login script issues

so im having issues with a login/security script im developing and just cant get a repair in place.

so - when user loges in it checks user and pass against a DB, which works fine. If match, then i set a session("loggedin").

so, when logged in succesfully, everything is fine.

Here's where the problem comes in...

if im logged in, and navigating the domain on any page, and the url includes the "www." then everything is fine. The session is recognized, and I stay logged in.

BUT, as soon as i access a page without using the "www." portion, the system seems not to recognize the session, and i get the page that a non-logged in user would get.

If i manually re-type in the "www." and hit enter, it picks up the session again, and all is fine.

How can i fix this??

 

make a DB with the client IP, username, and datetime. If the date is what you need then he is logged in, else logged out and forget the SESSION. or try having some cookies for the mentioned DB or table

 

http://www.domain.com and http://domain.com totaly diffrent site when you are login using www after you remove www that means you are logout from that site and your session not set for that site that why you got error

if you set link on index page

for exp. <a href="index.asp">home</a> -- inner link (session work)
and <a href="http://www.domain.com/index.asp>Home</a> -- external site link(session not work)

 

set your www.yourdomain.com to redirect to yourdomain.com (without the www) then, go through your site and remove the www from all of your internal links.

 

Thanks all, i didn't realize that there was that big of a difference.

i just made a code in my security include that executes before the security is checked to redirect the user to teh www. version of the page they are on.

 

http://*****/path/file.extension

The *s is your server name, separate server name means separate sessions. even if they point to the same "website". Whether they are two completely different domains (mydomain.com and allaboutme.net) or just different subdomains (mydomain.com and www.mydomain.com, and mail.mydomain.com, etc) all get separate sessions.

So you can either (1) store their login status in the application object (bad), (2) store it in a database (better), or (3) store it in a cookie (best).

But, it's best to do like the poster said and have redirects so that everybody only uses one way of accessing the site.

 

Thanks Nafai,

I didn't want to get in to the whole cookie thing - just a personal preference I guess, so I actually went with redirects. Seems to be working out just fine.

Thanks for the detailed reply. Rep for you.

 

Cool thanks =)