Welcome Guest, Not a member yet? Register   Sign In
CodeIgniter Forums Using CodeIgniter Libraries & Helpers Session Collision
Session Collision
  • Offline dave friend
    Posting Freak
  • *****
  • Posts: 1,015
    Threads: 15
    Joined: Jun 2015
    Reputation: 50
#10
05-22-2020, 07:57 AM
(This post was last modified: 05-22-2020, 08:04 AM by dave friend.)

(05-21-2020, 04:37 AM)A35G Wrote: I choose then the version www.domain.tld forcing already with a .htaccess file the redirect to the domain with the www.

If you use other subdomains ("www" is a subdomain) you should use either "domain.tld" or an empty string. According to the PHP manual.

Quote:To make the cookie available to the whole domain (including all subdomains of it), simply set the value to the domain name ('example.com', in this case).

Older browsers still implementing the deprecated » RFC 2109 may require a leading . to match all subdomains.

I see you used the leading . (e.g. '.domain.tld') and that is OK.

What's this about an empty string?  According to the HTTP cookies page of the Mozilla Developer's Network website.

Quote:Domain specifies allowed hosts to receive the cookie. If unspecified, it defaults to the host of the current document location,

The "current document location" for a CodeIgniter website is always going to be where index.php is found. But I recommend sticking with what you started with.
PHP Code:
$config['cookie_domain']    '.domain.tld'

'cookie_path' should be:
PHP Code:
$config['cookie_path'] = '/'

To help prevent session hijacking and XSS always use the following.
PHP Code:
$config['cookie_httponly'] = true

You must make sure that permissions and the owner:group for 'sess_save_path' are set correctly. The owner and group should be set to match your Apache setup - typically either 'www-data' or sometimes 'root'. On a Linux system, Apache assigns those in the file /etc/apache2/envars (the path will be different if you're using Windows or an Apple system). Look for the following in that file.

Code:
export APACHE_RUN_USER=www-data
export APACHE_RUN_GROUP=www-data

You might find 'root' instead of 'www-data'. Don't change anything here, but make sure the owner and group of 'sess_save_path' is set to what you see in the envars file.
(05-20-2020, 11:13 AM)A35G Wrote: The same action, it happens with one pc and two browsers with different user logged in.

Are the two browsers the same application? For instance, two windows each running Chrome, or Firefox, or whatever?
Reply


Messages In This Thread
Session Collision - by A35G - 05-20-2020, 11:13 AM
RE: Session Collision - by jreklund - 05-21-2020, 02:28 AM
RE: Session Collision - by A35G - 05-21-2020, 03:05 AM
RE: Session Collision - by jreklund - 05-21-2020, 03:16 AM
RE: Session Collision - by A35G - 05-21-2020, 03:32 AM
RE: Session Collision - by jreklund - 05-21-2020, 04:03 AM
RE: Session Collision - by A35G - 05-21-2020, 04:37 AM
RE: Session Collision - by dave friend - 05-22-2020, 07:57 AM
RE: Session Collision - by A35G - 05-25-2020, 01:59 AM
RE: Session Collision - by InsiteFX - 05-21-2020, 08:37 AM
RE: Session Collision - by jreklund - 05-21-2020, 08:42 AM
RE: Session Collision - by jreklund - 05-22-2020, 09:54 AM
RE: Session Collision - by dave friend - 05-22-2020, 10:47 AM
RE: Session Collision - by A35G - 05-26-2020, 07:25 AM



Theme © iAndrew 2016 - Forum software by © MyBB