PHP How to stop Chrome loading a page twice - php

Note: I have updated and rewritten my question to try and solve this issue point by point. Cheers.
I have a problem and I'm not immediately sure how to go about resolving it.
I have been building a secured login system on a HTTPS server (with a grade of "A" by SSL-labs, if that's worth anything ), and it works fine, however today it is refusing to log me in, with some debugging I have found something very odd (in my view).
I have some serious issues with session handling on the website, the different pages use the same session data (of course) and the same session /cookie settings, and they pass the information between each other correctly, BUT the behaviour of my browser appears to be as if there are two browsers visiting the same websites, using the same session data.
Symptoms - Because I have been having inconsistencies with page generated session content (unique hash token) not fitting the same data saved in the login form (as a $_POST value), I was finding that as there is only one line in the whole site that sets the value of the session, this line must be running twice. So I set a counter value in the session, on the form page as session['counter']. each time the page loads, the counter +1's. My problem is specifically with this:
Login page:
Opens page,
session hash-string is generated and saved to the post form.
session counter = counter + 1;
Form is filled in.
Login auth' page:
fails to verify the posted hash-string is the same as the session hash
string, despite there being no other cause for the session values to
change (well there must be, but I can't see it!)
But, then going back to the Login Page I see that the counter = last value + 2! Also, the counter value recorded on the session file saved on the server is always +1 to the value displayed on the login page.
Some images:
Login Form Page: Please note that this is above the HTML output and is the last place on the code where any SESSION data is edited.
Output :
Please note the number relating to the counter in image 1.
My session file, this file relates to this specific browser session and only 1 session file as I am the only browser on the site.
The string CheckDrop is the hash value to compare but the counter is at 12 rather than 11, which is displayed in image 2 above.
My site is HTTPS authed although this work is on a subdomain.
This issue has been happening for the last 3 hours but inconsistently, it magically worked for about 40 minutes earlier today (just before posting this post). but I had done nothing I could see as changing the environment.
I have previously compared phpinfo data and session setup data it all looks correct at point of browser output. It does not seem to be caused by my settings.
It happens on different browsers on my PC.
Further Work
After spending hours debugging and working through this, it appears to be a browser issue. I have renamed the pages (one page was called index while it was not defined in .htaccess as the directory listing page which may have possibly caused a browser to open it twice).
I have cleared all associated data: sessions / database records / browser history, and have come across something:
Firefox now logs in as expected, the counter is count+1 and the login works, however on Chrome the exact same log in on the same pages does not work and the browser appears to load twice, the counter = counter + 2. Chrome also leaves two records in the database at each load rather than the expected one.
Chrome version 45.0.24
Firefox version 42.0
Page double counts and runs script twice on Safari and Chrome. On Firefox, Opera and MSIE it works as intended.
Any ideas why this is occurring?
How can I go about trying to solve this problem?

The original issue was caused by the naming of the webpages, there was a webpage named "index.php" but this page was NOT the index, instead "loggedIn.php" was the index page for the site, as defined in .htaccess
Having an index.php page that was not an index seemed to confuse a lot of browsers. This [part of] the issue was resolved by renaming all the pages and setting an index.php page that used PHP headers to redirect people to the suitable page (based on if logged in or not) .
The issue remained with Chrome and Safari.
After a long time reading lots of issues about Chrome, the solution was frankly pathetic,
https://code.google.com/p/chromium/issues/detail?id=64810
This link lists various issues relating to this problem of Chrome double loading, if certain markup elements are not present. As my page above are very simple, there wasn't a lot that applied, but Google Chrome will silently request the favicon.ico file and then if it doesn't find it, will reload the page but only output the first page (from Chrome memory cache).
This is an epically stupid bug in Chrome that has cost me most of a day. Safari still persists in loading the PHP script twice,

I might be a little late to the party, but I've found another reason why this was happening for me. I created the following page:
<!DOCTYPE html>
<html>
<head>
</head>
<body>
<?php
error_log('Loaded');
?>
</body>
</html>
Even this minimal page was loading twice, but only in Chrome, so I started investigating, and found Mendeley Web Importer Chrome extension to be causing this behaviour. Simply disabling it solved the issue for me.

I suppose your problem is with Internet Explorer... I had the same problem and I discovered, with incredible surprise and shock, that internet explorer 10 will send a different "user agent" value, from request to request.
When I saw it for the first time I was really impressed by the absurdity of the fact, but that's completely sure. I tested it very deeply and you cannot trust the Internet Explorer "user agent" string to be the same from request to request.
I had to remove that string from the hashing login string

Related

PHP Session reset on refresh with chrome but stay normal in private navigation

after hours and hours of research I leave it to you.
I am creating an administrator part for my site in MVC architecture with a .htaccess which redirects everything to a main index.php.
I made a classic connection system with a classic hash and some personal ip ban systems to avoid attacks.
Until then everything is normal, I use $_SESSION to keep the connection active and my session_start() is called before the site to be sure to be correctly placed.
the problem is that my session resets each time I refresh the page.
I did a lot of testing and I affirm that it resets well, I know that it is not from PHP, that I did not misuse my session but that chrome or gandi in one way or another another act on my session and break it to me.
For example, when I use chrome in private browsing or firefox or when I'm local I have no problem and the connection goes perfectly well
I haven't seen anyone with a similar problem and I don't know what to do, I uninstalled and reinstalled chrome, I reset some cookies, I reset some data but nothing to do, it doesn't change anything.
EDIT: here is some more code in order to be more clear on the problem
to show a concrete example of the problem, I made a test file which creates a session and adds 1 each time we refresh the page
on chrome it leaves me at 1 but in private browsing it adds me well +1 at each refresh
index.php (of my test project)
<?php
session_start();
// faire un compteur avec $_SESSION["count"] (comment for CoPilot)
if(!isset($_SESSION["count"])){
$_SESSION["count"] = 0;
}
$_SESSION["count"] += 1;
var_dump($_SESSION["count"]);
EDIT:
ok, so in private browsing I have this result and $_SESSION["count"] is incremented correctly
network pass private nav
but in normal browsing $_SESSION["count"] does not increment and 5 JS scripts are added to the request but I don't know where they come from, it may come from some Google Chrome extension but I have already tested without extension and with and it doesn't change anything, I don't understand why $_SESSION["count"] refuses to increment.
network pass normal nav
I finally solved the problem by resetting my site's cookies, which I thought I had done, but there might still be special cookies that were hindering the connection to the site, unfortunately I did not look at the data that did that but it must probably come from a bad manipulation on my part.
I can finally log in
thx all

iPhone problems with PHP sessions

This is something that I in practice so far I have not seen before.
I made a web app which works beautifully on all devices (so far I was thinking). Last week I received a few complaints that one part of the application does not work. Maybe I've reviewed over 100 times my code and I have not found a mistake and error behavior is that at one point the session expires or is just is not setup - which is not possible. The system was tested on a pile of users.
Today I received a response from a client that uses the iPhone 5. And really happens is that sessions are not working properly.
I use this session to force the user to open the pages in the order and that there is no possibility of jumping from page to page. If the user tries to skip the page, just go back to the beginning and need to re-start the process.
On the iPhone during the process returns me to the start and stop. It does not allow you to go to level 1 just returning back until you clear you cache.
This error happen randomly anywhere in process.
-To mention, I sessions not deleted until the user reache the end.
Is it possible that the iPhone has a problem with their browser or is error on my side?
Thanks!
This is what that solved the same problem i was facing earliar. May this will help..
the session problems for login page might occur because the url you are opening in the browser are not unique. for example If say you are creating a login page for your website, and you have created sessions successfully. Now, if you are logging in from url say http://geekzgarage.com then your session is limited to this url only. If you again open the above url like http://www.geekzgarage.com (note www. in both urls), then you will see that you are not logged in. So please be sure that your webpage is opening always in single type of url. either with www. or without www.

