problems with sessions variables and virtual domains in apache

I have a windows 2000 server with apache 2.0 and php 5.1.2. I use session
variables to validate users, each page have something like this:

if($_SESSION["validated"]==0){
header("Location: index.php");
exit;
}

This worked fine when i had only one domain, but when i began to use virtual
domains, sometimes, not always, the session variable lost the value or the
session variable is distroyed, i don't know what really happens. I add this
lines to httpd.conf for each domain and the main domain is first:

<VirtualHost *:80>
ServerAdmin EMAIL REMOVED
DocumentRoot "C:/Program Files/Apache Group/Apache2/htdocs/domain"
ServerName www.domain.com
ErrorLog logs/domain.com-error_log
CustomLog logs/domain.com-access_log common
php_admin_value upload_tmp_dir "C:/Program Files/Apache
Group/Apache2/htdocs/domain/tmp"
php_admin_value session.save_path "C:/Program Files/Apache
Group/Apache2/htdocs/domain/session"
</VirtualHost>

At the beginning i didn't use the two last lines with php_admin_value, i add
the lines for trying to solve the problem but it doesn't work.

I have an application made with phpmaker and SquierreMail v.1.4.7 too, and i
have the same problem in both. In both case sometimes, when i want to go to
other page, the server ask me for the username and the p***word, it is not
always.

Please help me

Thanks.

esteban wrote:
> I have a windows 2000 server with apache 2.0 and php 5.1.2. I use session
> variables to validate users, each page have something like this:
>
> if($_SESSION["validated"]==0){
> header("Location: index.php");
> exit;
> }
>
> This worked fine when i had only one domain, but when i began to use virtual
> domains, sometimes, not always, the session variable lost the value or the
> session variable is distroyed, i don't know what really happens. I add this
> lines to httpd.conf for each domain and the main domain is first:
>
> <VirtualHost *:80>
> ServerAdmin EMAIL REMOVED
> DocumentRoot "C:/Program Files/Apache Group/Apache2/htdocs/domain"
> ServerName www.domain.com
> ErrorLog logs/domain.com-error_log
> CustomLog logs/domain.com-access_log common
> php_admin_value upload_tmp_dir "C:/Program Files/Apache
> Group/Apache2/htdocs/domain/tmp"
> php_admin_value session.save_path "C:/Program Files/Apache
> Group/Apache2/htdocs/domain/session"
> </VirtualHost>
>
> At the beginning i didn't use the two last lines with php_admin_value, i add
> the lines for trying to solve the problem but it doesn't work.
>
> I have an application made with phpmaker and SquierreMail v.1.4.7 too, and i
> have the same problem in both. In both case sometimes, when i want to go to
> other page, the server ask me for the username and the p***word, it is not
> always.

If you are going across domains (page 1 is on domain 'a' and page 2 is
on domain 'b'), you need to explicitly p*** the session across in the
query string.

Even them I'm not sure it will work for security reasons.

--
Postgresql & php tutorials
http://www.designmagick.com/

On Thursday 18 January 2007 06:26 pm, esteban wrote:
> I have a windows 2000 server with apache 2.0 and php 5.1.2. I use session
> variables to validate users, each page have something like this:
>
> if($_SESSION["validated"]==0){
> header("Location: index.php");
> exit;
> }
>
> This worked fine when i had only one domain, but when i began to use
> virtual domains, sometimes, not always, the session variable lost the value
> or the session variable is distroyed, i don't know what really happens. I
> add this lines to httpd.conf for each domain and the main domain is first:
>
> <VirtualHost *:80>
> ServerAdmin EMAIL REMOVED
> DocumentRoot "C:/Program Files/Apache Group/Apache2/htdocs/domain"
> ServerName www.domain.com
> ErrorLog logs/domain.com-error_log
> CustomLog logs/domain.com-access_log common
> php_admin_value upload_tmp_dir "C:/Program Files/Apache
> Group/Apache2/htdocs/domain/tmp"
> php_admin_value session.save_path "C:/Program Files/Apache
> Group/Apache2/htdocs/domain/session"
> </VirtualHost>
>
> At the beginning i didn't use the two last lines with php_admin_value, i
> add the lines for trying to solve the problem but it doesn't work.
>
> I have an application made with phpmaker and SquierreMail v.1.4.7 too, and
> i have the same problem in both. In both case sometimes, when i want to go
> to other page, the server ask me for the username and the p***word, it is
> not always.
>
> Please help me
>
> Thanks.

Following Chris' idea - going from http to https - try this simple technique -
works for me:

<?php session_start(); ob_start(); ?>
<?php if ($_SERVER['HTTPS'] != "on") {
header("Location: https://your_domain/the_page_you_want_at_https");
exit;}
?>

Saves you having to explicitly set the page for https

Hth,
Andre

The don't want to p*** the session variable across domains. The problem is
in the main domain, i don't know what happens, the session variable lost the
value or is distroyed.

"Chris" <EMAIL REMOVED> escribió en el mensaje
news:EMAIL REMOVED...
esteban wrote:
> I have a windows 2000 server with apache 2.0 and php 5.1.2. I use session
> variables to validate users, each page have something like this:
>
> if($_SESSION["validated"]==0){
> header("Location: index.php");
> exit;
> }
>
> This worked fine when i had only one domain, but when i began to use
virtual
> domains, sometimes, not always, the session variable lost the value or the
> session variable is distroyed, i don't know what really happens. I add
this
> lines to httpd.conf for each domain and the main domain is first:
>
> <VirtualHost *:80>
> ServerAdmin EMAIL REMOVED
> DocumentRoot "C:/Program Files/Apache Group/Apache2/htdocs/domain"
> ServerName www.domain.com
> ErrorLog logs/domain.com-error_log
> CustomLog logs/domain.com-access_log common
> php_admin_value upload_tmp_dir "C:/Program Files/Apache
> Group/Apache2/htdocs/domain/tmp"
> php_admin_value session.save_path "C:/Program Files/Apache
> Group/Apache2/htdocs/domain/session"
> </VirtualHost>
>
> At the beginning i didn't use the two last lines with php_admin_value, i
add
> the lines for trying to solve the problem but it doesn't work.
>
> I have an application made with phpmaker and SquierreMail v.1.4.7 too, and
i
> have the same problem in both. In both case sometimes, when i want to go
to
> other page, the server ask me for the username and the p***word, it is not
> always.

If you are going across domains (page 1 is on domain 'a' and page 2 is
on domain 'b'), you need to explicitly p*** the session across in the
query string.

Even them I'm not sure it will work for security reasons.

--
Postgresql & php tutorials
http://www.designmagick.com/

esteban wrote:
> The don't want to p*** the session variable across domains. The problem is
> in the main domain, i don't know what happens, the session variable lost the
> value or is distroyed.

Track down where is happens with lots of 'error_log' and 'print_r'
calls. Work out where it breaks then I'm sure you'll work out why it's
breaking.

--
Postgresql & php tutorials
http://www.designmagick.com/