after hours and hours of research I leave it to you.
I am creating an administrator part for my site in MVC architecture with a .htaccess which redirects everything to a main index.php.
I made a classic connection system with a classic hash and some personal ip ban systems to avoid attacks.
Until then everything is normal, I use $_SESSION to keep the connection active and my session_start() is called before the site to be sure to be correctly placed.
the problem is that my session resets each time I refresh the page.
I did a lot of testing and I affirm that it resets well, I know that it is not from PHP, that I did not misuse my session but that chrome or gandi in one way or another another act on my session and break it to me.
For example, when I use chrome in private browsing or firefox or when I'm local I have no problem and the connection goes perfectly well
I haven't seen anyone with a similar problem and I don't know what to do, I uninstalled and reinstalled chrome, I reset some cookies, I reset some data but nothing to do, it doesn't change anything.
EDIT: here is some more code in order to be more clear on the problem
to show a concrete example of the problem, I made a test file which creates a session and adds 1 each time we refresh the page
on chrome it leaves me at 1 but in private browsing it adds me well +1 at each refresh
index.php (of my test project)
<?php
session_start();
// faire un compteur avec $_SESSION["count"] (comment for CoPilot)
if(!isset($_SESSION["count"])){
$_SESSION["count"] = 0;
}
$_SESSION["count"] += 1;
var_dump($_SESSION["count"]);
EDIT:
ok, so in private browsing I have this result and $_SESSION["count"] is incremented correctly
network pass private nav
but in normal browsing $_SESSION["count"] does not increment and 5 JS scripts are added to the request but I don't know where they come from, it may come from some Google Chrome extension but I have already tested without extension and with and it doesn't change anything, I don't understand why $_SESSION["count"] refuses to increment.
network pass normal nav
I finally solved the problem by resetting my site's cookies, which I thought I had done, but there might still be special cookies that were hindering the connection to the site, unfortunately I did not look at the data that did that but it must probably come from a bad manipulation on my part.
I can finally log in
thx all
This is something that I in practice so far I have not seen before.
I made a web app which works beautifully on all devices (so far I was thinking). Last week I received a few complaints that one part of the application does not work. Maybe I've reviewed over 100 times my code and I have not found a mistake and error behavior is that at one point the session expires or is just is not setup - which is not possible. The system was tested on a pile of users.
Today I received a response from a client that uses the iPhone 5. And really happens is that sessions are not working properly.
I use this session to force the user to open the pages in the order and that there is no possibility of jumping from page to page. If the user tries to skip the page, just go back to the beginning and need to re-start the process.
On the iPhone during the process returns me to the start and stop. It does not allow you to go to level 1 just returning back until you clear you cache.
This error happen randomly anywhere in process.
-To mention, I sessions not deleted until the user reache the end.
Is it possible that the iPhone has a problem with their browser or is error on my side?
Thanks!
This is what that solved the same problem i was facing earliar. May this will help..
the session problems for login page might occur because the url you are opening in the browser are not unique. for example If say you are creating a login page for your website, and you have created sessions successfully. Now, if you are logging in from url say http://geekzgarage.com then your session is limited to this url only. If you again open the above url like http://www.geekzgarage.com (note www. in both urls), then you will see that you are not logged in. So please be sure that your webpage is opening always in single type of url. either with www. or without www.
Apologies if this question duplicates some other question, but I can't find one exactly like it in S.O.
I am writing a remotely hosted app, the kind that runs when you put a javascript on your own website page, where the src="some remote javascript.js". so, the script operates by calling every operation as a jsonp ajax. A lot of jsonp housekeeping, but otherwise works surprisingly well.
In the main remote js script, I set a user cookie when the user logs in. It works fine, the cookie is set for a year, and when you return to the page it continues recognizes you.
However, when I try to output the cookie (even after it has been set) using php, my php code does not see it for some reason.
If I alert(document.cookie); the cookie is displayed.
If I do a var_dump($_COOKIE); php returns array(0) { }.
This isn't a "you have to reload the page after setting the cookie with javascript" problem.
As far as I know, when I use the Firefox Web Developer extension to View Cookie Information, it is all happening on the same domain.
Looking over many other examples, it is clear that PHP should be able to read a cookie, even if set by javascript.
Even as I write this, I think a glimmer of what the problem is is starting to form in my head, that (possibly) a JSONP'd php script isn't going to see the cookie set by javascript.
I have PHP files running on a Unix server running PHP 5.3.6. These files do check a session variable as a form of securing access to them. The method has worked for me in the past and works most of the time here.
The problem I run into is sometimes when you are navigating a site, the open file dialog comes up instead of the browser navigating to that page. The file being offered for download is a php file of the same name as the one you listed, but is of 0 bytes. If you hit cancel and click the link again, often things continue working just fine. This is a problem, however, if you are submitting form information, for instance.
I have had this problem occasionally in the past, and even seen it a couple times on other corporate websites built with PHP (Facebook has done it two or three times), but not nearly as often as I get it with this particular site.
<?php
session_start();
$_SESSION['admin'] = 1;
header('Location: policy.php');
Is a portion of how the session is set (the actual credential checking left out because it's not necessary for the example).
<?php
require "../php/secure.php";
Is the top of every one of the "secure" pages. The contents of secure.php are:
<?php
session_start();
if( $_SESSION['admin'] != 1 )
{
header('Location: index.php');
}
That is the complete secure.php file, no closing ?>.
Any idea as to why this could be happening would be greatly appreciated, I cannot come up with any reason why this would be happening only some of the time and otherwise working perfectly.
