SitePoint Sponsor

User Tag List

Results 1 to 4 of 4

Thread: Cookie problem

  1. #1
    SitePoint Enthusiast
    Join Date
    Jan 2002
    Posts
    28
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Cookie problem

    I made a site using PHP and mySQL with logins, storing the logins and passwords in cookies.
    It works this way: First you log into your "general account" and then you log into one of the "subaccounts" on that account.
    I use one login page for that, if you are currently not logged in (no or incorrect cookies), it shows the main login page, if you are logged in (correct cookies), it shows the "sub logins".

    Currently, I use this to set the cookies:
    setcookie ("cookie_username", $record['username'], "time()+3600000", "/", "www.domain.com");
    Before, I tried setcookie ("cookie_username", $record['username'], time()+3600000) but that gave the same result.

    Now,
    This works perfectly in both Netscape 4.7 and 6.0.
    In Opera 5 however, I have to reload the login page after logging in before I get the second sublogin page. This obviously isn't the intention since the user will think that the login was not succesfull and he will attempt to login again (And I still don't get the sublogin page after a second, ... attempt) Also when I close the browser after reloading the page, the cookie is saved and it will show the subaccount page. If I then reload the page, the cookie is suddenly gone...

    But IE 5.0 proved most fun, when I click the login page link if I am not logged in, I get a time out error after a while. If I however fill in the link manually, it loads the page properly and am able to login to the main account. After that, the login link DOES works to login into one of the sub accounts.

    I have put alot of time (like all day) trying to figure out what I could be doing wrong but I could not find anything...
    So after this long story (I hope I didn't scare anyone
    What is going on here, what am I doing wrong, what did I miss? Does this have to be a problem with the code, is it a problem with the server, ...?
    Any help is most welcome, thanks!

  2. #2
    SitePoint Wizard gold trophysilver trophy
    Join Date
    Nov 2000
    Location
    Switzerland
    Posts
    2,479
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Back where I grew up (farming territory), if you asked someone for directions on how to get to somewhere, the typical answer was;

    "Oooo. You don't want to start from here!"

    So following in the same vein... you don't want to use cookies - you want sessions.

    If you've got PHP Version 4+ sessions are probably an easier way to handle this problem. This article here by Kevin Yank is a good example.

    Without seeing your site or the code behind, it's hard to say what exactly is going wrong but some other things to consider;

    This concept of sub logins sounds like a recipe for unhappy users. Would recommend considering a users and groups mechanism similar to that used in most network operating systems, like Unix and NT. Something like phpSecurePages (http://www.phpsecurepages.f2s.com/) is an example though the group mechanism works on "levels" - the higher the level the greater your access. That can be limiting (whips out a Venn diagram) because you cant create special groups for access to one particular thing. I'm working on an PHP based Intranet right now and trying to solve this problem by relating users to groups with a lookup (many to many relationship) MySQL table. Anyway - essentially what I'm saying is if you can, it would probably be best to have one login the somehow assign permissions to that login for the pages that currently require a "sub login".

    Also, that problem you describe in Opera could be connected to the browser not having refreshed the page. If you pu the following meta tags into the <HEAD> section of your HTML they force the browser to refresh;

    Code:
    <meta http-equiv="Expires" content="0">
    <meta http-equiv="Pragma" content="no-cache">
    <meta http-equiv="Cache-Control" content="no-cache">
    You can also send these as raw HTTP using PHP's header function.

    Anyway - hope that all turns out useful somehow.

  3. #3
    SitePoint Enthusiast
    Join Date
    Jan 2002
    Posts
    28
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Talking

    Okay, it seems sessions can serve the same purpose but won't have any of the cookie-problems...

    Thanks for the advise

  4. #4
    SitePoint Enthusiast
    Join Date
    Jan 2002
    Posts
    28
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    While sessions seem to solve the "cookie problem" for both Internet Explorer and Opera, Netscape is now no longer working

    When I click the login link, Netscape automatically adds "?PHPSESSID=62e40f017f29242e39602c5f9993b7c7" to the url, after that, it does no longer load pages that have "session_start();" on it.
    I found nothing like this in Kevin Yank's article but is it perhaps required to pass this PHPSESSID over to the different pages?

    For the two logins, this was the easiest solution. Since it is prohibited to have more than one account, people sharing the same computer can still access the site. If you have only one subaccount, you can choose in the user preferences not to ask the "subaccount" password when logging in... (Making it only a matter of pressing log in twice)
    If you have 10 subaccounts on other hand, you also don't have to remember 10 logins and passwords, you log in once and are able to do your thing in the 10 subbaccounts without providing any more passwords (unless you chose to do so in your preferences)
    Last edited by Laoujin; Jan 16, 2002 at 15:34.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •