Sessions across all subdomains - session

I am hoping some of you might have some answers here. I've been at this for many hours and I'm not making much headway. From doing an extensive amount of research, I see this is a common problem without many solutions.
I have my login at domain.com that then goes to the user profile at domain.com/profile?u=username that has been rewritten with .htaccess to username.domain.com. I need to have access to SESSION username across all subdomains so I can see if the user is on their own profile or not. I have tried all the basic solutions to get SESSIONS working across all subdomains with .htaccess etc (I do not have direct access to php.ini), but nothing seemed to work; with the exception of session_set_cookie_params(0, '/', '.domain.com'); at the top of the script setting the SESSION. This all of a sudden worked - but the problem is - it also all of a sudden stopped working and has intermittently continued to work and not work without me touching the code.
My questions here are...
Does anyone have any idea why this would be intermittently working and then not working?
Does anyone have any other simple, cross platform solutions to solve this problem.
Failing that, I believe I can store the SESSION in the database and recreate it in all the subdomains. This seems inefficient, but might be the only solution. What are your thoughts and what would be the best way to do this?
I would really appreciate any help in this. This has proven a real challenge.

I was able to fix this by simply adding a text file to my main directory called php.ini with session.cookie_domain = ".domain.com" inside. That was it. And you have to re-launch your browser.

Related

passing session variable from without www to with www

Session variable is not passing between the urls without www and with www
I have implemented url rewriting in my website.
Example:
I want to pass Session["hashtable"] from http://domain.com/product.aspx page to http://www.domain.com/shoppingcart.aspx
Session is not passing between these urls,
tried a lot of settings in web.config adding httpcontext defaultname=.domain.com
still not working.
Any solution for this, great helpful for me.
Thanks in advance
Kumar
I've never done anything like this myself, but according to this question and answer, How can I share a session across multiple subdomains in ASP.NET?, you should be able to do this by adding this line to your web.config file:
<httpCookies domain=".usa.com"/>
Again, I haven't tried it. But it makes sense, I think.
I'm viewing your domain.com as being a "subdomain" of the same as www.domain.com. This isn't really true in a technical sense, but in a lot of cases I've seen it work that way anyway, so I'm hoping this will be one of those cases.
Edit:
I just came across this post, ASP.NET sharing session across multiple wildcard subdomains, which leads me to think this might not actually work, after all. Let me know if it doesn't and I'll delete this answer.
Edit 2:
Okay, I'm searching and finding tons and tons of people with this very problem. It sounds like it might just not be doable. That is, these people don't have any answers whatsoever. So it could just be that people who ask this are super unlucky, or it could be that it's just some little-known solution, or it could be that it's impossible. Thus, I'm adding in my comment from above here, and calling it a part of my "answer."
Just in the interest of good SEO practice for this site which, from the paths you provided, appears to be retail-related, you should probably just redirect all requests at any point to your www. domain, before you even set the session variables. If you can't do that, for instance if your www. root is not the same as your empty one (Which you should change anyway, for users' sakes), spin up another subdomain and point all requests to that. Then you'll have two domains at the same level, and the first solution I posted should handle that.

