PHP session cleared after page loads in ie - php
I'm working on a site that has a My Account section that the user has to login to. I'm storing the users basic information in the session after they have logged in.
I'm having no problem in Chrome or Firefox with this. However, in IE 8 I login, and it redirects to the main back office page. It loads, but right after the session is cleared. I tested this by printing the session after session_start() then again at the end of the page. All the information is there when the page loads. If I open a separate page and print out the session right after, it's already cleared. Again, only in IE does this happen.
Is there something I'm missing here?
CODE
This is the code on all of the Account pages.
<?php
require_once('inc_session.php');
require_once('bo_session_check.php');
?>
On the page logged into (backoffice.php), the only other time the session is used, is when it is read to determine what kind of account the person has logged into, for example:
<?php if($_SESSION['user_type']=='member'){?>
Code for inc_session.php
<?php
if(!isset($_SESSION['is_mobile'])){
$mobile_browser = '0';
if (preg_match('/(up.browser|up.link|mmp|symbian|smartphone|midp|wap|phone|android)/i', strtolower($_SERVER['HTTP_USER_AGENT']))) {
$mobile_browser++;
}
if ((strpos(strtolower($_SERVER['HTTP_ACCEPT']),'application/vnd.wap.xhtml+xml') > 0) or ((isset($_SERVER['HTTP_X_WAP_PROFILE']) or isset($_SERVER['HTTP_PROFILE'])))) {
$mobile_browser++;
}
$mobile_ua = strtolower(substr($_SERVER['HTTP_USER_AGENT'], 0, 4));
//echo $_SERVER['HTTP_USER_AGENT'];
$mobile_agents = array(
'w3c ','acs-','alav','alca','amoi','audi','avan','benq','bird','blac',
'blaz','brew','cell','cldc','cmd-','dang','doco','eric','hipt','inno',
'ipaq','java','jigs','kddi','keji','leno','lg-c','lg-d','lg-g','lge-',
'maui','maxo','midp','mits','mmef','mobi','mot-','moto','mwbp','nec-',
'newt','noki','oper','palm','pana','pant','phil','play','port','prox',
'qwap','sage','sams','sany','sch-','sec-','send','seri','sgh-','shar',
'sie-','siem','smal','smar','sony','sph-','symb','t-mo','teli','tim-',
'tosh','tsm-','upg1','upsi','vk-v','voda','wap-','wapa','wapi','wapp',
'wapr','webc','winw','winw','xda ','xda-');
if (in_array($mobile_ua,$mobile_agents)) {
$mobile_browser++;
}
if (strpos(strtolower($_SERVER['ALL_HTTP']),'OperaMini') > 0) {
$mobile_browser++;
}
if (strpos(strtolower($_SERVER['HTTP_USER_AGENT']),'ipad') > 0) {
$mobile_browser++;
}
if (strpos(strtolower($_SERVER['HTTP_USER_AGENT']),'windows') > 0) {
$mobile_browser = 0;
}
if ($mobile_browser > 0) {
$_SESSION['is_mobile']='yes';
}
else {
$_SESSION['is_mobile']='no';
}
}
/* TURN MOBILE SITE OFF */
//$_SESSION['is_mobile']='no';
$page=strtok($_SERVER["REQUEST_URI"],'?');
if(substr($page, 0, 3)!="/m/" && $_SESSION['is_mobile']=='yes' && substr($page,-3) =='php'){
if( isset($_SERVER['HTTPS'] ) && $_SERVER['HTTPS'] != 'off' ){
$heading='https://';
}else{
$heading='http://';
}
header("Location: " . $heading . $_SERVER["SERVER_NAME"] . "/m" . $_SERVER["REQUEST_URI"]);
exit();
}
$page=substr($page, strrpos($page, '/', -1));
$ssl_pages=array('/backoffice.php', '/login.php', '/login-partner.php', '/checkout.php', '/checkout_member.php', '/membership.php', '/partner.php');
if(in_array($page, $ssl_pages) || substr($page, 0, 3)=='/bo'){
if($_SERVER[HTTP_HOST]!='domain.com'){
header("Location: https://domain.com" . $_SERVER["REQUEST_URI"]);
}elseif($_SERVER["HTTPS"] != "on") {
header("HTTP/1.1 301 Moved Permanently");
header("Location: https://" . $_SERVER["SERVER_NAME"] . $_SERVER["REQUEST_URI"]);
exit();
}
}else{
if($_SERVER["HTTPS"] == "on"){
header("HTTP/1.1 301 Moved Permanently");
header("Location: http://" . $_SERVER["SERVER_NAME"] . $_SERVER["REQUEST_URI"]);
exit();
}
}
ini_set("session.cookie_domain", "domain.com");
session_start();
?>
This is bo_session_check.php
if(isset($_SESSION['agreed']) && $_SESSION['agreed']!="yes" && $_SESSION['admin']!="yes"){
/*
DEPRECIATED
header("location: bo_terms.php");
exit();
*/
$_SESSION['agreed']="yes";
}elseif(isset($_SESSION['user_id']) && $_SESSION['user_id']!=""){
/*ALL GOOD*/
}else{
/*YOU GOTTA GO*/
header("location: login.php");
exit();
}
?>
Here is the PHP Session Info
Since $_SESSION is handled server-side -- this is going to mean that cookies are disabled in IE8 -
You have session.use_only_cookies = On, which is fine, but just be aware that anyone with cookies turned off will fail to load your site properly.
