I am attempting to create a PHP website handling logging in to a website.
My goal is to simply have a way that someone can log on through a service widget. The authorization goes through and one of the things with it is that I send it to another php page with the authorization details to check if the data returned from the login widget is legitimate. If it isn't, it will just error and redirect back to login. That part works well but the issue that arises which I don't understand because I am fairly new to PHP is the issue where the cookies do not update into the $_COOKIE array(dictionary?).
So it directs to another php file and handles that. If the authorization goes through it will create a cookie like this:
setcookie('user', $user_data, time()+3600, "/", $domain, true);
So then it redirects back to the login page with
header('Location: test_login.php')
Then when I check if it is set with the following
isset($_COOKIE['user'])
This returns FALSE?? and I checked the inspect and the cookie very much exists in the browser! I don't understand. I checked it and it shows what seem to be everything working. It seems like it would be able to access it. I am unsure why. Is there anything or any ideas that could be causing this issue?
Related
I have a problem with cookies.
Basically I'm trying to store the user's session ID as a cookie like so:
setcookie("CheckoutSessionID",session_id(),time()+3600);
This works fine on my site, the cookie has the correct value and is valid for long enough. However, my site redirects to PayPal so the user can confirm a payment. The user is then redirected back to my site. It's when the user is redirected back to my site that ALL cookie variables are gone.
As in, print_r($_COOKIE), var_dump($_COOKIE) etc have no values. This only occurs after being directed to and from PayPal.
Any ideas as to why this is happening?
Thanks in advance for all help, I'm stumped!
Okay I've been digging quite deep and realised that an earlier question of mine is related:
PHP sessions and session_start()
Basically I had problems because PHP sessions were being deleted when I went to PayPal and back. However, I believe this was actually caused by the session COOKIE being destroyed, not the entire session.
I also found this topic here: Do PHP sessions get lost when directing to a payment gateway?
Answer given by someone suggests using a GET request with the return URL to send data back, instead of using cookies or sessions.
The whole reason I was using a cookie in the first place was to save the user's session ID, as the sessions weren't working properly, so basically I've just made my return URL something like this:
mydomain.co.uk/mypage.php?SessionID=[session ID goes here] and then obtained it then set the user's session ID to it.
Sorted! For now... I mean I'll probably end up hitting another brick wall due to cookies/sessions not working properly.
Thanks everyone for your help :)
Actually whatever is happening (cookie is being empty), logically it's right. When you submit a page/make request the browser sends the cookie from the client's computer with the request so that you can find the cookie in the cookie variable.
But once you redirect the user to another external page/site and come back again to your page then you should not get the cookie in the cookie variable because (in your case) when the user is getting back to your site from the paypal the paypal is not submitting the cookie with the request.
In this case you can save your data in the database before you redirect the user to the paypal and once the user comes back to your site you can retrieve that data from the database.
I got similar problem cookies being removed after redirect from Paypal.
it took me a while to figure out where was a problem.
Samesite=**"Strict"** // Removes cookies after redirect from Paypal.
Samesite=**"Lax"** // does not remove cookies after redirect from Paypal.
I am trying to have a user login to a Joomla site from an external site and then be redirected to a page where only registered users can view it. I used this script and it seems to be working somewhat. I can see the user logged in via the Joomla admin panel, however when I put in a redirect at the end of the script ie.
header('Location: registered page url');
Joomla prompts me to login in order to view the registered page. What am I doing wrong? The original post never did discuss how to redirect the user. Also, when I don't put the redirect in the code the browser just goes to a blank white page. Is that normal? Shouldn't it go to the home page of the curled site?
Also note that I've tried adding a return url to the code:
$loginRedirectUrl = 'index.php?option=com_content&view=article&id=146&Itemid=178';
$loginRedirectUrl = base64_encode($loginRedirectUrl);
$postfields['return'] = $loginRedirectUrl;
When I did a print_r($postfields) it returned everything filled up. Including the encoded return url and token. So, I'm highly confused as to why it looks like I'm logged in but the browser still somehow isn't keeping the cookies or something like that.
Cookies are not disabled.
Any help would be greatly appreciated. Thanks in advance.
Let's see if we can cover this one step at a time. The bit of code in the other post just handles the logging in stuff. If you run it unedited, then you will just end up with a blank page when it runs, so that is normal.
Next, if everything including the token is showing up in $postfields then the next thing I would check is to see if the Joomla admin shows a logged in session. If it does, then the problem is in the cookie being transferred to the the browser. If it isn't then it would indicate that the session was created but the login failed for some reason.
I have a facebook login tie on this site, but can't get it working correctly. So I downloaded the latest php SDK and set up the example here:
http://thedrinknation.com/facebook-php-sdk-70030bb/examples/with_js_sdk.php
I've had some success getting the Javascript to work, but the PHP never is able to figure out who the user is.
(NOTE: the link I posted above is the CLEAN code downloaded from github - I just changed the APPid, and Secret ID).
I'm looking for some direction - do I have a setting wrong on FB? Like application type, or something?
-Jim
JS-SDK is working in a correct way setting cookie and returning login status.
