Problem: When I delete my session cookie and hit refresh in chrome all my form data and other settings remain. (essentially the session is still active)
When I close Chrome and relaunch everything is fine. Session is cleared. (I am running the no history extension so perhaps this has some effect on this behavior)
What could be causing this?
Related
I'm using Symfony Session component with NativeStorage.
The initialization is very simple (session property has type Symfony\Component\HttpFoundation\Session\Session)
$this->session->start();
I'm facing a session issue during payment redirects, my application redirects user to Paypal payment, if the user push "abort" link in Paypal page it will be redirected to the abort page of the initial application.
During this second redirect somehow the session is refreshed and a new cookie and a session-id is activated.
I'm working with Firefox without private mode. I have tried to open the page manually in a new browser tab but the session is discarded in the same way.
What can cause a session expiration during a page redirect? The cookie generated is the standard cookie made by Symfony Session class and PHP:
Domain and protocol (https) dont change. The URL path changes from initial page to abort page.
UPDATE:
The issue seems to be connected to Firefox.
I have tested it with Chrome and works, I have tested the case with Firefox in privacy mode and it works... so I guess it is something wrong with my firefox sessions.
Chrome is not adhering to my Laravel Session setting 'expire_on_close' => false. When I close down Chrome, reopen the browser and navigate back to my url I am still logged in.
I'm aware that this post describes that Chrome will not fix/address this. BUT has anoyone come up with a solution or workaround that will force cookies to expire when the Chrome browser closes? Maybe a php.ini setting?
The only solution I can think of having my Laravel web app send ajax 'keep alive' pings every 5 minutes back to the server and record those in a mysql table against a cookie's uid. So when someone closes down Chrome and reopens it (after > 5mins) I will know their session has expired. But even this will fail for the usecase 'someone is working on a public computer, closes Chrome, another person opens chrome within < 5 mins and navigates to our website and is logged in as that first user'.
In Firefox (and Microsoft Edge) I'm seeing something that I assume is impossible.
I log into my website and get a PHPSESSID of 6a47272fa6d7b4de2292966bf77ddb51
I close Firefox
I reopen Firefox and I can see in the options that my website has no cookies set (as I expect)
I visit website again without Logging in and my session is still active (I'm still logged in) but my PHPSESSID is now 7d4117307c86faa7ea9dc7afe6b4b720
I'm not looking for a fix. I just want to know how this behavior is possible. How could PHP know which Session to resume if Firefox is not sending a PHPSESSID after the browser closes?
I don't see this happen in Chrome (the user needs to log in again as you would expect), but I do see it happen in Microsoft Edge.
After paying very close attention to my network tab in Firefox. I discovered that neither PHP nor Firefox remembered that I was logged in.
Rather my website was redirecting me to Google Sign In and Google Sign In has non session cookies that remembered I was logged in. So it quickly redirected me back to my website creating a new logged in session for the same user.
It was happening so fast it I could not tell that I was being redirected to Google until I watched the network tab.
Thanks Axalix for the suggestion.
I am facing one issue when I close my chrome browser and it will not show my cookies information in where I print information using $_COOKIE
I set Cookies for 30 days here is the code which is used to set cookies:
setcookie("cookie[".$_product->getSku()."]","".$_product->getSku()."",time()+2592000,'/','new.domain.com',true);
my site is secure so I set true as last parameter
it shows correct cookies information if I am not closing my browser but when O close my browser and come again it will not show the information which I set in cookies.
But when I show cookies information it will show me the cookies which were set earlier.
i also set setting of chrome to unchecked the option so when i close browser it will not delete my cookies too from chrome browser setting.
cookies is working correctly in FireFox eventhough if i close browser, but i can't get an idea what is the issue comes in chrome so if anybody is there which has faced this type of issue then please let me know what i can do to solve this issue
note: i also set expire time of cookies
Odd that it works in Firefox. I assume your Chrome installation is up to date!? Have you tried using setcookie() whist omitting the path and domain parameters to see if that alerts the behaviour in Chrome?
Let a user using Mozilla browser , On three tabs he login to his yahoo account ,gmail and hotmail.
Now if we Clear Recent History , all three session will be cleared.
But at the same time if there is another session in any another browser it will not be cleared.
So What i am trying to ask here is , the cookies and session related details ,browser cache will be in the local computer and it will be cleared on clearing history.
But is it browser specific?
The cookie and all will have any browser specific id , how it will differentiate that now clear the IE history or clear chrome history.
You can in fact use two different accounts on two different browsers at the same time. The browser history/cookies etc are specific to the browser in question.
There isn't a "standard" where browser save their settings, each do it as they file. MSIE might use the Windows Registry while Firefox might use a local database file.
For the server to keep track of a client session a session id is sent to the client. Which the client uses in each request to the server.
On the local computer each browser has it's own way of saving the cookie files. So when you clear the cookies in Firefox, then the cookies saved by Firefox will be deleted. Same thing with Chrome, IE, Safari etc.
They could even be using a own way of serializing the cookies for all that I know.