I'm having a strange issue, which I find difficult to summarize in a title.
First:
I have a webpage, where people need to be logged in.
I have a Excel document, with links to the webpage.
The problem:
When people are logged in, and they click on the link in the Excel document. The webpage tells them that they are not logged in.
What I found so far:
I'm using Office on Mac and I don't have any issues.
People using Office on Windows do have issues.
I think the issue is due to SESSIONS, that might be the reason why users aren't logged in while they should be.
I did some tests.
Every URL goes through index.php
index.php
<?php
session_start();
file_put_contents('log.txt', microtime().': SERVER '.print_r($_SERVER, true).PHP_EOL, FILE_APPEND);
exit;
Now when I click the link from Office on Mac (NO ISSUES!!!), I get a dump of the variable $_SERVER. Two important variables:
[HTTP_USER_AGENT] => Mozilla/5.0 (Macintosh; Intel Mac OS X 10_11_5) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36
[HTTP_COOKIE] => PHPSESSID=77lpqmdmvskv33d2ddsdlfs5q7; rememberme=1%3Ae79e92271e7e05a5ee5679b659b3cb5cbb61e60d96c158f4648960136b175164%3Accdee80c3e42705fcd7e8c234525beda86d27394653dfdfb42bdd3ec98592ca1
You can see the browser (Chrome) and the cookie, which contains a rememberme cookie for login.
Now, when I do the same by clicking on a link in Excel on Windows, I get the $_SERVER variable printed three times in the log file!
First:
[HTTP_USER_AGENT] => Microsoft Office Excel 2014
[HTTP_COOKIE] => PHPSESSID=0ivlfjf49j4b82858tstc2lmm3; PHPSESSID=tv6gs33j721d0tmm3rrjdoho45
Notice the user agent and no rememberme cookie.
Second:
[HTTP_USER_AGENT] => Mozilla/4.0 (compatible; MSIE 7.0; Windows NT 10.0; WOW64; Trident/7.0; .NET4.0C; .NET4.0E; .NET CLR 2.0.50727; .NET CLR 3.0.30729; .NET CLR 3.5.30729; ms-office)
[HTTP_COOKIE] => PHPSESSID=0ivlfjf49j4b82858tstc2lmm3
Notice, still no chrome browser and rememberme cookie.
Third:
[HTTP_USER_AGENT] => Mozilla/5.0 (Windows NT 10.0; WOW64) AppleWebKit/537.36 (KHTML, like Gecko) Chrome/51.0.2704.103 Safari/537.36
[HTTP_COOKIE] => PHPSESSID=3s0hvtssghk7uomvkpb5k70tc2; rememberme=1%3Aa9bd74ad58a0d7075c27108be1adbd26ba6d18f6e8b39073152d6780131ffe70%3A643852f8636c76c0bfc4017ec7fe3eab98dd57f5bcfdf86f0e37b5ec28a0c0ef
Finally user agent is Chrome and rememberme cookie is set.
So, it's getting a long story. But clicking on the link in Excel from Windows, it does strange things. Anyone an idea what is happening?
Oke, I found the problem. Below an answer from superuser.com
The URL you're using needs some more information from a cookie to
display the search results rather than the search page. Paste the URL
into a different browser (or remove your cookies) and you'll get the
same results.
Clicking a URL in Excel seems to open it in your default browser. But
that's not really true. Before opening it in your browser, Excel first
runs Microsoft Office Protocol Discovery. This uses a Windows/Internet
Explorer component to determine if the URL works. (It does not
identify itself as Internet Explorer, but as "User Agent: Microsoft
Office Existence Discovery".) And if the results are (somehow) okay
then it will open the result of that check in your default browser.
Lacking the cookies (more precisely: lacking a session), GoDaddy gives
that Internet Explorer component some redirect. And the result of that
is opened in your default browser. That's the URL you're seeing.
Most likely your default browser is not Internet Explorer? Then
pasting the URL into IE directly and clicking it, to get the cookies,
might then also make the link work from Excel. (Just for testing; it's
not a permanent solution.)
You will have more luck using a URL that does not rely on some hidden
information from a cookie, like
http://www.godaddy.com/domains/search.aspx?domainToCheck=superuser.com
Source: https://superuser.com/a/445431
So to solve this issue:
When Excel checked the link, it gets redirected to '/login' because it wasn't logged in. And finally that URL is the URL Excel opens in the real browser.
So I changed the login script and a user will not be redirected to '/login', but stay on the same URL and it will be shown the login form if not logged in. Excel now opens the original URL an if the user is logged in, it will see the page. If it is not logged in, the login form will be shown.
Related
How would I force HTTP (Not HTTPS), while getting the source code of: http://www.youtube.com/watch?v=2YqEDdzf-nY?
I've tried using get_file_contents, but it goes to HTTPS.
There is no way, because google forces you to use https. It will not accept longer unsecure connection.
They even start to downrank websites, which are not on SSL.
As for your Comment, i have done a little bit more research.
Maybe it is depended on the user-agent. I have no time to confirm this.
Try CURL with this User Agent:
Mozilla/5.0 (Windows NT 6.1; WOW64; rv:24.0) Gecko/20100101
I have such address example.com/page1. For example visitor's user agent is like this: Mozilla/5.0 (iPhone; CPU iPhone OS 6_1_2 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Mobile/10B146. I run session_id() and PHP Session ID is 12345. I can see "sess_12345" file inside temporary folder. It has all session variables in it.
