I’ve built a website with a user-login.
Now, for some reason when I enter from the site’s IP and from the site’s domain a different session is created.
In the website I use a global parameter, named: ROOT where:
define("HOST", "localhost/final-project-management-system");
define("ROOT", "http://".HOST."/");
I give a lot of links related to ROOT in the website.
When I try connect to the IP, an initial session is created, but when I move to one of the pages with ROOT involved, a new session is created and the old session is deleted.
Does anyone have any idea why this happens ?
Thanks ..
PHP sessions are based on the scope of cookies, and the behaviour you describe is exactly how this works.
The scope of a cookie is defined simply by a string value based on the hostname (or IP) that appears in the address bar of the browser. Just because an hostname resolves to a specific IP, does not mean they share cookies.
If you think about it then basing the cookie scope on the resolved IP address would potentially cause major problems with cookies leaking between sites when you consider shared hosting environments.
In order to have this work correctly, the user will have to access the site via either the DNS name or the IP address, not both. You can pass the session ID manually to work around this, but it doesn’t come recommended (not by me, at any rate).