying around. /**
* the function "__construct()" automatically starts whenever an object of this class is created,
* you know, when you do "$login = new Login();"
*/
public function __construct() {
session_set_cookie_params((30*24*60*60),'/'),'.domain.com',false,true); // <---- The line I added...
// create/read session
session_start(); |
|
That's the thing. The other login scripts I was testing (a lot of them were forks from jpmaster77's old script, but not all of them) worked fine on alias sites. So I assumed it wasnt anything with my php configuration. Registered and logged in with testdomain.com and when I enter test-domain.com in the browser, I was still logged in. The login script is installed in the root directory on all of the testing, though the final project it will be working directly from members.domain.com. But I also realized that most of the other scripts had some sort of Remember Me function which this one doesnt. Maybe it has something to do with that. After inspecting the element, the path is /. Also when I visit test-domain.com (no longer logged in) and go back to testdomain.com, I'm still logged in. Also the php.ini time out is 12 hours, which I did set the cookie time to bypass that already. Just trying to figure out how to get the script to hold the session on aliased sites. Kind of like when you sign onto Google.com, you're logged into YouTube, GMail, etc, though that's not exactly what I'm trying to achieve right now (but will be in the future), it wont keep me logged in for a site that is the exact same site, just using a domain alias. |
|
@desynergy Which version of Apache are you using (i want to reproduce) ? And please have a look here Transfer Session Data Between Apache Virtual Hosts. Seems like Apache does not share session data between aliases by default. |
|
My test server is running: But I'm pretty sure it's relying on the script. There's a generated hash token written in for the user in the database that is also set in the cookie and it is using it some how . Testing some things out now, was just seeing if anyone knew what I should be looking for directly. |
|
btw MySQL 5.1+ is the minimum to run the script (see this in the readme.md! I dont know exactly anymore why it is like that, but there was something...). I'm always wondering how people get this thing to run with PHP 5.2 or MySQL 5.0 ;) |
|
Anyway, THIS issue has nothing to do with mysql... |
|
I didnt think it would of had anything to do with mysql, I just posted those 3 things since they all do tie into each other. |
|
Actually now that you mentioned it, I did think that version was old and checked through an SSH shell. The version is really 5.1.70: [root@s104n19 ~]# mysqladmin -u root -p version mysqladmin Ver 8.42 Distrib 5.1.70, for unknown-linux-gnu on x86_64 Oracle is a registered trademark of Oracle Corporation and/or its Server version 5.1.70 Threads: 5 Questions: 12587 Slow queries: 0 Opens: 362 Flush tables: 1 Open tables: 155 Queries per second avg: 109.690 I guess the script that pulls version information from the servers isnt working for this server for quite a while. Oops. |
|
OK, I'm pretty sure it has something to do with the cookie handling, hashed tokens, etc. I'll play with it some more and figure something out. |
|
I just linked this ticket from the USEFUL STUFF section in the README.md, to give people who need this special case solution a guide how to do so. It's a special case i think and implementing this into the script by default should be discussed... Gimme a notice if you guys think this is really useful for a lot of people. I'll close this ticket until this is request by more people. |
|
Hi, |
|
@s1awekplease give some information. Which script/version ? What have you changed ? How does your session looks before/after logout ? |
|
I am sorry you right I should give you more details. |
Got the script working better now. But I've notice the script does not work on alias domain names.
Example: If I was using the script on testdomain.com and I have test-domain.com as an alias domain through Apache, the script does not keep the user logged in, but has to log in for every alias domain. (Using the same script/db/etc)
Is this a cookie setting or a session setting? So far I cant see anything in Login.php that would restrict the script to only work on the current domain and not others.
Which would bring up another issue that the script would not work as a universal user manager for several different sites.
The text was updated successfully, but these errors were encountered: