•  29-05-2022
  •  | 
  •  

Question

I'm using a session variable to store login data. Locally, everything works smooth, it logs in nicely and doesn't log out inbetween pages.

But when I put the same files on the server, for some reason I get logged out. I've already found this post, and tried using following code to prevent caching of dynamic pages:

header("Cache-Control: no-cache, must-revalidate"); 
header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // Date in the past

Though that doesn't seem to work. Are there any other possible solutions to this problem?

Edit: Note that session_start() is on every page.

Edit 2: I did a little further investigation and it appears some of my links link to www.mysite.com when on the mysite.com. Going to this new page makes that the $_SESSION[] vars aren't set, and when returning to the previous page with the back button you can see the $_SESSION[] is still set.

Was it helpful?

Solution

Sessions use cookies, so when you change domains (www.site.com to site.com) those cookies aren't being transmitted.

Set up your webserver to have one canonical url, and redirect everyone to that (for example, standardize on site.com, redirect www.site.com to site.com).

This is how I handle redirects in apache:

ServerAlias www.site.com my.site.com site.net www.site.net sites.com www.sites.com site.com
RewriteEngine On
RewriteCond %{SERVER_NAME} !=site.com
RewriteRule ^(.*) https://site.com/$1 [R=301]

I prefer site.com over www.site.com, unless you're doing something different on the two of them making people type an extra four characters seems worthless. My (lame) understanding of SEO is that you're better off picking one than having duplicate content at two urls (site.com/stuff and www.site.com/stuff)

Licensed under: CC-BY-SA with attribution
Not affiliated with StackOverflow
scroll top