Macintrash Posted August 10, 2010 Share Posted August 10, 2010 Now i dont know if this is common, but occasionally while playing, i will click on a profile of a new account and it will log me out. It doesnt unset my session though, because i can go right back into the game by entering in a new URL. What makes it even more confusing is i can have 2 accounts right next to each other, and i open them both in new tabs. ONE can work, and the other will send me straight to the login page. I know its not a hacker because its been happening for a year and it only happens with new accounts and while using items. I looked at the "if session=0 header:login.php" code on a page that works fine compared to a page that causes a logout, and they are identical. What is causing my account to logout when i go to specific pages? I know for a fact my session is still intact, plus it even let me login to a new account while the other is still logged in. Where can i view my cookies/sessions to see whats really going on and how can i fix this? Quote Link to comment Share on other sites More sharing options...
Macintrash Posted August 10, 2010 Author Share Posted August 10, 2010 Ok exactly 20 seconds ago i have narrowed it down! I have found out that it allows me to have one account logged in at http://www.mygame.com, and a different account at mygame.com at the same time Quote Link to comment Share on other sites More sharing options...
Haunted Dawg Posted August 10, 2010 Share Posted August 10, 2010 You may pm me your game url and tell me what page's to look at, then i can find out what your problem is to be exact. Quote Link to comment Share on other sites More sharing options...
Dayo Posted August 10, 2010 Share Posted August 10, 2010 i wuld advise transfering from sessions to cookies as this would stop the above errors and stop peiople opening your game in 5 browsers all on diffrent accounts and farming Quote Link to comment Share on other sites More sharing options...
Fathom Posted August 10, 2010 Share Posted August 10, 2010 It is very likely that nothing is technically wrong. This is how sessions should work: they only work on the (sub)domain they are set in. This means that the browser/user does not have any session information when you go to domain.com (even if they logged in at http://www.domain.com/login because that session is set for the www subdomain). Hence the browser has two seperate sessions and you can login to two accounts using domain.com and http://www.domain.com Quick note, I don't use php so have to excuse any mistake I make. I would imagine that if you create the session from domain.com (i.e point login form to http://domain.com/login) it may solve your problems. Alternatively you can set the domain of the session to domain.com, there must be some way to do this in php... However this is not an ideal solution. In http(/the web) the pages http://www.domain.com/page and domain.com/page are considered to be different - even if they are infact identical. Therefore if people are using both www and the higher level domain.com they will cache two copies of each page/image. You will notice with most large websites that all requests to domain.com/page are forwarded (301) automatically to http://www.domain.com/page (even if it leads to a 404). This forwarding will usually only need to be done once for each user so is at little cost - and you make a saving if you enable caching/if modified. Of course if you have links on your site pointing to domain.com/page then forwarding willl occur frequently, which is unwanted. You will want to do this with your server not php, google will be your friend here. There are other benefits such as a gain for SEO (as you are removing duplicate content and all outside links will go (perhaps via a forward but search engines are smart) to one page). I can't comment on Dayo's suggestion as I don't know how it works in php but my solution could be carried out as well for reasons I explained. I'm not sure how a cookie would stop multiple accounts? A flash cookie maybe for detection. Also you can not fully trust the key/values stored in cookies, which might have implications given your code. Quote Link to comment Share on other sites More sharing options...
Swift-Fusion || Fusion Posted August 10, 2010 Share Posted August 10, 2010 May i suggest using a .htaccess edit, to make people go from domain.tld to http://www.domain.tld :) This can easily be found on google. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.