Hi all,

I've got this problem where I'm using one "include header" for my website. It has in it the navigation and because my site is spread out in and out of folders I need to use absolute links to connect all the various pages.

i.e

<a href="<?php echo $site_url_admin;
?>staff_home.php">Home</a>		
<a href="<?php echo $site_url_admin; ?>about/index.php">About</a>

The problem is because I'm using a login system;

session_start();
if (!isset($_SESSION['user']))
{
 die ("Access Denied!");
}
if (isset($_SESSION['user'])) { ?>

when I click on the absolute link, the SESSION finishes and Access is Denied!.

I have reverted back to relative links and all works fine then. However I would need at least 20 separate navigation bars for everything to link up.

The most weird thing of all is if I LOGOUT then login again, everything works fine with ABSOLUTE links, go figure!

Any help would be much appreciated, thanks....

Apparently, when you use a full URL, the page is parsed outside of your environment so it doesn't know anything about your session. I don't really understand why you feel obligated to use full url's but if it can be architected so they aren't necessary, it will probably be simpler. If you have to keep them, maybe using cookies to store your login status rather than a session variable might be the right way to go.

This doesn't make sense to me. A session shouldn't be lost if you use absolute links. When a session starts a cookie is set with the session id for that domain. The only problem I can think of if you are changing domains or using a subdomain.

I have never had a problem with sessions and absolute urls.

I think as I'm not using cookies in my session that's why the absolute urls are re-starting it.

I would much prefer to use relative links, but because the header with the navigation is being called inside sub folders the urls are not relative to their position. If there is a way around this other than using absolute urls I would love to know.

Thanks...

The login script

if ( $num != 0 ) { 

        // A matching row was found - the user is authenticated. 
       session_start(); 
	   list($user_id,$user_name) = mysql_fetch_row($result);
		// this sets variables in the session 
		$_SESSION['user']= $user_name;  
		
			
		if (isset($_GET['ret']) && !empty($_GET['ret']))
		{
		header("Location: $_GET[ret]");
		} else
		{
		header("Location: staff_home.php");
		}
		//echo "Logged in...";
		exit();
    }

The code from the header

<?php
				session_start();
				if (!isset($_SESSION['user']))
				{
 				die ("Access Denied!");
				}
				if (isset($_SESSION['user'])) { ?>
							
				<div id="login">

				Logged in as:  <?php echo $_SESSION['user']; ?>
				<?php } ?>

You can find a discussion on this same topic at
http://bugs.php.net/bug.php?id=18000&edit=3

Within that discussion, one contributor suggested to pass the SID as part of the call and then you'll be able to re-connect to the original session. No confirmation that it worked but it sounds logical.

Be a part of the DaniWeb community

We're a friendly, industry-focused community of developers, IT pros, digital marketers, and technology enthusiasts meeting, networking, learning, and sharing knowledge.