Of course there are additional hitches…
Under the old domain everything still works fine. Under the new domain, however, my $PHPSESSID is not finding its way to my processing script.
Here’s what I am doing:
Person visits the page. An included php file starts a session (session_start() and creates a session ID so the calling script can include the session id in the POST data. Form submits to a PHP script which compares the POSTed session ID with $PHPSESSID. If they don’t match, or $PHPSESSID is blank, the form data is not processed.
Suddenly this does not work under the new domain. The $PHPSESSID variable is always blank.
BTW - The goal of the above is to prevent someone from submitting repeatedly (or at all) from anywhere other than my site. Hell if I know that it really is a sound method, but in my limited testing it provided some measure of security. I’ve been meaning to get someone with brains to try and hack it.
Here’s some code:
php script to start session (incldued in index.php):
$_SESSION['sessionid'] = mt_rand() . mt_rand();
index.php starts out like:
$sessionId = session_id( );
$sessionId is populated, yet if I try to write $PHPSESSID to the page it is blank. Naturally, it is still blank when the processing script (form action) is called.
Why would this suddenly not work? Do I have to enable some PHP feature in DreamHost?