This is something that I in practice so far I have not seen before.
I made a web app which works beautifully on all devices (so far I was thinking). Last week I received a few complaints that one part of the application does not work. Maybe I've reviewed over 100 times my code and I have not found a mistake and error behavior is that at one point the session expires or is just is not setup - which is not possible. The system was tested on a pile of users.
Today I received a response from a client that uses the iPhone 5. And really happens is that sessions are not working properly.
I use this session to force the user to open the pages in the order and that there is no possibility of jumping from page to page. If the user tries to skip the page, just go back to the beginning and need to re-start the process.
On the iPhone during the process returns me to the start and stop. It does not allow you to go to level 1 just returning back until you clear you cache.
This error happen randomly anywhere in process.
-To mention, I sessions not deleted until the user reache the end.
Is it possible that the iPhone has a problem with their browser or is error on my side?
Thanks!
This is what that solved the same problem i was facing earliar. May this will help..
the session problems for login page might occur because the url you are opening in the browser are not unique. for example If say you are creating a login page for your website, and you have created sessions successfully. Now, if you are logging in from url say http://geekzgarage.com then your session is limited to this url only. If you again open the above url like http://www.geekzgarage.com (note www. in both urls), then you will see that you are not logged in. So please be sure that your webpage is opening always in single type of url. either with www. or without www.
Related
Note: I have updated and rewritten my question to try and solve this issue point by point. Cheers.
I have a problem and I'm not immediately sure how to go about resolving it.
I have been building a secured login system on a HTTPS server (with a grade of "A" by SSL-labs, if that's worth anything ), and it works fine, however today it is refusing to log me in, with some debugging I have found something very odd (in my view).
I have some serious issues with session handling on the website, the different pages use the same session data (of course) and the same session /cookie settings, and they pass the information between each other correctly, BUT the behaviour of my browser appears to be as if there are two browsers visiting the same websites, using the same session data.
Symptoms - Because I have been having inconsistencies with page generated session content (unique hash token) not fitting the same data saved in the login form (as a $_POST value), I was finding that as there is only one line in the whole site that sets the value of the session, this line must be running twice. So I set a counter value in the session, on the form page as session['counter']. each time the page loads, the counter +1's. My problem is specifically with this:
Login page:
Opens page,
session hash-string is generated and saved to the post form.
session counter = counter + 1;
Form is filled in.
Login auth' page:
fails to verify the posted hash-string is the same as the session hash
string, despite there being no other cause for the session values to
change (well there must be, but I can't see it!)
But, then going back to the Login Page I see that the counter = last value + 2! Also, the counter value recorded on the session file saved on the server is always +1 to the value displayed on the login page.
Some images:
Login Form Page: Please note that this is above the HTML output and is the last place on the code where any SESSION data is edited.
Output :
Please note the number relating to the counter in image 1.
My session file, this file relates to this specific browser session and only 1 session file as I am the only browser on the site.
The string CheckDrop is the hash value to compare but the counter is at 12 rather than 11, which is displayed in image 2 above.
My site is HTTPS authed although this work is on a subdomain.
This issue has been happening for the last 3 hours but inconsistently, it magically worked for about 40 minutes earlier today (just before posting this post). but I had done nothing I could see as changing the environment.
I have previously compared phpinfo data and session setup data it all looks correct at point of browser output. It does not seem to be caused by my settings.
It happens on different browsers on my PC.
Further Work
After spending hours debugging and working through this, it appears to be a browser issue. I have renamed the pages (one page was called index while it was not defined in .htaccess as the directory listing page which may have possibly caused a browser to open it twice).
I have cleared all associated data: sessions / database records / browser history, and have come across something:
Firefox now logs in as expected, the counter is count+1 and the login works, however on Chrome the exact same log in on the same pages does not work and the browser appears to load twice, the counter = counter + 2. Chrome also leaves two records in the database at each load rather than the expected one.
Chrome version 45.0.24
Firefox version 42.0
Page double counts and runs script twice on Safari and Chrome. On Firefox, Opera and MSIE it works as intended.
Any ideas why this is occurring?
How can I go about trying to solve this problem?
The original issue was caused by the naming of the webpages, there was a webpage named "index.php" but this page was NOT the index, instead "loggedIn.php" was the index page for the site, as defined in .htaccess
Having an index.php page that was not an index seemed to confuse a lot of browsers. This [part of] the issue was resolved by renaming all the pages and setting an index.php page that used PHP headers to redirect people to the suitable page (based on if logged in or not) .
The issue remained with Chrome and Safari.
After a long time reading lots of issues about Chrome, the solution was frankly pathetic,
https://code.google.com/p/chromium/issues/detail?id=64810
This link lists various issues relating to this problem of Chrome double loading, if certain markup elements are not present. As my page above are very simple, there wasn't a lot that applied, but Google Chrome will silently request the favicon.ico file and then if it doesn't find it, will reload the page but only output the first page (from Chrome memory cache).
This is an epically stupid bug in Chrome that has cost me most of a day. Safari still persists in loading the PHP script twice,
I might be a little late to the party, but I've found another reason why this was happening for me. I created the following page:
<!DOCTYPE html>
<html>
<head>
</head>
<body>
<?php
error_log('Loaded');
?>
</body>
</html>
Even this minimal page was loading twice, but only in Chrome, so I started investigating, and found Mendeley Web Importer Chrome extension to be causing this behaviour. Simply disabling it solved the issue for me.
