Jump to content

session id in url and login problems


Recommended Posts

Support pointed me in this direction. Here is my case summarised:

- IP.Board 3.3.4

- This is on a closed corporate network and I cannot give you access to it.

- OS: Linux
- Webserver: Apache
- $INFO['use_friendly_urls'] = '1';
- Redirect to new friendly URL format: Yes
- URL type: path info (have also tried with query string)
- Use .htaccess mod_rewrite: Yes
<IfModule mod_rewrite.c>
Options -MultiViews
RewriteEngine On
RewriteBase /ipboard-product/
RewriteCond %{REQUEST_FILENAME} .*.(jpeg|jpg|gif|png)$
RewriteCond %{REQUEST_FILENAME} !-f
RewriteRule . /ipboard-product/public/404.php [L]


RewriteCond %{REQUEST_FILENAME} !-f
RewriteCond %{REQUEST_FILENAME} !-d
RewriteRule . /ipboard-product/index.php [L]
</IfModule>

Example 1:

- No FURLs
- s=74b8cb27f52129d5fa9049c4a43fef4c is in the url
- I can login and click around on links with s=xxxx
- clicking on a link that has no s=xxxx logs me out

Example 2:
- FURLs are on (this is a must)
- I attempt to login, I get to see the "green" screen that says something like "Login ok". But after that screen goes away, I'm not loged in.

Support said:

Unfortunately we are unable to support test or development installations via the ticket system I'm afraid. Additionally, the issue with session IDs in your URLs is caused by your PHP configuration. Please look up the "session.use_trans_sid" and "session.use_only_cookies" PHP configuration options for more information.

I checked php.ini:

session.use_trans_sid = 0
session.use_only_cookies = 1

Trying to set these to...

session.use_trans_sid = 1
session.use_only_cookies = 0

... did not help

Any suggestions?

Link to comment
Share on other sites

I'd poke in the same direction as PeterUK on this one. For whatever reason, your php session id (which is a cookie) is failing to be set. That's why the session is constantly passed as a GET parameter as a backup. Get something like firebug and review the net tab. You should see a PHPSESSID being passed around in cookies. If not, that's where you problem lies.

Link to comment
Share on other sites

Archived

This topic is now archived and is closed to further replies.

  • Recently Browsing   0 members

    • No registered users viewing this page.
×
×
  • Create New...