Menu
▾
▴
[SM-USERS] Session Mischief
|
From: <dan...@li...> - 2003-05-24 22:46:07
|
Hiya guys,
I read your recent posts regarding the need for a session killer and
thought you might have some comments regarding the following.
The problem is the common "you must be logged in" error and I have spent
ages going through everything and seem to have narrowed it down to the
is_logged_in(); function in webmail.php:
The user enters his username/password into login.php
This calls redirect.php which contains the lines:
========CODE==============
session_start();
sqsession_unregister ('user_is_logged_in');
/* Set the login variables. */
$user_is_logged_in = true;
$just_logged_in = true;
/* And register with them with the session. */
sqsession_register ($user_is_logged_in, 'user_is_logged_in');
sqsession_register ($just_logged_in, 'just_logged_in');
===========END CODE===========
Redirect.php then loads webmail.php
This carries the line session_start();
(would this not reset all session variables to empty?)
Anyway, is_logged_in() is a function in functions/auth.php which checks
to see if "user_is_logged_in" is indeed registered:
if ( sqsession_is_registered('user_is_logged_in') ) etc...
This returns false however and produces the dreaded "You must be logged in
blah blah blah".
Can you think of why the session is being lost?
The problem began when I tried to implement a shared ssl setup:
http://domain.com/emaildomain1.com style
This uses vlogin to work out what the domain should be both for the login
username and for the general $domain variable used throughout
squirrelmail.
Sorry for the "teaching my granny to suck eggs" approach, but I like to be
clear and complete with my questions!!
Thanks a bunch,
Daniel =)
|