I encounter a cookie issue with my website.
When a customer click on "remember me" before log-in, a cookie is created, and then when he leave and come back later, he is automatically re-logged.
It works on firefox/IE & co, but not for chrome...
I have wrote a little script to test the cookies creation on chrome. Here it is :
<?php
if( isset($_GET['test']) ) setcookie('TESTSOMECOOKIE',1234,time()+60*60*24*365);
?>
It can't be more simple!
When I run the script :
The cookie is created properly.
If I close the tab and open a new one (without pass the test param), the cookie still exists.
If I close google chrome and re-open it, and go to the test script (without pass the test param), the cookie is not present anymore... and if I do that on firefox or IE no problem the cookie still present in all cases.
I'm trying this on a webserver ( not a local IP address ).
I have NOT activated the private navigation on chrome.
Cookies are enabled and works like on gmail/facebook, etc... chrome keep the cookies for these sites!
I already checked other issues posted on the web but no real answers about that...
So, this is a very weird issue that I would like to solve if possible.
If anyone have an idea...
Thank you very much for your suggestions and sorry for my english
Try to see if Keep local data only until I quit my browser is checked.
Its located in Settings > Content Settings > Cookies.
See if that helps.
Related
I am searching for answers across Internet, but most of the answers are old that does not work anymore or they involve changing the host and the remove server. I want a solution where I can give a working iframe html code to my clients and they can embedded it into their website's and use the build-in shop from my website into their website. The website opens successfully, but the session changes every time there is a new request. I tried put this on my server end, but this is not working
session_set_cookie_params(["SameSite" => "None"]); //none, lax, strict
session_set_cookie_params(["Secure" => "true"]); //false, true
session_set_cookie_params(["HttpOnly" => "true"]); //false, true
I am open to idea's for my problem. After a lot of digging I can see that Chrome changed something and now you can't have persist session from one site to other, because of hacking attacks I guess.
Is there a way to keep the session between pages in Chrome 106 and above is my question without changing anything to the remote server website?
Update: #Cbroe is right this is happening probably because I disabled the Third-party cookies in my browser, but is someone give me a working solution to that I will be more then glad or if there is a working solution to that at all or I have to change my code and send the session with GET/POST requests like CBroe is suggesting.
after hours and hours of research I leave it to you.
I am creating an administrator part for my site in MVC architecture with a .htaccess which redirects everything to a main index.php.
I made a classic connection system with a classic hash and some personal ip ban systems to avoid attacks.
Until then everything is normal, I use $_SESSION to keep the connection active and my session_start() is called before the site to be sure to be correctly placed.
the problem is that my session resets each time I refresh the page.
I did a lot of testing and I affirm that it resets well, I know that it is not from PHP, that I did not misuse my session but that chrome or gandi in one way or another another act on my session and break it to me.
For example, when I use chrome in private browsing or firefox or when I'm local I have no problem and the connection goes perfectly well
I haven't seen anyone with a similar problem and I don't know what to do, I uninstalled and reinstalled chrome, I reset some cookies, I reset some data but nothing to do, it doesn't change anything.
EDIT: here is some more code in order to be more clear on the problem
to show a concrete example of the problem, I made a test file which creates a session and adds 1 each time we refresh the page
on chrome it leaves me at 1 but in private browsing it adds me well +1 at each refresh
index.php (of my test project)
<?php
session_start();
// faire un compteur avec $_SESSION["count"] (comment for CoPilot)
if(!isset($_SESSION["count"])){
$_SESSION["count"] = 0;
}
$_SESSION["count"] += 1;
var_dump($_SESSION["count"]);
EDIT:
ok, so in private browsing I have this result and $_SESSION["count"] is incremented correctly
network pass private nav
but in normal browsing $_SESSION["count"] does not increment and 5 JS scripts are added to the request but I don't know where they come from, it may come from some Google Chrome extension but I have already tested without extension and with and it doesn't change anything, I don't understand why $_SESSION["count"] refuses to increment.
network pass normal nav
I finally solved the problem by resetting my site's cookies, which I thought I had done, but there might still be special cookies that were hindering the connection to the site, unfortunately I did not look at the data that did that but it must probably come from a bad manipulation on my part.
I can finally log in
thx all
Note: I have updated and rewritten my question to try and solve this issue point by point. Cheers.
I have a problem and I'm not immediately sure how to go about resolving it.
I have been building a secured login system on a HTTPS server (with a grade of "A" by SSL-labs, if that's worth anything ), and it works fine, however today it is refusing to log me in, with some debugging I have found something very odd (in my view).
I have some serious issues with session handling on the website, the different pages use the same session data (of course) and the same session /cookie settings, and they pass the information between each other correctly, BUT the behaviour of my browser appears to be as if there are two browsers visiting the same websites, using the same session data.
Symptoms - Because I have been having inconsistencies with page generated session content (unique hash token) not fitting the same data saved in the login form (as a $_POST value), I was finding that as there is only one line in the whole site that sets the value of the session, this line must be running twice. So I set a counter value in the session, on the form page as session['counter']. each time the page loads, the counter +1's. My problem is specifically with this:
Login page:
Opens page,
session hash-string is generated and saved to the post form.
session counter = counter + 1;
Form is filled in.
Login auth' page:
fails to verify the posted hash-string is the same as the session hash
string, despite there being no other cause for the session values to
change (well there must be, but I can't see it!)
But, then going back to the Login Page I see that the counter = last value + 2! Also, the counter value recorded on the session file saved on the server is always +1 to the value displayed on the login page.