However, this is not what is causing the issue.
From other StackOverflow answer:
Try putting [PHP code below] prior to starting the session - this would ensure that the session cookie will not expire until the browser is closed.
session_set_cookie_params(0);
Hope this helps solve your problem. Worst case scenario, pass the SESSION ID (SID) through the URLs in between page loads and redirects. Refer to this page in the PHP Manual on passing Session IDs. You would have to do this through the Location: http://URL that you have.
Related
php redirect to desktop site from mobile
I read alot from this site and try to create redirect to desktop site.
but it keep coming back to mobile site. At first, it was redirected but redirected back to mobile site while desktop site wasn't load completely.
Check the Full Site link
Here is my code -
$isPhone = preg_match('/' . implode($uaPhone, '|') . '/i', $uaFull);
$isMobile = preg_match('/' . implode($uaMobile, '|') . '/i', $uaStart);
if($isPhone || $isMobile) {
$_SESSION["mb"]="jaw";
}
if(!isset($_SESSION['desktop'])) {
$_SESSION['desktop'] = false;
} else if(isset($_GET['desktop']) && $_GET['desktop'] ==yes) {
$_SESSION['desktop'] = true;
}
if(!$_SESSION['desktop']) {
if (isset($_SESSION["MB"] )) {
header ("Location: http://vipnet.byethost7.com/mobile/m.index.html");
}
}
add exit after header
header ("Location: http://vipnet.byethost7.com/mobile/m.index.html");
to
header ("Location: http://vipnet.byethost7.com/mobile/m.index.html");
exit();
Session variables not being detected when submitting forms
So I've ran into a weird problem that's occurring sometimes when I submit forms. Occasionally after a form is submitted some session objects stop being detected on next page.
I include this at the top off all my pages for the login \ timeout security and it seems to be to problem (as when I remove it everything works fine) but I can't for the life of me figure out what the heck is going on. It's especially weird because it doesn't log me out, but session variables like group_id which I store when you log in stop working.
session_start();
if(isset($_SESSION["CREATED"])) {
if (isset($_SESSION['LAST_ACTIVITY']) && (time() - $_SESSION['LAST_ACTIVITY'] > 1800)) {
session_unset();
session_destroy();
$link = "https://" . $_SERVER["SERVER_NAME"] . "/";
header('Location: ' . $link, true, 301);
} else {
$_SESSION['LAST_ACTIVITY'] = time();
}
} else {
$link = "https://" . $_SERVER["SERVER_NAME"] . "/";
header('Location: ' . $link, true, 301);
}
PHP - Redirecting after login based on url query
I'm developing a user site in php. What I want to do, is allow people to use a ?return_to url variable to get back to the page they were on before they were asked to log in (for example, if they were on /me.php, then they will be redirected to login, and the url will be login.php?return_to=me.php.. I want to redirect to me.php after login.).
Currently, the way my system checks for login submission on the homepage is with the following:
if(isset($_POST['submitted']))
{
if($advena->Login())
{
$advena->RedirectToURL("/");
}
}
When I try to use
if (strpos($_SERVER['REQUEST_URI'], "?return_to") !== false){
$location .= "?return_to=" . urlencode($_GET["return_to"]);
if(isset($_POST['submitted']))
{
if($fgmembersite->Login())
{
$fgmembersite->RedirectToURL($location);
}
}
} else {
if(isset($_POST['submitted']))
{
if($fgmembersite->Login())
{
$fgmembersite->RedirectToURL("/");
}
}
}
It always redirects to "/" regardless of the presence of ?return_to. Here is the redirect php:
function RedirectToURL($url)
{
header("Location: $url");
exit;
}
Thank you in advance for any help anyone can provide :)
members.php - sample page
<?php
// set the return url value
$_SESSION['return_url'] = 'http://' . $_SERVER['HTTP_HOST'] . $_SERVER['REQUEST_URI'];
// redirect if not logged in
if (!not_logged_in()) {
header('Location: /login.php?return_to=' . rawurlencode($_SESSION['return_url']));
exit;
}
// checks if the user is logged in
function not_logged_in() {
return !isset($_SESSION['logged_in']);
}
?>
login.php - login page
<?php
if (isset($_POST['username'], $_POST['password'])) {
// do more...
// redirect
if (success()) {
// set a session for logged in user
$_SESSION['logged_in'] = sha1(time() . rand(0, 99999));
if (isset($_GET['return_to'], $_SESSION['return_url'])) {
$fgmembersite->RedirectToURL('/process.php?ret=' . urldecode($_GET['return_to']));
exit;
}
else {
$fgmembersite->RedirectToURL('/process.php');
exit;
}
}
}
?>
process.php - login processor
<?php
if (isset($_GET['return_to'], $_SESSION['return_url'])) {
# set: return url
$continue_url = rawurldecode($_GET['return_to']);
# do: redirect to the specified page
header("Location: {$continue_url}");
unset($_SESSION['return_url']);
# do: redirect with message
exit('Redirecting...');
}
else {
header('Location: /members.php');
}
?>
PHP Redirect with Cookies
How do I redirect to a splash page once with cookies?