After some processing I redirect him/her to example.com/page2. Visitor's user agent changes to this: Mozilla/5.0 (iPhone; CPU iPhone OS 6_1_2 like Mac OS X) AppleWebKit/536.26 (KHTML, like Gecko) Mobile/10B146 Twitter for iPhone. I run session_id() again and find out that ID is still 12345. But when I check "sess_12345" file, I see that it is deleted.
This happens only when users come to my website from "Twitter for iPhone" application. I guess session file is deleted because of user-agent change, but I'm not sure. What can be the cause?
(Sessions work successfully except this case. I use CakePHP 2.4)
Cake has a setting which will check the user agent of the browser. If it changes will destroy the session. Turn this setting off:
Session.checkAgent
i am trying to change user agent in php.ini file as follows.
user_agent="Mozilla/5.0 (iPhone Simulator; U;
CPU iPhone OS 4_3_2 like Mac OD X; en-us)
AppleWebKit/535.17.9(KHTML, like Gecko)
Version/5.0.2 Mobile/8H7Safari/6533.18.5"
after that when i check user agent in my php file with following command and this show that user agent has not been change.
echo $_SERVER['HTTP_USER_AGENT'];
this shows : Mozilla/5.0 (compatible; MSIE 9.0; Windows NT 6.1; Win64; x64; Trident/5.0)
which is still not iphone user agent which i have set in php.ini file.
so please help me how to set user agent in php.ini file which switch my browser request as iphone browser request.
i have also tried with following command.
ini_set('user_agent', 'Mozilla/5.0 (iPhone Simulator; U;
CPU iPhone OS 4_3_2 like Mac OD X; en-us)
AppleWebKit/535.17.9 (KHTML, like Gecko) Version/5.0.2
Mobile/8H7 Safari/6533.18.5');
this also gives same result and i am unable to switch to iphone browser request.
I'm afraid you've misunderstood. The user_agent setting in php.ini has nothing to do with $_SERVER['HTTP_USER_AGENT].
The setting in php.ini is used as a default for when PHP does HTTP requests, for example with cURL.
$_SERVER['HTTP_USER_AGENT'] contains the user agent that the web browser sent along with its request to your PHP script. That's why it's showing MSIE because you're viewing the page in MSIE.
If you want to send a different user agent from your browser, you'll have to use a browser plugin unless the browser allows you to freely modify it. For example like this.
I'm trying to request page on remote server using PHP-CURL which returns data on https only.
The user agent must be mobile browser.
I've set below user agent rite now :
Mozilla/4.1(compatible;Symbian OS;MSIE 5.0;Nokia 3650;424)Opera 6.10 [en]
When i request page using above user agent, it says my browser does not support https. If anyone knows which user agent i shall set in my curl request then please help me.
Thanks in advance.
Try Android Browser user agent
Mozilla/5.0 (Linux; U; Android 2.1-update1; ru-ru; GT-I9000 Build/ECLAIR) AppleWebKit/530.17 (KHTML, like Gecko) Version/4.0 Mobile Safari/530.17
Or Opera Mini
Opera/9.60 (J2ME/MIDP; Opera Mini/4.2.14912/812; U; ru) Presto/2.4.15
I have a client who is trying to determine traffic metrics, to his site by way of those "URL shortened" sites: (tinyurl.com, bit.ly and x.co) to be specific, and to take action based on that traffic...
We would have thought that the HTTP_REFERER variable would have held the referring resource name, the shortened URL from that service. Instead the HTTP_REFERER field is empty and if read in some browsers its actually not even there (I guess NULL?).
Here is an example of an attempt to enter a shortened URL that goes to my client's site and the name of the page is x.php:
HTTP_CONNECTION:keep-alive HTTP_KEEP_ALIVE:115 HTTP_ACCEPT:text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8,application/json HTTP_ACCEPT_CHARSET:ISO-8859-1,utf-8;q=0.7,*;q=0.7 HTTP_ACCEPT_ENCODING:gzip,deflate HTTP_ACCEPT_LANGUAGE:en-us,en;q=0.5 HTTP_COOKIE:ASPSESSIONDQADBDABT=HAEFPIOBONKMOIJFDGNHHEM HTTP_HOST:www.<myclientswebsite>.com HTTP_USER_AGENT:Mozilla/5.0 (Windows; U; Windows NT 6.1; en-US; rv:1.9.2.8) Gecko/20100722 Firefox/3.6.8 (.NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729)
Why wouldnt the http://x.co shortened URL show up in the header info OR am I not looking in the correct place?
My client would ultimately like to redirect incoming traffic to the appropriate resource within his website AND/OR out to other sites he owns.
UPDATE: I've looked through his raw traffic logs and I cant find a specific referrer other than x.co or bit.ly, etc I do not see the "/" part.. Is there something I can change in his IIS6 settings, on his web server, that would allow us to see and utilize the information he's looking for, or are we just out of luck due to the design of the HTTP redirect?
Because the shortening services use response 301 or 302 and Location - there is no referer. Your browser does not pass it.
HTTP_REFERER is an optional header. In some cases they are stripped out (security software, proxies, etc).
In the case of URL shortening services, they probably do a header redirect and simply don't include HTTP_REFERER.