Some images:
Login Form Page: Please note that this is above the HTML output and is the last place on the code where any SESSION data is edited.
Output :
Please note the number relating to the counter in image 1.
My session file, this file relates to this specific browser session and only 1 session file as I am the only browser on the site.
The string CheckDrop is the hash value to compare but the counter is at 12 rather than 11, which is displayed in image 2 above.
My site is HTTPS authed although this work is on a subdomain.
This issue has been happening for the last 3 hours but inconsistently, it magically worked for about 40 minutes earlier today (just before posting this post). but I had done nothing I could see as changing the environment.
I have previously compared phpinfo data and session setup data it all looks correct at point of browser output. It does not seem to be caused by my settings.
It happens on different browsers on my PC.
Further Work
After spending hours debugging and working through this, it appears to be a browser issue. I have renamed the pages (one page was called index while it was not defined in .htaccess as the directory listing page which may have possibly caused a browser to open it twice).
I have cleared all associated data: sessions / database records / browser history, and have come across something:
Firefox now logs in as expected, the counter is count+1 and the login works, however on Chrome the exact same log in on the same pages does not work and the browser appears to load twice, the counter = counter + 2. Chrome also leaves two records in the database at each load rather than the expected one.
Chrome version 45.0.24
Firefox version 42.0
Page double counts and runs script twice on Safari and Chrome. On Firefox, Opera and MSIE it works as intended.
Any ideas why this is occurring?
How can I go about trying to solve this problem?
The original issue was caused by the naming of the webpages, there was a webpage named "index.php" but this page was NOT the index, instead "loggedIn.php" was the index page for the site, as defined in .htaccess
Having an index.php page that was not an index seemed to confuse a lot of browsers. This [part of] the issue was resolved by renaming all the pages and setting an index.php page that used PHP headers to redirect people to the suitable page (based on if logged in or not) .
The issue remained with Chrome and Safari.
After a long time reading lots of issues about Chrome, the solution was frankly pathetic,
https://code.google.com/p/chromium/issues/detail?id=64810
This link lists various issues relating to this problem of Chrome double loading, if certain markup elements are not present. As my page above are very simple, there wasn't a lot that applied, but Google Chrome will silently request the favicon.ico file and then if it doesn't find it, will reload the page but only output the first page (from Chrome memory cache).
This is an epically stupid bug in Chrome that has cost me most of a day. Safari still persists in loading the PHP script twice,
I might be a little late to the party, but I've found another reason why this was happening for me. I created the following page:
<!DOCTYPE html>
<html>
<head>
</head>
<body>
<?php
error_log('Loaded');
?>
</body>
</html>
Even this minimal page was loading twice, but only in Chrome, so I started investigating, and found Mendeley Web Importer Chrome extension to be causing this behaviour. Simply disabling it solved the issue for me.
I suppose your problem is with Internet Explorer... I had the same problem and I discovered, with incredible surprise and shock, that internet explorer 10 will send a different "user agent" value, from request to request.
When I saw it for the first time I was really impressed by the absurdity of the fact, but that's completely sure. I tested it very deeply and you cannot trust the Internet Explorer "user agent" string to be the same from request to request.
I had to remove that string from the hashing login string
I've been working on this problem all day long, so I really need your help.
I'm trying to create a multi-site login system with Facebook Connect and unfortunatly I can't retrieve Cookies.
Here's a little more details:
I'm having a website (www.first.com) which has an iFrame to www.second.com, which display the Facebook Connect button. I have to use this method because a Facebook App is only valid for 1 website, and I will need to use it on multiple.
When the user clicks on the button and log into Facebook, he is redirect to www.second.com, which saves values in a database, which is later retrieved on www.first.com
Everything is working fine in Firefox, IE 8/7 works fine too since I've added the P3P header.
The problem is that I can't make it work on Safari, which requires some kind of interaction from this user to the iframe.
I found a code ( http://anantgarg.com/2010/02/18/cross-domain-cookies-in-safari/ ) but I'm not sure how to use it, I've tried every possible way (I think), and nothing. I guess it doesn't work because I would need to use this on Facebook's server (which i can obviously ;) )
Does anyone have an idea?
Sorry for the huge block of text ;) let me know if you need more information.
Cross Domain Cookies sounds like a security-bug.
Are you sure you don't offend against the same origin policy?
In fact afaik, you can't access a cookies for first.com from second.com
Let me first explain what i am trying to do:
step 1 : domain-a.com -> cookie is set using a redirecting PHP script(placed on domain-b.com) when a link to domain-b.com is clicked from this domain
step 2 : domain-b.com->main website -after a certain browsing user reaches domain-c.com
step 3 : domain-c.com -> when user reaches the thankyou page I placed an img tag with src = PHP confirmation script. (which confirms the cookie-placed on domain-b.com)
Everything is working like charm with Chrome and FF, but IE is not able detect or recognize the cookie inside the confirmation script on step-3.
I am not able to find any specific reason for this.
I will really appreciate if anyone can help on this.
Try adding all three domains to your "trusted sites" in IE. If this fixes it, you know it's a cross-site/cross-domain policy issue, which IE can be really picky about. This may not present an immediate solution, but at least you'll know the cause.
By default IE won't allow "3rd party cookies". Tools > Internet Options > Privacy Tab
Privacy http://img144.imageshack.us/img144/834/iepriv.jpg
Sounds to me like a P3P issue. If lowering your IE privacy settings gets this to work, then you need to declare your policy in the script header to make sure IE allows 3rd party cookies. Run a search on p3p headers and you'll find plenty of guides.