The Project is running on CodeIgniter (v 3.1.9).
from the Login page
When two different users (A and B) try to login from two different systems at same time, both users gets the same session values.
If A log's in first(1 or 2 seconds), then the user B gets the session of A's,
After a reload the correct session are restored.
This happens in the opposite way also.
So both the users gets the same dashboard the first time, which is pretty bad,
this only happenes when we try to login with 2 users at the same time.
If anybody has any pointers that would be great.
Thanks in advance.
SO After Long sleepless nights i figured out what was causing the issue, and it is a funny one.
Posting this answer so that if anybody comes looking for this.
So my codeigniter project was loaded in a sub folder of a domain, and that was the issue, somehow the codeigniter sessions gets mixed up when using the subfolder, when i moved it to another domain and everything worked perfectly.
just so you know i did add the required .htaccess for this folder.
#AyazShah #popeye thanks..
Related
This is something that I in practice so far I have not seen before.
I made a web app which works beautifully on all devices (so far I was thinking). Last week I received a few complaints that one part of the application does not work. Maybe I've reviewed over 100 times my code and I have not found a mistake and error behavior is that at one point the session expires or is just is not setup - which is not possible. The system was tested on a pile of users.
Today I received a response from a client that uses the iPhone 5. And really happens is that sessions are not working properly.
I use this session to force the user to open the pages in the order and that there is no possibility of jumping from page to page. If the user tries to skip the page, just go back to the beginning and need to re-start the process.
On the iPhone during the process returns me to the start and stop. It does not allow you to go to level 1 just returning back until you clear you cache.
This error happen randomly anywhere in process.
-To mention, I sessions not deleted until the user reache the end.
Is it possible that the iPhone has a problem with their browser or is error on my side?
Thanks!
This is what that solved the same problem i was facing earliar. May this will help..
the session problems for login page might occur because the url you are opening in the browser are not unique. for example If say you are creating a login page for your website, and you have created sessions successfully. Now, if you are logging in from url say http://geekzgarage.com then your session is limited to this url only. If you again open the above url like http://www.geekzgarage.com (note www. in both urls), then you will see that you are not logged in. So please be sure that your webpage is opening always in single type of url. either with www. or without www.
I have two CI Code base say projectX and projectY (Two Different Code Base and yes CI systems files are also separate but same version), Where ProjectX is the main site say http://projectx.com and ProjectY is http://projecty.projectx.com
Now when a user logs into the system (ProjectX) and clicks on some link that takes him to ProjectY. I want the user gets logged into SystemY with same session that was activated when he/she had logged into SystemX.
So my question is it possible and if yes then how or if 'NO' then what are possible ways to accomplish this as i don't want to show one more popup for login
Ok first of all thanks to #LuckyBurger for the link he has given in comment and yes that is a perfect solution for the problem all you have to do is to change the config file in both the code base with same values for session config array
I am helping develop a web application for one of the departments in the company I work for.
I was asked to look into a way to log off every user that might be on the application at once, so that if updates to the Web App are pushed out, people aren't working with an old version of it.
My problem is that as I am not very savvy with PHP, JQuery, AJAX, etc. which is what we're using, I have not known exactly what to look for.
We have a timer script running every couple seconds in the background, so I was thinking that I could add an admin button that updated a field in the database which this script could check every so often, and if the field was set, the logoff script could be executed. But this seems like a hack to work around the issue.
The guy I'm working with suggested I look into custom SESSION handlers.
What do you guys think? Any ideas?
Any help would be appreciated. Even if it's an idea on what to start searching for.
Thanks in advance!
EDIT: I should mention that this is a one-page web app. The user is not following any links or leaving the page.
Make an entry for logged in users in your database of choice, maybe memcached if performance is a criteria.
Use a custom Session save handler which stores the sessions in database or file. When you want to destroy all sessions, you can clear the storage (be it database, or file).
Start from - http://php.net/manual/en/function.session-set-save-handler.php
What I ended up doing was the following:
I added a field into one of out database tables and checked its value every time our browser tick came through (about every minute or so). If the field is set when the tick comes through, their page is refreshed, thus logging them off the application and destroying their session (We destroy the session when someone leaves the page).
The users cannot log back in until that field has been reverted to '0'
The admin account can change that field with the click of a button. Therefore their field in the database remains as a '0'
It might be kind of a hack, but it's what I could come up with even after everyone's help. The only issue is that it takes a bit to log everyone off. Problems of pulling vs pushing I guess.
And yes, an email will be sent out some time before logging everyone off so they don't lose work.
Thank you all for your help!
I recently got Pair Networks to migrate my app to a new pair server. Since then I noticed the following:
Some users with extra permission are no longer able to access those areas they should normally have permission for. They get redirected to the login page which also serves as the Access Denied page.
Some pages with forms now redirect users to login.php on submit of the form. Form data are submitted to the db as expected though.
I have checked the db and the users are configured correctly. Also, user do not lose session when this happens, as they can click Back and navigate to a different area. I have also had a look at the log files but unable to gather much apart from the HTTP 302 code appearing a number or times to login.php probably describing the redirect to the login page.
Can anyone please suggest what could be responsible for this? Could it be a configuration problem and how can I deal with that? Could it be a conflict in those two servers I don't suppose it's pair's server, as I haven't really encountered similar problems in the past.
Any directions will be very much appreciated.
Seams like you are using PHP sessions out of the box, PHP is probably storing temp cookies on a folder that gets cleaned way to often.
If this is the case there is a security risk as the folder is server-shared and your services can be compromised.
A simple way to fix this is to change your session_save_path that can be done in the following fashion:
<?php
session_save_path('/home/example.com/sessions'); // where this a personal directory
ini_set('session.gc_probability', 1);
?>
i have 2 stores here : oc v1.4.9.3
1) tsubamecorp.com/singapore/
2) tsubamecorp.com/malaysia/
The problem is when you login to tsubamecorp.com/singapore/admin everything is work fine.
The url after login look something like this tsubamecorp.com/singapore/admin/index.php?route=common/home&token=827bcf36d9c167581620f377417e8774 but when you change the folder from singapore to malaysia in url tsubamecorp.com/malaysia/admin/index.php?route=common/home&token=827bcf36d9c167581620f377417e8774
you can login without put username or pass in login page for malaysia store!!!
This only happen when you try in same browser.
Any solutions??
Without changing the default behaviour of OpenCart (as explained by Zappo) you should set up a new host name for each shop instead. You'll have to register two separate DNS names and then access your shops as follows...
malaysia.tsubamecorp.com/admin/index.php
singapore.tsubamecorp.com/admin/index.php
You can still run with a single installation of OpenCart and a single database. This post may help you understand this configuration better...
http://forum.opencart.com/viewtopic.php?f=20&t=21411
I think this will only occur when you change the name and refresh. I guess when you log out and try to login again it will no work.
That's default OpenCart behaviour...
I also think Jerome is correct. The cookies are in the same domain, so OpenCart thinks you're still logged-in.
HOWEVER, I don't see your problem...
If someone is able to get that cookie set, he or she already logged in...
(e.g. This can not happen when someone did not log in)