My web structure is
Header-of-page
Nav Link || iFrame
Footer
I'm Trying to handle session timeout, when session has timeout I'm trying to redirect page to login page, this works fine(session timeout).
Problem:
When I'm redirecting the page,login page is displayed in iFrame, which is not expected.
How can I redirect to login page(whole window),rather than opeing it in iFrame.
I Tried:
1. using header
2. using javascript(Commented)
<?php session_start();
$timeout = 1; // Set timeout minutes
$timeout = $timeout * 60; // Converts minutes to seconds
if (isset($_SESSION['timeout']))
{
$session_life = time() - $_SESSION['timeout'];
if ($session_life > $timeout)
{
session_destroy();
header("Location: login.php?msg=timeout");
// echo '<script language="javascript">';
// echo 'window.location.replace("login.php");';
// echo '</script>';
}
}
$_SESSION['timeout'] = time();
?>
Please guide me for this issue. Thanks!
Try this: window.top.location.href = "http://www.site.com";
As long as this is on the same domain name.
More here: Redirect parent window from an iframe action
use this one
in script window.parent.location='http://localhost/users/login.php'
or follow this link
https://forums.digitalpoint.com/threads/button-to-navigate-to-a-new-page-but-exit-the-iframe-too.1846291/
hope you will get solution.
create form with target="_parent" and action="login.php"
and submit using $(form).submit();
The problem here is than the iFrame is a another window in the partent window.
So when is begin redirected the iFrame only affect self (Not the parent or partents of the parent).
To don't use javascript we can put a link to login.php wich target the parent.
Goto login.php
_top will target the top window frame.
http://reference.sitepoint.com/html/a/target#target__li5 Read about target attribute set on _top.
The other method is using javascript:
window.top.location.assign("http://www.yoursite.com/login.php"); // Redirect
// window top frame to "http://yoursite.com/login.php"
Please read following links about javascript window documentation:
http://www.w3schools.com/jsref/prop_win_top.asp
http://www.w3schools.com/js/js_window_location.asp
In case yo want a "PHP" code, just use echo
http://www.php.net/manual/en/function.echo.php
I hope this mightly helps.
one of the probably mistakes,
if the encoding of this file is "UTF-8" it will create 2 hidden characters in the top of the file.
To fix this issue, try to change the encoding to "UTF-8 without BOM"
you can put a exit; after the redirect
<?php session_start();
$timeout = 1; // Set timeout minutes
$timeout = $timeout * 60; // Converts minutes to seconds
if (isset($_SESSION['timeout']))
{
$session_life = time() - $_SESSION['timeout'];
if ($session_life > $timeout)
{
session_destroy();
header("Location: login.php?msg=timeout");
exit(); // LOOK AT THIS LINE
// echo '<script language="javascript">';
// echo 'window.location.replace("login.php");';
// echo '</script>';
}
}
$_SESSION['timeout'] = time();
?>
Try this way. Php redirection works before JS redirection so browser never runs JS.
which that's the only way you can redirect whole window object.
<?php session_start();
$timeout = 1; // Set timeout minutes
$timeout = $timeout * 60; // Converts minutes to seconds
if (isset($_SESSION['timeout']))
{
$session_life = time() - $_SESSION['timeout'];
if ($session_life > $timeout)
{
session_destroy();
// header("Location: login.php?msg=timeout");
echo '<script language="javascript">window.top.location.href = "login.php?msg=timeout";</script>';
}
}
$_SESSION['timeout'] = time();
You would need to break the iframe. Try this..
if(this != top){
top.location.href = this.location.href;
}
OR (with doc reference)
if(this != top){
top.document.location.href = this.document.location.href;
}
Alternatively
this.top.location !== this.location && (this.top.location = this.location);
I am guessing this php being in the file running in the iframe in that case you have to instruct the parent window to redirect to login.
Echo the below code from php so when you page will render in browser, it will instruct the script to reload the page. But for the page not to load the rest of the page issue an exit(0). Your final script should look like below.
<?php session_start();
$timeout = 1; // Set timeout minutes
$timeout = $timeout * 60; // Converts minutes to seconds
if (isset($_SESSION['timeout']))
{
$session_life = time() - $_SESSION['timeout'];
if ($session_life > $timeout)
{
session_destroy();
echo '<script language="javascript">';
//Echo the exact full url to your login page
echo 'window.parent.location="login.php?msg=timeout"';
echo '</script>';
exit(0); // So script won't go further displaying the page
}
}
$_SESSION['timeout'] = time();
?>
Hope that helps.
Check this solution out. I would put it before the header to prevent flickering. This way, your page will be prevented from swallowing itself.
http://usablelayout.com/articles/automatically-break-out-iframe
<script type="text/javascript">
<!--
if (top.location!= self.location) {
top.location = self.location.href
}
//-->
</script>
If you are using the login action on the same page, Header redirection will not work.
you can use simple the window.location.href='url';
For the login , you have to send the login query to new page, from there you can easily redirect easily...
