} include "/home/bkinney/includes/lti_mysqli.php"; include '../ims-blti/blti.php'; //no token query here anymore - require_once was causing a problem? include '../canvasapi.php'; //'/home/bkinney/includes/get_ud_canvas_endpoint_paginate.php'; //change this to look up in db //try this with the redirect. Does that help with masquerading??/ $context = new BLTI($secret, true, false); //secret is set in the including page if ($context->valid) { //set some session variables //die(); $context_id = $context->info['context_id']; //$domain =$context->info['custom_canvas_api_domain']; $isAdmin = $context->isAdministrator(); setcookie("context", $context_id, 0, '/'); setcookie("isAdmin", $isAdmin, 0, '/'); setcookie("lti_url", "https://apps.ats.udel.edu" . $_SERVER['PHP_SELF'], 0, '/'); if (isset($token)) { //this should alway be false $api = new CanvasAPI($token, $domain, $context->info['custom_canvas_user_id']); $valid = $api->ready; } else { //query db for an all purpose token. //I'm trusting the domain because I'm in a validated context $query = sprintf("select token from tokens where domain='%s' and context='%s'", $domain, $domain); $result = mysqli_query($link, $query); if (mysqli_num_rows($result)) { $row = mysqli_fetch_array($result); $token = $_SESSION['token']['domain'] = $row['token'];