The issue probably related to the fact that your server never returning cookies back to browser. So every time page is refreshed new cookie is generated by JS-SDK. The only cookie it ever sent to browser is PHPSESSID which was send only if missing.
Seems that every time FB.getLoginStatus() is called new cookie is generated. Are you sure you have correct application settings like "App Domains" and "Site/Canvas URL"?
I'm not great at PHP, and everything I currently know, I have just taught myself by browsing the internet.
I am currently trying to work with cookies in my page, in order to set up a persistent log in for a day.
Basically I have gotten as far as managing to set a cookie, with a value of the session username. This value is set when the user logs on.
So the user enters credentials, php checks against mysql database, if it is successful then the username is set as session variable, and this is then set as a cookie.
This works, as if I run this php and immediately echo the cookie, the username is displayed.
This is all done on my login form which is brought up in a tinybox (similar to a lightbox and other such pop up windows). The cookie and echo seems to work correctly from here.
However, when the login is successful, it refreshes the parent page, (root page of my site) and all seems well. However, if I then try to echo the cookie from the index page, I can not access it.
I know cookies have limitations on them for security, but seeing as how my login page, and my home page are on the same domain, then I thought this would have worked.
Is this something I am likely doing wrong, or is it a cookie limitation. Would it work if I set the cookie from the index page itself, rather than from within a tinybox?
If anyone wants examples of the code I am using, it can be provided.
Many thanks
Eds
Which navigator you use? Chrome can't work by default with local cookies. You can enable with command line --enable-file-cookies
http://code.google.com/p/chromium/issues/detail?id=3014
Was helped out by DaveRandom on this one.
Turns out I had to add "/" as the root path for the cookie, so that it was available to parent pages.
All,
This question probably has a very simple answer - something I'm overlooking. But maybe someone can tell me where to look...
I have a PHP page ("index.php") with a very simple login form (e.g., username and password).
When the user clicks the "Submit" button, the form POSTs the values to another PHP page ("login.php"). That page is supposed to confirm the user's credentials, then do the following:
If the user's credentials are not
correct, redirect the user to
error.php, along with an error
message
If the user's credentials ARE
correct, create a session and set $_SESSION['authenticated'] = true, then redirect him to "loggedin.php"
[UPDATE]
Then, on loggedin.php, I check to see that isset($_SESSION['authenticated']) returns true. If it does, then proceed. If not, redirect the user back to index.php.
However, here's what happens. The FIRST time I fill out the form (with valid creds) and submit it, I can see briefly in the URL bar that the user is sent to login.php, then loggedin.php, but then BACK to index.php.
But, if I re-enter the same credentials and submit the info a SECOND time, everything works exactly as it should.
So, in short, it looks like either login.php is not setting the $_SESSION variable the first time through, or that it is, but for some reason, it's not set when I check it for the first time on loggedin.php
Is there some delay between setting the variable on login.php, and having isset() return true on loggedin.php?
Or, is there something else I'm doing wrong?
Here are the relevant (I think) snippets of code:
In login.php:
session_start();
$_SESSION['authenticated'] = true;
header('Location: http://www.mydomain.com/loggedin.php');
In loggedin.php:
session_start();
$authenticated = $_SESSION['authenticated'];
if (!isset($authenticated)) {
header('Location: http://www.footballpoolz.com/mobile/index.php');
die();
}
Many thanks in advance for any advice or insights!
Cheers,
Matt Stuehler
I think I may know the cause of the error. The session has to be linked to the browser and the IP address (this way more than one person can be logged in at a time). This means that the session has to not only be stored server-side, but the client has to have a link to the session as well so you know who they are logged in as when they request data. This session id is shared as part of the header during all HTTP requests.
When you're redirecting the user, though, you aren't giving them a chance to send new headers, are you? You're probably just sending them the new page. This new page never saw a header from them, so it doesn't know which session variable (PHP has hundreds or even thousands of session variables) belongs to them. When you log back in a second time, you are sending a header, and thus you're sending the session ID and PHP knows which session variable is yours.
There are two solutions. The first is to find a way to redirect them that forces them to send a new header. I believe using header("Location: www.mysite.com/newpage.php"); will do this. I may be mistaken.
The alternative is to temporarily pass the session id when you redirect them to loggedin.php so that you know they are logged in for that first page load. After the initial page load, you no longer need to take this extra step since it will be done for you every time they request a page. To pass the session id you just append ?SID=... to your redirect.
http://www.php.net/manual/en/session.idpassing.php
Redirects really slow things down and cause extra server load. What you should be doing is posting back to the index.php page, which will detect if there is a POST or not. Then log the user in and display the contents of the loggedin.php file. No redirects necessary.
After all, you already know that the user is validated, why redirect them to another page where you have to check validation again (which you just did)? This is more of the concept of a "Front Controller" where your index.php acts as a router to load and display different pages. Even if it's just a welcome page when they login. This eliminates any issues with delays.
You are doing a session_start, right?
Instead of using this true . Try to put some value.
like $_SESSION['username']='mattstuehler'
and check
$loggeduser=$_SESSION['username'];
if(!empty($loggeduser))
I dont see any bugs anyway