Try this one
php
echo "<script> window.location='forgot.php'</script>";
html
<META HTTP-EQUIV="REFRESH" CONTENT="3;URL=http://google.com">
Related
I have a page that logs users out after 10 seconds of idling,but it does so without displaying a message and I need to refresh the page to show that I'm logged out. How do I display a message like "Logged out due to inactivity" with an okay button and when I click on it, it redirects back to index.php?
session_start();
$timeout = 10;
// Check if the timeout field exists.
if(isset($_SESSION['timeout'])) {
// See if the number of seconds since the last
// visit is larger than the timeout period.
$duration = time() - (int)$_SESSION['timeout'];
if($duration > $timeout) {
?>
<script type="text/javascript">
alert("Your session will expire soon!");
<?php header("location:../../index.php"); ?>
</script>
<?php
}
// Destroy the session and restart it.
session_destroy();
session_start();
}
// Update the timout field with the current time.
$_SESSION['timeout'] = time();
I am trying to detected if a variable is the same as a string. If so the page will refresh. But if the variables aren't the same, then the page loads. But I need a way to keep checking after the page has been loaded if the refresh variable is the same.
Here is some code I have been testing but been unsuccessful with as the page just keeps refreshing.
$Refresh = file_get_contents('Refresh.txt');
do {
header("Refresh:0");
} while ($Refresh == "True");
// HTML WEBPAGE CODE AFTER THIS POINT
If anyone can fix or redo my code that would be very much appreciated
Try to think of it this way:
<?php
$page = $_SERVER['PHP_SELF'];
$sec = 10;
if ($number == $string){
header("Refresh: $sec; url=$page");
}
else
{goto:end;}
end:
?>
<script>
Jquery Code Goes Here for Page Load
</script>
I need a session timeout for my website.
My current code works when I add it in all functions on all my controllers.
Is there a way to write it only once and include it to all of the controllers?
-in config file with URL & Session check or so?
My code which works:
if(isset($_SESSION['timeout']) && $_SESSION['timeout'] + 4 < time()) //4 seconds
{
session_destroy();
echo "<script>
alert('Session Timed Out.');
</script>";
?> <script> window.location ="<?php echo URL;?>"; </script> <?php
}
$_SESSION['timeout'] = time();
The above code works when I add this in all functions on all my controllers.
But I need a single page code.
You need to start the session before you could destroy it
use the following code in your config file
session_start();
if(isset($_SESSION['timeout']) && $_SESSION['timeout'] + 4 < time()) //4 seconds
{
session_destroy();
echo "<script>
alert('Session Timed Out.');
</script>";
?> <script> window.location ="<?php echo URL;?>"; </script> <?php
}
$_SESSION['timeout'] = time();
and delete session_start from your controller files. It should work, I tested it on my localhost
Edit
To exclude login page use the following code
assuming that your login page url contains "login", modify $string as per your login page url
$string = "login";
$url = $_SERVER['REQUEST_URI'];
session_start();
if(isset($_SESSION['timeout']) && $_SESSION['timeout'] + 4 < time() && !strpos($url, $string)) //4 seconds
{
session_destroy();
echo "<script>
alert('Session Timed Out.');
</script>";
?> <script> window.location ="<?php echo URL;?>"; </script> <?php
}
$_SESSION['timeout'] = time();
place this code in common or config php file
<?php
if ($_SESSION['timeout'] + 10 * 60 < time()) {
// session timed out
} else {
// session ok
}
?>
You can set session parameters with
session_set_cookie_params http://php.net/manual/en/function.session-set-cookie-params.php
I have a script to protect the webpages so that only registered member of my site access certain pages say i call that memberprotect.php and in that file itself i am adding an script that will keep the sesion active for 360 seconds and if the webpage is inactive for more that 360 seconds i want to redirect the page to logintimeout.php. but my problem is the script automatically taking the member page to loin.php instead of logintimeout.php pls help or sugest what i should do . pasting the entire script below
<?
session_start();
// set timeout period in seconds
$inactive = 360;
// check to see if $_SESSION['timeout'] is set
if(isset($_SESSION['timeout']) ) {
$session_life = time() - $_SESSION['timeout'];
if($session_life > $inactive)
{ session_destroy();
header('Location:logintimeout.php'); }
}
$_SESSION['timeout'] = time();
if(!session_is_registered(myusername))
{
header('location:login.php');
}
?>
When you issue a location header, you should stop the script from executing any further. For example:
<?php
header("location:http://www.google.co.uk/");
exit();
?>
I'm implementing a 'cookie notification bar' on my website. It's a grey transparent bar
that's fixed to the bottom of the screen with the notification of the use of cookies, a
link to a page with more info and on the far right a 'close' button. The bar hides
using a display:none with a javascript on-click event. My next problem: is it possible to set a cookie within the same function that closes the bar on-click? For it doesn't seem to be working, my code:
// Just before my body tag I have:
<script language="javascript">
function closeCookieBar() {
document.getElementById('cookiepolicy').style.display = 'none';
SetCookie("cookiepolicy", 1, 8)
}
</script>
// At the bottom of the page I have:
<div id="cookiepolicy" <?php if(isset($_cookie['cookiepolicy'])){ echo "style=\"display:none\""; } ?> >
<div id="cookiepolicy-wrapper">
<div id="cookiepolicy-txt">
<span id="cookiepolicy-notice">Deze website maakt gebruik van cookies. Waarom? Klik hier voor meer informatie.</span>
<span id="cookiepolicy-accept-cookies" onclick="closeCookieBar();">Sluit</span>
</div>
</div>
</div>
Next issue I am forseeing: I have about 415 subdomains I want this cookie to be saved for as well, if it set on the main domain, will it work for my subdomains?