I'm setting the cookie on my splash.php page to this:
<?php
$expire = time()+60;
setcookie("no_splash", "1", $expire);
?>
On that page there's a link to my index.php with this:
<?php
if($_COOKIE['no_splash']== '1') {
header("Location: index.php");
echo "it works";
} else if($_COOKIE['no_splash']!= '1') {
header("Location: splash.php");
};
?>
I keep getting a redirect loop error but can't figure why.
You are redirecting to index.php from the index.php file, hence the loop.
Change your code to be simply
if($_COOKIE['no_splash'] != '1') {
header("Location: splash.php");
exit;
}
or indeed
if(!$_COOKIE['no_splash']) {
header("Location: splash.php");
exit;
}
which is the same thing.
$expire = time()+60;
header("Set-Cookie: no_splash=1; expires=$expire; path=/");
header("Location: index.php");
Have you tried simply:
<?php
if($_COOKIE['no_splash']== '1') {
echo "it works";
} else {
header("Location: splash.php");
};
?>
Maybe isset($_COOKIE['no_splash']) rather than `$_COOKIE['no_splash']== '1'?
Also, not sure it this is what you want, but you can set simply not set the expiration time (or set it to 0), and it will delete the cookie when the browser is closed, so if they keep it open, they won't have to go back to the splash.
Redirecting cookieless sessions in PHP without clicking a link
I've been fighting with the cookieless sessions solution. Of course cookieless sessions solution is amazing. I have a trouble in implementing it because I can't read the session information after redirecting to another page.
Here's my test code in testcode.php
<?php
ini_set('session.use_trans_sid', '1');
session_start();
if (isset($_GET['pagecode'])) {
session_id($_GET['pagecode']);
print_r($_SESSION); // **cannot read session information here**
exit();
}
if (isset($_SESSION['cookieconfirmed']) && $_SESSION['cookieconfirmed'] == 1) {
} else {
/** Checks if the user's browser is cookie-enabled **/
if (isset($_GET['redirected'])) { // if the page has gotten redirected
$_SESSION['cookieconfirmed'] = 1; // confirmed the cookie-disability
if (isset($_COOKIE['testcookie'])) {
header ('location: testcode.php');
} else {
header('location: testcode.php?pagecode=' . session_id());
}
} else {
setcookie('testcookie', 'OK'); //sets a test cookie.
header('location: testcode.php?redirected=1'); // redirects the page to check cookie-disability
}
exit(0);
}
?>
As you can see this code doesn't work. but if i redirect to another page by clicking a link it works well. Here's the code in testcode.php:
<?php
ini_set('session.use_trans_sid', '1');
session_start();
if (isset($_GET['pagecode'])) {
session_id($_GET['pagecode']);
print_r($_SESSION); // **able to read session information here**
exit();
}
if (isset($_SESSION['cookieconfirmed']) && $_SESSION['cookieconfirmed'] == 1) {
} else {
/** Checks if the user's browser is cookie-enabled **/
if (isset($_GET['redirected'])) { // if the page has gotten redirected
$_SESSION['cookieconfirmed'] = 1; // confirmed the cookie-disability
if (isset($_COOKIE['testcookie'])) {
header ('location: testcode.php');
} else {
echo 'Click here to continue';
}
} else {
setcookie('testcookie', 'OK'); //sets a test cookie.
header('location: testcode.php?redirected=1'); // redirects the page to check cookie-disability
}
exit(0);
}
?>
How can I get this to work without clicking a link?
ini_set('session.use_trans_sid', '1');
You have to have this on every single one of your PHP pages - you can't do it just within the session handling script. If it's not on when PHP generates a page, it won't insert the session ID into forms and urls on that page. As such, it'd be better if you put this into your php.ini, or at least httpd.conf/.htaccess (as a php_value) to make it a global option for all scripts.
PHP function for this is :
function append_sid($link) {
if(session_id() !== NULL && !isset($_COOKIE['PHPSESSID'])) {
if(strpos($link, "?") === FALSE) {
return $link . "?PHPSESSID=" . session_id();
} else {
return $link . "&PHPSESSID=" . session_id();
}
} else {
return $link;
}
}
Javascript Function for this is:
function append_sid(link) {
<?php if(session_id() !== NULL && !isset($_COOKIE['PHPSESSID'])) { ?>
var session_id = '<?php echo session_id ?>';
if(link.indexOf('?') == -1) {
return link + '?PHPSESSID=' + session_id;
} else {
return link + '&PHPSESSID=' + session_id;
}
<?php } else { ?>
return link;
<?php } ?>
}
A caveat – passing session id by URL requires the session.session.use_trans_sid tio be set to 1.
php_value session.use_trans_sid = 1 in the .htaccess file. You can also try the function:
ini_set('session.use_trans_sid', '1')