MVC 3/ASPNET Auth - Almost Randomly Redirecting To Account/LogOff

This is a very strange one for me and I've been battling with it for a while now. I really hope someone can help.
I have a fairly typical MVC 3 Website and I only seem to be getting this problem in IE and Firefox. Chrome plays along nicely. Lucky for me, the majority of our company's clients uses Chrome at the moment.
Problem is at a seemingly random point in time, the browser will automatically redirect me to the Account/LogOff action when I click on a link, and from there it will obviously go back to the Login page. This link will then continue with the same behavior.
I say "seemingly random" because today that link will work, tomorrow it won't and all other (or the majority - I have never had more than on problem link giving this problem at a time) links will be fine. Sometimes restarting the server/dev environment will take care of the problem, other times it won't. The browser will just keep redirecting to LogOff.
I have tried looking at the Referrer URL, but the controller/action being referred to will never be reached. (If I place a breakpoint in the action, it is missed and the next point reached would be the LogOff action)
If I look at the stacktrace when in the LogOff Action, I can't see any info from where the application has come from. I have also tried what was suggested in this page: Posting the Stack Trace on ASP.NET MVC, but I cannot see why I am being redirected to the LogOff action.
The only place I seem to be able to have a breakpoint get hit before hitting LogOff, is Application_BeginRequest in the Global.asax, but can't see where it is going from there on.
My guess is that somewhere along the line, ASPNET Auth decides the user isn't authenticated any more and redirects to the LogOff action. Problem is that the cookies associated with ASPNET Auth all still exist, have data in them and they haven't expired yet.
Anyway, I hope I have given enough info on the problem.
Thanks in advance.
[Edit]
OK, so I might have gotten a step closer. I came across this link and looked to see what is happening in my Application_AuthenticateRequest in my global.asax.
I am not quite sure why, by when I click on a link, Application_AuthenticateRequest gets accessed 3 times. When a link works (as in I can follow it and it doesn't log me out), the value of the .ASPAUTH cookie stays the same. I checked this by adding a breakpoint and a watch over
HttpContext.Current.Request.Cookies[".ASPXAUTH"].Value
When the link does not work, the first time the cookie has a value, then the other two times it is null. Thus, because the ASPXAUTH cookie is null, the system automatically redirects to the LogOut action.
If I consider the solution they posted in the link, I am not sure if this applies to me. As far as I can tell, the encrypted cookie is still small (as in a few hundred characters long) and not close to 4096 bytes. Also, I have only 3 cookies going at the time I when tested the broken link and I have a maximum of 5 cookies at any given time.
Any idea?
OK, so I had a hunch about cookies expiring. So I looked at whether there is a way to keep (force) cookies in Forms Authentication alive and that led me to http://www.codeproject.com/Articles/221889/How-to-Generate-Machine-Key-in-IIS7
The only way I could test this theory was to keep working and debugging the site as normal. (And that's why it took me so long to post this answer.) Since I introduced this solution it seems that the problem has been solved.
Interestingly I spoke an Architect the other day, with 20 years dev experience, about my problem. He looked at my code and is convinced this is a bug in the Forms Authentication code.
I hope this helps some people who are experiencing the same problem I have.

Magento module admin 404 after move to a new server

I've been devolving several Magento modules on a Mac's local Apache server. Lately, I've moved the modules to a new Magento install on a new server. My problem is that all but one is 404-ing when I'm trying to load their admin pages. I can't find any reason why this one module works and the others don't even try to load pages. Most if the code is very similar from one to the next. Also, the 404 pages are not helpful and there are no exception or log entries to help me. These all work on the old server, and although some of the code has bad/old links that need to be fixed, and those generate errors I see no reason they aren't trying to load pages and generating errors.
I think the configs work, because I get the admin menu. Since the layouts have nothing concerning the front part of URL's, I see no reason for the problem to be them, either. I could post code, but I have no idea what to post that could be causing this.
I would greatly appreciate any insight that could be causing this.
When i devolve modules on windows and send to Linux, sometimes forget and make some thing on capital letter and others on lowcase, windows isn't case sensitive on this case, but linux is. maybe is the same on Macs / Linux

Codeigniter tank auth

I am wondering if someone can help me, I have recently moved my site live to test it so I basically copied the database and uploaded the files. This means that I had already set up a user account on my local server. However, I have found the login to be a bit temperamental, when I went to login it wouldn’t accept it so I had to reset my password which it then worked fine. Then I decided to register another user and that worked fine however I went to log in the next day and it wouldn’t let me, even though I know that the details were correct…
Has anyone else experienced something similar? Also, if you have, how did you fix it?
Thanks
One thing to remember with Tank Auth is that the password hashes are localized to a single server, and will not work on any other. You can change that inside the tank_auth config file by changing phpass_hash_portable to true, but this is less safe. My recommendation is to just recreate the accounts.
That is the only problem I can think of in your situation, hope if fixes it.

Sporadic page load failure

An issue has started recently, within Chrome and reportedly Firefox, pages would be loading fine and browsing would be as normal and then suddenly then a page would fail to load (continuing to spin as if loading). The page that fails is often not the same.
If I refresh the page or try to goto another page on the domain within the same browser, the browser doesn't even try to resolve the name or make a connection, and is then unable to load the page.
Swapping to another browser and I am back to browsing the domain normally again, while the original browser(in most cases Chrome) will not load the pages until a restart.
This has happened with 3 different people on 3 different machines in both Chrome and Firefox.
The domain that it is running off has allot of ajax calls within certain pages, I am not sure if the server is tripping out due to the number of requests from the one client...I am not sure.
I am not sure if this is a server, client or script functionality issue, as I can not personally reproduce it. I can do little to debug or work out what is causing this or how to fix it...
As you can see I am not sure of allot with this problem :) so I am throwing it out to stack-overflow in the hope that someone may have had similar experiences or have any directions I could look towards.
Cheers,
Brendan
If the page is making many requests in a short time, your firewall (router) may block it. I've noticed this behavior on my own router, and had to set it to a less restrictive level to make things work.

Resources