PHP does not read my cookie set with javascript

Apologies if this question duplicates some other question, but I can't find one exactly like it in S.O.
I am writing a remotely hosted app, the kind that runs when you put a javascript on your own website page, where the src="some remote javascript.js". so, the script operates by calling every operation as a jsonp ajax. A lot of jsonp housekeeping, but otherwise works surprisingly well.
In the main remote js script, I set a user cookie when the user logs in. It works fine, the cookie is set for a year, and when you return to the page it continues recognizes you.
However, when I try to output the cookie (even after it has been set) using php, my php code does not see it for some reason.
If I alert(document.cookie); the cookie is displayed.
If I do a var_dump($_COOKIE); php returns array(0) { }.
This isn't a "you have to reload the page after setting the cookie with javascript" problem.
As far as I know, when I use the Firefox Web Developer extension to View Cookie Information, it is all happening on the same domain.
Looking over many other examples, it is clear that PHP should be able to read a cookie, even if set by javascript.
Even as I write this, I think a glimmer of what the problem is is starting to form in my head, that (possibly) a JSONP'd php script isn't going to see the cookie set by javascript.

Clicking a link sometimes causes Open File dialog instead of navigating to the page

I have PHP files running on a Unix server running PHP 5.3.6. These files do check a session variable as a form of securing access to them. The method has worked for me in the past and works most of the time here.
The problem I run into is sometimes when you are navigating a site, the open file dialog comes up instead of the browser navigating to that page. The file being offered for download is a php file of the same name as the one you listed, but is of 0 bytes. If you hit cancel and click the link again, often things continue working just fine. This is a problem, however, if you are submitting form information, for instance.
I have had this problem occasionally in the past, and even seen it a couple times on other corporate websites built with PHP (Facebook has done it two or three times), but not nearly as often as I get it with this particular site.
<?php
session_start();
$_SESSION['admin'] = 1;
header('Location: policy.php');
Is a portion of how the session is set (the actual credential checking left out because it's not necessary for the example).
<?php
require "../php/secure.php";
Is the top of every one of the "secure" pages. The contents of secure.php are:
<?php
session_start();
if( $_SESSION['admin'] != 1 )
{
header('Location: index.php');
}
That is the complete secure.php file, no closing ?>.
Any idea as to why this could be happening would be greatly appreciated, I cannot come up with any reason why this would be happening only some of the time and otherwise working perfectly.
Thank you.
You should use an HTTP inspector like fiddler2 or the FireFox addon TamperData to view the request and response when that is happening. Generally, one of the two following will have occurred to cause this:
You are sending a header which indicates that the type should be downloaded instead of displayed in the browser
You are writing out some data which the browser thinks it cannot render (e.g., bytes with ASCII values under 30 (0x1D), which are considered control characters and are not designed to be printed).

