• 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Session valid for http://www.domain.com but not for http://domain.com

#1
[eluser]codex[/eluser]
How can you set the session for both?

#2
[eluser]pistolPete[/eluser]
Code:
/*
|--------------------------------------------------------------------------
| Cookie Related Variables
|--------------------------------------------------------------------------
|
| 'cookie_prefix' = Set a prefix if you need to avoid collisions
| 'cookie_domain' = Set to .your-domain.com for site-wide cookies
| 'cookie_path'   =  Typically will be a forward slash
|
*/
$config['cookie_domain']    = '.domain.com';

#3
[eluser]brianw1975[/eluser]
you shouldn't need to.... have you looked at the cookies that are being set for each and see what the difference is? Web Developer add-on for Firefox makes this simple.

Edit: yeah, i should have also said: as long as your cookie config is set up correct.

I took for granted that it was set up "properly"

#4
[eluser]codex[/eluser]
[quote author="pistolPete" date="1251921978"]
Code:
/*
|--------------------------------------------------------------------------
| Cookie Related Variables
|--------------------------------------------------------------------------
|
| 'cookie_prefix' = Set a prefix if you need to avoid collisions
| 'cookie_domain' = Set to .your-domain.com for site-wide cookies
| 'cookie_path'   =  Typically will be a forward slash
|
*/
$config['cookie_domain']    = '.domain.com';
[/quote]

Will look into that. Thanks!

#5
[eluser]codex[/eluser]
[quote author="brianw1975" date="1251922145"]you shouldn't need to.... have you looked at the cookies that are being set for each and see what the difference is? Web Developer add-on for Firefox makes this simple.[/quote]

I see that there's ci_session cookies for both www.domain.com and domain.com. I guess I will have to take a closer look at how the cookies are being set.

#6
[eluser]codex[/eluser]
I think I got it! Cookie was indeed not set up properly. Thanks!

#7
[eluser]brianw1975[/eluser]
Keep in mind that you might not see raw data if you use the session helper, you'll probably see an encrypted string if you are using the encryption capabilities. In application/config/config.php

Code:
/*
|--------------------------------------------------------------------------
| Encryption Key
|--------------------------------------------------------------------------
|
| If you use the Encryption class or the Sessions class with encryption
| enabled you MUST set an encryption key.  See the user guide for info.
|
*/
$config['encryption_key'] = "some random string here";

[quote author="codex" date="1251922404"][quote author="brianw1975" date="1251922145"]you shouldn't need to.... have you looked at the cookies that are being set for each and see what the difference is? Web Developer add-on for Firefox makes this simple.[/quote]

I see that there's ci_session cookies for both www.domain.com and domain.com. I guess I will have to take a closer look at how the cookies are being set.[/quote]

#8
[eluser]kurucu[/eluser]
[quote author="brianw1975" date="1251923044"]Keep in mind that you might not see raw data if you use the session helper, you'll probably see an encrypted string if you are using the encryption capabilities. In application/config/config.php

Code:
/*
|--------------------------------------------------------------------------
| Encryption Key
|--------------------------------------------------------------------------
|
| If you use the Encryption class or the Sessions class with encryption
| enabled you MUST set an encryption key.  See the user guide for info.
|
*/
$config['encryption_key'] = "some random string here";

[quote author="codex" date="1251922404"][quote author="brianw1975" date="1251922145"]you shouldn't need to.... have you looked at the cookies that are being set for each and see what the difference is? Web Developer add-on for Firefox makes this simple.[/quote]

I see that there's ci_session cookies for both www.domain.com and domain.com. I guess I will have to take a closer look at how the cookies are being set.[/quote][/quote]

Yes, but the browser will still make the domain viewable, as that is a cookie parameter, not cookie contents. The browser needs to know which domains the cookie is valid on so that it knows who to send them to - so this part is not encrypted by CI.

It is because the browser will not send a www.domain.com cookie to .domain.com requests that this problem occured, not because CI was not accepting the returned cookie value or browsed domain.

#9
[eluser]brianw1975[/eluser]
mea culpa, I got a bit ahead of myself and was giving a bit of advice about trying to debug the contents of the cookie outside of doing any programming.

#10
[eluser]kurucu[/eluser]
[quote author="brianw1975" date="1251925205"]mea culpa, I got a bit ahead of myself and was giving a bit of advice about trying to debug the contents of the cookie outside of doing any programming.[/quote]
Sorry! Wasn't supposed to be a correction, more of a "don't panic" to the author in case it looked like he couldn't debug. I was tired and at work -my wording was not as friendly as it might have been!


Digg   Delicious   Reddit   Facebook   Twitter   StumbleUpon  


  Theme © 2014 iAndrew  
Powered By MyBB, © 2002-2020 MyBB Group.