Thank you.
You should use an HTTP inspector like fiddler2 or the FireFox addon TamperData to view the request and response when that is happening. Generally, one of the two following will have occurred to cause this:
You are sending a header which indicates that the type should be downloaded instead of displayed in the browser
You are writing out some data which the browser thinks it cannot render (e.g., bytes with ASCII values under 30 (0x1D), which are considered control characters and are not designed to be printed).
I have a site made with php which uses server side sessions throughout the site.
In fact, it's a site with a user login which depends on session variables and if there were a problem with all session variables, no pages would load at all.
On the site, there's an iframe that holds a feed of little messages from other users.
Those little messages have clickable photos next to them that open the user's profile.
Now, each page requires some formatting to open the user's profile on that specific page...there's really only a few problem pages, but those pages have to have the onclick functions formatted a little differently or they break the page.
So I set a session variable on each page ($_SESSION["current_page"]) that lets the feed know how to format the clickable photos. Now Firefox, Opera, Chrome, Safari all work as they are supposed to.
But IE6 and IE7 are having problems on the pages that require special formatting.
So after pulling my hair out a bit, I eventually got around to printing my session variables form the server.
And lo and behold, on the special pages, ($_SESSION["current_page"]) is always set to "main" instead of "special1" or "special2".
I printed the same session variable in Firefox and all the other browsers I mentioned and they print out "special1" or "special2" as they're supposed to.
Can anyone think of something - possibly related to the fact that the feed is in an iframe??? - that would cause IE to treat server side session variables differently or somehow launch page "main" silently in the background?
I have checked the feed very carefully for any reference to page "main" - it doesn't seem like there's any ways it's loading that page.
this doesn't make sense to me.
Check the name of the server machine. IE has problems with machine names that contain '-' or '_' - they cannot maintain a session! I've had this problem twice in the past, and it always takes me weeks to figure out, and I'm shocked IE hasn't fixed it.
Just rename the machine to have no strange characters! You can get it working if you just use the IP address of the server in the url to test.
IE has cookie issues with it's handling of iFrames which maybe causing the session issue you mention, take a look at these links
http://adamyoung.net/IE-Blocking-iFrame-Cookies
http://gathadams.com/2007/06/25/how-to-set-third-party-cookies-with-iframe-facebook-applications/
http://nileshtrivedi.in/blog/2008/09/01/iframe-cookies-and-internet-explorer/
Try testing the page while using some sort of monitoring proxy (I use Fiddler) and see what pages the browser requests. That might give you some clues to what's going on.
Also, try capturing the requests/responses from different browsers and see what IE is doing differently (order of requests, content of requests?).
To pinpoint the problem, can you rewrite the code without using SESSION (it's mentioned in one of the other answers)? Maybe IE is accessing the pages in different order than other browsers? Maybe it is requesting the main page more than once, which means that the session var is set to "main"? Without session variables, the pages won't affect each other's state.
In most cases, this php line at file begining will be enough:
header('P3P: CP=”NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM”');
If it isn't, for IE7 you may also try:
header('P3P: CP=”NOI ADM DEV PSAi COM NAV OUR OTRo STP IND DEM”');
header('Set-Cookie: SIDNAME=ronty; path=/; secure');
header('Cache-Control: no-cache');
header('Pragma: no-cache');
And if that doesn't work for IE6, you may use GET params for session ID:
header('location: land_for_sale.php?phpSESSID='.session_id());
I thought some people might find the solution to this problem interesting. Fiddler certainly helped here. Thanks to Fiddler, I could see that I was, in fact, hitting the page main.php (thus setting the session variable moments after setting it on the target page), but the server was defaulting there after getting a 302 on the root of the site. This was all happening silently in the background, and before my onload="" javascript ran.
So I was sure something on those pages was causing an error, but not a catastrophic one.
here it is: <img src= "" >
IE was freaking out about the blank src attribute and hitting the server root and the defaulting to page main. I don't fully understand the mechanics happening here. I also don't understand if this is how IE is supposed to behave (it is a malformed img tag after all) or not. Is this a bug?
I found if you added header('P3P: CP="CAO PSA OUR"'); to the top of your doc. It seems to have fixed the problem.
I had this problem, and it was due to the date on my dev box being out. Firefox didn't mind, IE and chrome were seeing the session as being expired as soon as it was set.
I have the same problem and it's SOLVED now.
The blank or empty attribute's values of any IMG tags cause the problem.
For me, I used JavaScript to change IMG object's source to an empty value.
Doing that could also make the problem.
If I understand it correctly, you are trying to use a session variable to pass data from a page to pages within iframes on that page? This doesn't seem a good way to go about it - why not just pass a GET variable into the iframe url i.e. ?current_page=special1 . I would think this would be more reliable as it does not rely on session state.
Remember also that the session variables will be the same for several pages of the same site that are open on a user's PC (e.g. on multiple tabs), which could cause odd behaviour.
Session data is stored on the server side, not the client. I would check the other pages, where this value would be set.
I had the same problem with ie7 and this is what I do:
If you have this problem using a IIS or Apache in Windows Server, look at the URL where you are redirecting it must be writed in the same way as the URL where you was before the redirection.
For example:
site.com/pages/index.php redirection to site.com/Pages/index2.php is going to loose the session in IE7 because the capital letter in Pages.
Maybe it's session.cookie_lifetime. I have faced the same problem. I updated session.cookie_lifetime: 4500 to session.cookie_lifetime:0. This means the session cookie never expires until the browser shuts down.