Welcome to Geeklog Sunday, May 19 2019 @ 06:24 pm EDT

Geeklog Forums

Cookie trouble of my own making


Status: offline

jlhughes

Forum User
Full Member
Registered: 25/04/02
Posts: 154
I'm looking for a way around a problem of my own making. I've created a Geeklog Web site for a school district. I've installed this site on a commercial server because the school district doesn't have PHP or mySQL installed (and doesn't want to be bothered with installing and maintaining either). On the school server they have created a single frame document that loads the commercial server page. The address URL shows the school site, but the work is actually being done on the commerical server. The commercial server site works as expected. However, when you log in from the school URL you are returned to the main page and you are NOT logged in. There is no error message. I know from past problems like this that this is a cookie issue. Logging in from the commercial server is OK. I tried changing the cookie domain in config.php to the domain of the school site, but that didn't fix the problem. The school district suggests using session variables instead of cookies, but I would prefer not to have to rewrite core code in Geeklog. Does anyone have an idea of how I might work around this problem? John Hughes

Anonymous

Anonymous
While I can't solve the problem directly, why dont you just have have a sub domain redirect to the commerical server. Once it's set up it requires no more maintanance than the frame would... geeklog.yourschool.edu

Status: offline

Tony

Site Admin
Admin
Registered: 17/12/01
Posts: 405
Location:Urbandale, Iowa
You need cross-domain cookies and I'm not sure how to do that. Basically, because your commercial box has a domain separate from the school's, when they view the school's site your cookies for GL will not be sent. Try the advice on this article from PHPBuilder.com. Please post if that works because this may come in handy for other people.

---
The reason people blame things on previous generations is that there's only one other choice.


The reason people blame things on previous generations is that there's only one other choice.

Status: offline

jlhughes

Forum User
Full Member
Registered: 25/04/02
Posts: 154
The problem appears to have been limited to Internet Explorer and it's "medium" or higher level of "privacy." Netscape browsers I tested did not have a problem. I found two Internet Explorer solutions: The most radical is to simply have users lower their "privacy" setting to "low," which allows all cookies from all sites including 'third party' cookies, which is what my cookies become when the site is accessed through the frame window. The more responsible solution is to use IE's "privacy" setting that allows you to "override cookie handling for individual Web sites." Users who experience trouble signing in are directed to a page that explains how to add the domain name to the list of Web sites trusted for all cookies. This seems to work so far, but I'm just rolling out the working site and I may run into other complications caused by the fact that the page is being frame-forwarded.

Status: offline

jlhughes

Forum User
Full Member
Registered: 25/04/02
Posts: 154
Subdomain or simply linking to the commercial server pages would not work because the school district wants to maintain the fiction that the site is actually operated by the district. By using frames to call the commercial server page, the address line and title of the page remain the school district location. Yes, people can watch the status bar and see what's actually going on, but the appearance of compliance with district policy that says all Web sites must be hosted by the district is the overriding concern. John Hughes

All times are EDT. The time is now 06:24 pm.

  • Normal Topic
  • Sticky Topic
  • Locked Topic
  • New Post
  • Sticky Topic W/ New Post
  • Locked Topic W/ New Post
  •  View Anonymous Posts
  •  Able to post
  •  Filtered HTML Allowed
  •  Censored Content