I suppose your problem is with Internet Explorer... I had the same problem and I discovered, with incredible surprise and shock, that internet explorer 10 will send a different "user agent" value, from request to request.
When I saw it for the first time I was really impressed by the absurdity of the fact, but that's completely sure. I tested it very deeply and you cannot trust the Internet Explorer "user agent" string to be the same from request to request.
I had to remove that string from the hashing login string
I have ran into a serious problem that must be resolved before continuing with the development.
My boss created the app, for him it works exactly as expected - the user is logged in, the data is accessible, everything works. BUT for every other user, $facebook->getUser() ALWAYS returns 0, no matter what. Obviously, I'm logged into facebook, there is also a login link in the app, but clicking it doesn't work, nothing changes.
This problem only occurs for users that are not in any way connected to the app!
I confirmed my developer request to that app a few days ago and it now works for my account, before that it did not work, not for me, not for any other user we tried, no matter if the app was public or in dev mode, which technically shouldn't matter for authentication.
We tried many things, eventually existing code shared on the internet, like the code from the bottom of this article: http://www.thegeekstuff.com/2014/03/develop-facebook-app/
(with our own app ID and secret, of course)
Not that it changed anything, but just to give you a ready code example.
Even if I deleted everything below "$user = $facebook->getUser();" and just put echo $user; die(); after that, it always showed the user ID as 0.
Another thing I've noticed that might help in solving this problem is the following: with the same code from the article, my boss' session contains several variables at all times, but when I open the app with a non-dev user, at first there is only the "fb_app-id_state" variable, and when I refresh the page, it gets deleted and session is empty. If I refresh the page again, the variable is created again with a different value, another refresh and it's gone again, and so on.
After a day of trying to get this shit to work with PHP, I switched to the JS SDK. Apparently it also doesn't work, however, I have yet to receive specifics from my boss since I don't have a fake account to test it myself.
The obvious question is: what is going on and why isn't the authentication working as expected?
Edit: my code - http://pastebin.com/qCPtfTHs
You need looking for app settings. Only owner, app admin, dev, can use your aplication on sandbox mode. All other users this app dont work or work buggy. Remove test mode, and put out app in live mode.
I recently got Pair Networks to migrate my app to a new pair server. Since then I noticed the following:
Some users with extra permission are no longer able to access those areas they should normally have permission for. They get redirected to the login page which also serves as the Access Denied page.
Some pages with forms now redirect users to login.php on submit of the form. Form data are submitted to the db as expected though.
I have checked the db and the users are configured correctly. Also, user do not lose session when this happens, as they can click Back and navigate to a different area. I have also had a look at the log files but unable to gather much apart from the HTTP 302 code appearing a number or times to login.php probably describing the redirect to the login page.
Can anyone please suggest what could be responsible for this? Could it be a configuration problem and how can I deal with that? Could it be a conflict in those two servers I don't suppose it's pair's server, as I haven't really encountered similar problems in the past.
Any directions will be very much appreciated.
Seams like you are using PHP sessions out of the box, PHP is probably storing temp cookies on a folder that gets cleaned way to often.
If this is the case there is a security risk as the folder is server-shared and your services can be compromised.
A simple way to fix this is to change your session_save_path that can be done in the following fashion:
<?php
session_save_path('/home/example.com/sessions'); // where this a personal directory
ini_set('session.gc_probability', 1);
?>
I have a Facebook application and I need to know everytime a user stops using it (closed the browser, logged out from facebook, moved to another page, etc)
Anyway of doing this?? I'm using PHP and Graph Api
Thanks!
The most common way to do something like this is to keep track of the user's last access to one of your pages, and classify them as "offline" if no access has occurred in the last x minutes. If you really need to, you can do continuous ajax calls to your server to keep the status updated. That way you can know pretty quickly if a user closes the page or navigates away.
I have never tried it, but you could also experiment with making an ajax call in the page's unload event handler. But even that wouldn't catch everything that should probably count as "leaving" the app. That's why the "no action in x minutes" approach is generally used, it has lag but it catches everything including the user just walking away from the computer.
I've encountered a weird problem. It seems that some of my controllers' index() methods are being executed 3 times when it should only be doing it once. The reason I found this out is because I am logging the number of times the index() method is executed -- and noticed records being inserted in 3s.
At this point, I am at a complete lost. I am unable to describe the problem any further as it is just very odd to me. Any ideas what might be happening?
UPDATE: It seems that the problem only exist when I have JavaScript turned on. When I turned of JavaScript, I no longer get the multiple entries. The problem controllers do have JavaScript. The JS is just some FB plugin and Google AdSense stuff.
I once had this kind of problem, the delay between requests was about 2-5 seconds. The cause was google adsense. It somehow makes another request from it's own server for no reason to the same page. To verify it, just store every requests IP and the user agent, if IP's (user agents too) are different, then you know the cause.
Solution? Give the user some kind of a token before visiting next page - if the token doesn't match on the next request - it's not the same user. Something like a XSRF protection :)