PHP session doesn't work with IE

I have a site made with php which uses server side sessions throughout the site.
In fact, it's a site with a user login which depends on session variables and if there were a problem with all session variables, no pages would load at all.
On the site, there's an iframe that holds a feed of little messages from other users.
Those little messages have clickable photos next to them that open the user's profile.
Now, each page requires some formatting to open the user's profile on that specific page...there's really only a few problem pages, but those pages have to have the onclick functions formatted a little differently or they break the page.
So I set a session variable on each page ($_SESSION["current_page"]) that lets the feed know how to format the clickable photos. Now Firefox, Opera, Chrome, Safari all work as they are supposed to.
But IE6 and IE7 are having problems on the pages that require special formatting.
So after pulling my hair out a bit, I eventually got around to printing my session variables form the server.
And lo and behold, on the special pages, ($_SESSION["current_page"]) is always set to "main" instead of "special1" or "special2".
I printed the same session variable in Firefox and all the other browsers I mentioned and they print out "special1" or "special2" as they're supposed to.
Can anyone think of something - possibly related to the fact that the feed is in an iframe??? - that would cause IE to treat server side session variables differently or somehow launch page "main" silently in the background?
I have checked the feed very carefully for any reference to page "main" - it doesn't seem like there's any ways it's loading that page.
this doesn't make sense to me.
Check the name of the server machine. IE has problems with machine names that contain '-' or '_' - they cannot maintain a session! I've had this problem twice in the past, and it always takes me weeks to figure out, and I'm shocked IE hasn't fixed it.
Just rename the machine to have no strange characters! You can get it working if you just use the IP address of the server in the url to test.
IE has cookie issues with it's handling of iFrames which maybe causing the session issue you mention, take a look at these links
http://adamyoung.net/IE-Blocking-iFrame-Cookies
http://gathadams.com/2007/06/25/how-to-set-third-party-cookies-with-iframe-facebook-applications/
http://nileshtrivedi.in/blog/2008/09/01/iframe-cookies-and-internet-explorer/
Try testing the page while using some sort of monitoring proxy (I use Fiddler) and see what pages the browser requests. That might give you some clues to what's going on.
Also, try capturing the requests/responses from different browsers and see what IE is doing differently (order of requests, content of requests?).
To pinpoint the problem, can you rewrite the code without using SESSION (it's mentioned in one of the other answers)? Maybe IE is accessing the pages in different order than other browsers? Maybe it is requesting the main page more than once, which means that the session var is set to "main"? Without session variables, the pages won't affect each other's state.
In most cases, this php line at file begining will be enough:
header('P3P: CP=”NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM”');
If it isn't, for IE7 you may also try:
header('P3P: CP=”NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM”');
header('Set-Cookie: SIDNAME=ronty; path=/; secure');
header('Cache-Control: no-cache');
header('Pragma: no-cache');
And if that doesn't work for IE6, you may use GET params for session ID:
header('location: land_for_sale.php?phpSESSID='.session_id());
I thought some people might find the solution to this problem interesting. Fiddler certainly helped here. Thanks to Fiddler, I could see that I was, in fact, hitting the page main.php (thus setting the session variable moments after setting it on the target page), but the server was defaulting there after getting a 302 on the root of the site. This was all happening silently in the background, and before my onload="" javascript ran.
So I was sure something on those pages was causing an error, but not a catastrophic one.
here it is: <img src= "" >
IE was freaking out about the blank src attribute and hitting the server root and the defaulting to page main. I don't fully understand the mechanics happening here. I also don't understand if this is how IE is supposed to behave (it is a malformed img tag after all) or not. Is this a bug?
I found if you added header('P3P: CP="CAO PSA OUR"'); to the top of your doc. It seems to have fixed the problem.
I had this problem, and it was due to the date on my dev box being out. Firefox didn't mind, IE and chrome were seeing the session as being expired as soon as it was set.
I have the same problem and it's SOLVED now.
The blank or empty attribute's values of any IMG tags cause the problem.
For me, I used JavaScript to change IMG object's source to an empty value.
Doing that could also make the problem.
If I understand it correctly, you are trying to use a session variable to pass data from a page to pages within iframes on that page? This doesn't seem a good way to go about it - why not just pass a GET variable into the iframe url i.e. ?current_page=special1 . I would think this would be more reliable as it does not rely on session state.
Remember also that the session variables will be the same for several pages of the same site that are open on a user's PC (e.g. on multiple tabs), which could cause odd behaviour.
Session data is stored on the server side, not the client. I would check the other pages, where this value would be set.
I had the same problem with ie7 and this is what I do:
If you have this problem using a IIS or Apache in Windows Server, look at the URL where you are redirecting it must be writed in the same way as the URL where you was before the redirection.
For example:
site.com/pages/index.php redirection to site.com/Pages/index2.php is going to loose the session in IE7 because the capital letter in Pages.
Maybe it's session.cookie_lifetime. I have faced the same problem. I updated session.cookie_lifetime: 4500 to session.cookie_lifetime:0. This means the session cookie never expires until the browser shuts down.

Categories