Scenario
I am trying to correct an issue with an application that is populating user in a session variable in Internet Explorer using a dual db, single application. I have a unique configuration for a PHP application that is based on the question I asked previously.
https://stackoverflow.com/q/34841867/1691103
I am using a single folder structure that is addressable by the database name. My virtual host name equals the database name being accessed. If I try to access localhost or my computer name I purposely prevent this request since those dbnames do not exist.
http://app --> loads data from app database
http://app_demo --> loads data from app_demo database
app is the name of the single application directory
Now, when I log in to my application via http://app I can do so in Firefox. Additionally, I can also log into my app via http://app_demo in Firefox. I see the logged in user via the session variable.
Problem
In Internet Explorer my app does not show the logged in user in the Session when accessed via http://app_demo despite being able to do so when accessed via http://app
When I access http://app_demo in Internet Explorer the session is populated right before index.php header redirect but is cleared right after I try to see the value in index.php.
Question
What do I need to do to make login work for both hostnames in IE?
Windows Hosts File
127.0.0.1 app
127.0.0.1 app_demo
Apache Virtual Hosts Definition
<VirtualHost *:80>
DocumentRoot "c:/wamp/www/app"
ServerName App
ServerAlias App
<Directory "c:/wamp/www/app">
AllowOverride All
Options Indexes FollowSymLinks
AllowOverride All
Order Allow,Deny
Allow from all
</Directory>
</VirtualHost>
<VirtualHost *:80>
DocumentRoot "c:/wamp/www/app"
ServerName app_demo
ServerAlias app_demo
<Directory "c:/wamp/www/app">
AllowOverride All
Options Indexes FollowSymLinks
AllowOverride All
Order Allow,Deny
Allow from all
</Directory>
</VirtualHost>
index.php
<?php
session_start();
if (session_status() === PHP_SESSION_NONE)
{
require_once('session.php');
}
else if (isset($_SESSION['expire']))
{
$expire = $_SESSION['expire'];
session_destroy();
echo $expire;
echo "<meta http-equiv='refresh' content='0; url=index.php'>";
}
?>
<!DOCTYPE html>
session.php
<?php
session_cache_limiter ('private, must-revalidate');
session_start();
?>
authenticate.php
<?php
require_once('session.php');
require_once('usermanager.php');
$username = isset($_POST['username'])? $_POST['username'] : '';
$password = isset($_POST['password'])? $_POST['password'] : '';
if ($username == '' or $password == '')
{
header('Location: login.php?err=1');
return;
}
$userManager = new UserManager($username, $password);
if (!$userManager->isValidUserName($username))
{
header('Location: login.php?err=2');
return;
}
else
{
$confirmed = $userManager->confirmUserNamePassword($username, $password);
if (!$confirmed)
{
header('Location: login.php?err=3');
return;
}
else
{
$_SESSION['username'] = $username;
$_SESSION['password'] = $password;
$_SESSION['userid'] = $userManager->getUserID($username, $password);
$_SESSION['userrole'] = $userManager->getUserRole($username, $password);
$_SESSION['loggedin'] = true;
$_SESSION['lastnamefirstname'] = $userManager->getLastNameFirstName($username, $password);
header('Location: index.php');
exit;
}
}
?>