0

I built a php website where a user signs in and a session with the user credentials are created. For every page that requires users to be signed in, I created a function where it checks for the session variables. Now all of my code seems to work like a charm when I use the site directly with the server IP address (example: http://123.45.67.891/mywebsite). However, once I assigned a subdomain via "domain masking" from GoDaddy, all the session seems to not work at all. I tried to search through other Stackoverflow posts and any google searches but cannot seem to resolve it. The website does not redirect any pages to a different subdomain like I've read to other posts. All redirects on this website I built is within the same subdomain masking. Now, I do suspect that this masking is causing the cookies to get confused... So the result I'm getting currently is that when you submit the signin form, the php code runs, creates the sessions successfully, returns success info to ajax, the ajax success function redirects to the next page, but as soon as it reaches to the next page, my code to check for credentials immediately throws the user back to the index page as it does not see any Sessions. The function is working as intended as I wrote it to prevent anyone from accessing the page without being signed in. But with the domain masking, a user is never able to signin... Is there a solution to this or do I need to rid the subdomain masking and purchase a separate domain for this so it can work like a normal website?

Below is a snippet where I create the session and the snippet where I run the credential check. Thanks!

//====== Create sessions at signin
... mysqli calls before this with Posts from ajax ...
session_set_cookie_params(0,'/','.mywebsite.com');
session_start();
$_SESSION["TYPE"] = $row[3];
$_SESSION["USERNAME"] = $row[0];
$_SESSION["FULLNAME"] = $row[2];
session_write_close();
... some codes returning success call to ajax where javascript then redirects to the user dashboard page...

//======= Credential Check
function checksignin(){
    session_set_cookie_params(0,'/','.mywebsite.com');
    session_start();
    if(!isset($_SESSION["USERNAME"])){
        session_destroy(); 
        header('Location: ../index.php'); 
        exit;
    else if(empty($_SESSION["USERNAME"])){
        session_destroy(); 
        header('Location: ../index.php'); 
        exit;
    }
}
skiyono
  • 11
  • 4
  • What _exactly_ is their “domain masking”? It sounds like that might not be an actual subdomain pointing to your server, but just a frameset loading your page from its original address? – CBroe Aug 26 '20 at 07:07
  • Hi, thanks for your reply. You are correct, it is not pointing directly to the server. I couldn't figure out a way in GoDaddy's subdomain admin page to specify a different server than the main domain (the main domain I'm using for a different server and different website). But I saw that there was an option to select "Forward with Masking," which seems to lock the subdomain url and lets you navigate through the pages below. I'm not knowledgeable enough to know what this is actually doing but suspect this is the reason the php sessions are not working. – skiyono Aug 26 '20 at 14:20
  • That sounds like it was just a frameset, that loads the content from your original domain into one single frame. In that case, you would still have to set your cookies under that original domain, that is where the content is loaded from after all. Only you would potentially be fighting browser settings or privacy add-ons now, which might block those cookies as 3rd-party cookies now. – CBroe Aug 26 '20 at 14:35

0 Answers0