Thanks in advance!
Sander
I may be able to help with part of this. Since you're using PHP, this PHP script can set a cookie that is available to all subdomains and subdirectories. If you're using a domain like xxx.co.uk you may need some adjustment around lines 30-40.
<?php // RAY_cookie_splash_page.php
error_reporting(E_ALL);
// SHOW A SPLASH PAGE ON FIRST ENTRY, THEN COOKIE THE BROWSER TO SKIP SPLASH PAGE
// TO SEE COOKIES IN FIREFOX, FOLLOW TOOLS => OPTIONS => PRIVACY => SHOW COOKIES
// MAN PAGE: http://php.net/manual/en/function.setcookie.php
// DEFINITIONS AS NEEDED HERE
define('COOKIE_LIFE', 60*60*24); // A 24-HOUR DAY IN SECONDS ( = 86,400 )
// CONSTRUCT AND SET THE COOKIE
// USE THIS TO MAKE COOKIE EXPIRE AT END OF BROWSER LIFE
$cookie_expires = 0;
// USE THIS TO MAKE A PERSISTENT COOKIE - DEFINE COOKIE_LIFE IN SECONDS - date('Z') IS UTC OFFSET IN SECONDS
$cookie_expires = time() + date('Z') + COOKIE_LIFE;
// CHOOSE THE COOKIE NAME AND VALUE
$cookie_name = 'Fred';
$cookie_value = 'Wilma';
// MAKE THE COOKIE AVAILABLE TO ALL DIRECTORY PATHS IN THE WWW ROOT
$cookie_path = '/';
// MAKE THE COOKIE AVAILABLE TO ALL SUBDOMAINS - DOMAIN NAME STARTS WITH DOT AND OMITS WWW (OR OTHER SUBDOMAINS).
$x = explode('.', strtolower($_SERVER["HTTP_HOST"]));
$y = count($x);
if ($y == 1) // MAYBE 'localhost'?
{
$cookie_domain = $x[0];
} else // SOMETHING LIKE 'www2.atf70.whitehouse.gov'?
{
// USE THE LAST TWO POSITIONS TO MAKE THE HOST DOMAIN
$cookie_domain = '.' . $x[$y-2] . '.' . $x[$y-1];
}
// MAKE THE COOKIE AVAILABLE TO HTTP, NOT JUST HTTPS
$cookie_secure = FALSE;
// HIDE COOKIE FROM JAVASCRIPT TO IMPROVE SECURITY (PHP 5.2+)
$cookie_http = TRUE;
// SET THE COOKIE (BUT DO NOT BOTHER OUTPUTTING THE DEBUGGING MESSAGES)
if (setcookie($cookie_name, $cookie_value, $cookie_expires, $cookie_path, $cookie_domain, $cookie_secure, $cookie_http))
{
// echo "<br/>SUCCESS! THE COOKIE HAS BEEN SET AND WILL BE AVAILABLE TO THE NEXT PAGE LOAD \n";
} else {
// echo "<br/>FAILURE! THE COOKIE WAS NOT SET AS EXPECTED \n";
}
// IF THE COOKIE IS NOT AVAILABLE IN THIS SCRIPT, SHOW THE SPLASH PAGE
if (empty($_COOKIE["Fred"]))
{
echo "<h1>SPLASH PAGE</h1>\n";
echo "<p>CONTINUE TO SITE</p>\n";
echo date('c');
die("\nSPLASH COMPLETE");
}
// SPLASH PAGE HAS ALREADY BEEN SHOWN
echo "<h1>REGULAR START PAGE - AFTER SPLASH HAS BEEN SHOWN</h1>\n";
echo "<p>CONTINUE TO SITE</p>\n";
echo date('c');
die("\nREGULAR PAGE COMPLETE");
You can create your cookie in js and use it in PHP like this
function closeCookieBar() {
document.getElementById('cookiepolicy').style.display = 'none';
var date = new Date();
date.setTime(date.getTime()+(days*24*60*60*1000));
var expires = "; expires="+date.toGMTString();
document.cookie = name+"="+value+expires+"; path=/; domain=.example.com";
}
<div id="cookiepolicy" <?php if(isset($_cookie['cookiepolicy'])){ echo "style=\"display:none\""; } ?> >
In place of name put name of your cookie and in domain put your domain.
Hope it helps...
For more u may visit Set cookie wih JS, read with PHP problem