PHP's $_SESSION overwritten - only in Firefox (Mozilla) - php

Within my site, I use the variable $location that keeps track of the page the user is viewing. At the end of index.php, the variable is copied into the $_SESSION array, so that upon the next request I know where the user was last time (I use it for generating "back" links). So index.php goes roughly like this:
$location = GetLocation(); // gets user location by processing $_POST and $_GET
if(!isset($_SESSION['last_location'])) $_SESSION['last_location'] = SomeMeaningfulLocation();
.
.
OutputPage(); // renders the page based on $location
.
.
$_SESSION['last_location'] = $location;
So in OutputPage(), the $_SESSION['last_location'] variable can be used for generating "back" links.
The problem is: this code works perfectly with MSIE, Chrome and Safari. It doesn't, however, work with Firefox nor with SeaMonkey (which I like to use for web development). In these browsers, the "back" links always point to the frontpage.
Other facts that might be useful:
Session data is stored in files, server date and time is set right
I've already tried playing with cache settings (header('Cache-control: ...') etc.) with no difference
I've tried disabling network.prefetch-next in the Firefox/Seamonkey config (no difference)
The SomeMeaningfulLocation() function does NOT return frontpage location - so to eliminate the possibility the session is 'forgotten' and re-initialized upon each request - which is also excluded by the fact that...
... other session variables work just fine (but this one is different in that its content is automatically updated upon each request)
Nothing wrong can be seen in the apache access/error logs (it is just the same as with the other browsers)
when i check the $_SESSION['last_location'] value just after the assignment (in the very end of index.php), it has the correct value. When i check it in the very beginning of index.php, it is already overwritten with the frontpage's location (I repeat: only in Mozilla. In other browsers, these checks show the correct, expected values!)
Thanks in advance, I'm out of ideas :-)

Related

Cannot access cookies in Chrome, works properly in Firefox

Basic situation and basic relevant info:
I have a php code that executes before the opening <doctype> tag. The hope was to (if necessary) send a redirect based on user's browser's language preferences before anything else loads.
The script attempts to do two things based on highest supported language preference:
Use php: setcookie() to create a cookie with the two-letter language code.
Example cookie name = value: x_language = es
Use php: header("Location: " . $requestedSite); to redirect to a subdomain,
Example domain: es.domain.com
Example:
if (isset($_COOKIE['x_language'])) {
-Determine correct subdomain based on cookie value-
-If not currently on that subdomain, redirect to it-
} else {
setcookie('x_language','es',time() + 31536000 ,'/','.domain.com' );
header("Location: " . $requestedSite);
}
The problem:
Firefox works perfectly. Chrome (and other browsers) fail to recognize the cookies at all.
I've boiled it down to this:
print_r($_COOKIE) works properly in Firefox, and returns a lovely, populated array.
print_r($_COOKIE) fails in Chrome, and returns an empty array.
This is the core of the problem, my function doesn't recognize the existence of a cookie because Chrome doesn't.
I've made sure every browser accepts cookies.
I've checked dev tools to make sure the cookie is in place on all browsers, (it is).
I realize a cookie's value isn't available until the next page load, but that isn't an issue here. Even after it is set, it won't read.
There is no output above the initial setcookie();
So how do I get Chrome (and other browsers) to recognize its own cookies?! Does anyone know why this would all work flawlessly on Firefox but fail elsewhere?
On a lark I decided to try this. I created a file that only contains:
<?php
print_r($_COOKIE);
?>
Again, I see the cookie array in Firefox. Meanwhile, in Chrome, IE, Opera, Safari, I get an empty array. Could this be a server issue?
OP returns with answer:
Alright, I'm adding this as an 'Answer' in case anyone else comes across this (totally bizarre) behavior and lands here:
It turns out my hosting provider was doing some seriously aggressive caching with my WordPress site that I was unaware of.
At the time I posted my question, I didn't think being on WordPress was relevant, but apparently it was.
Basically it was doing this:
With a clean Cache:
Visitor 1 visits the site.
The php processes and produces output as expected.
Visitor 1 is served php output (based on his browser's parameters and such).
Visitor 2 visits the site. Visitor 2 sees *Visitor 1's version of the site.
The php is processed once and only once per Cache-clear.
This caching behavior meant that accessing cookies through php was simply not going to work right, but accessing them with Javascript WOULD work.
(Important note: It turns out the above-stated caching behavior is disabled for any user viewing the site while logged into wordpress, and this is common behavior for WordPress Cache plugins. That is why I was seeing different behavior in Firefox than I saw in other browsers, because I was actively logged in with Firefox. This could be a helpful piece of information for someone out there.)
My solution:
Use Javascript to run an AJAX query to a .php file which would process the language preferences of the visitor and return the output as a 2-character code, (i.e. 'en' 'es' 'pt' 'de', etc).
Using AJAX to call php allowed me to use php's server-side access to a browser's language preferences while circumventing the super-agro caching of my host.
I hope this helps someone! And thanks to everyone who tried to help me out with this.
I was not having this problem with the code below. I was able to go to example.com and be redirected immediately to en.example.com and see the cookie in $_COOKIES. If I used en.example.com?set=fr I would be redirected to fr.example.com every time I tried example.com. Hopes this is what you were looking for!
<?php
print_r($_COOKIE);
if(isset($_GET['nuke'])) {
setcookie('x_language','',time()-1000,'/','.example.com');
echo 'It has been nuked!';
exit;
} else if(isset($_GET['set'])) {
setcookie('x_language',$_GET['set'],time() + 31536000, '/','.example.com');
$_COOKIE['x_language'] = $_GET['set'];
}
if (isset($_COOKIE['x_language'])) {
$redirect = $_COOKIE['x_language'].'.example.com';
if($_SERVER['HTTP_HOST'] != $redirect)
header('Location: http://'.$redirect);
} else {
setcookie('x_language','en',time() + 31536000,'/','.example.com');
$redirect = 'http://en.example.com';
header('Location: '.$redirect);
}
echo '<br />Cookie: '.$_COOKIE['x_language'].' Domain: '.$_SERVER["HTTP_HOST"];
?>

Cookies arent being detected in php or javascript

Im not sure where im going wrong. I have a form that when the contents of the form get processed and sent to the database it also sets a cookie
setcookie("bgremkey",$checkkey, time()+2592000);
then it will redirect the user back to the page they came from. All of this works fine (bar the cookie bit)
then i have it set at the top of every page providing there isnt an session active to check to see if the cookie exists and if it does to redirect but it wont work. im sure that the cookie is there but it wont pick it up
<?php
if(isset($_COOKIE['bgremkey']))
{
header("location:'Check.php?cklog=1");
}
?>
<script type="text/javascript" language="JavaScript">
var acookie = ReadCookie("bgremkey");
if(acookie.length != 0)
{
window.location = " Check.php?cklog=1";
}
this code doesnt generate any errors but it also doesnt do anything. i have tried putting it in the of the page but that didnt work so i then tried the body and that didnt work either
the check page does a bunch of other stuff but thats not the problem since the redirect never happens
i checked the cookies through chrome and the cookie exists and its path is / so the problem is definitely with reading them. it exists but for some reason cant be detected
http://php.net/manual/en/function.setcookie.php
setcookie("cookiename","cookievalue", $time); will only set it for the current path
Whereas: setcookie("cookiename","cookievalue", $time,"/"); will set the cookie for all pages/folders on that domain (note the 4th argument containing the path ).
If you press CTRL+SHIFT+J in google chrome, and click on the Resources tab, you can find the cookies and the path it is valid in. I'd check that out. perhaps this is why?

How to access offsite referer (and first page visited on site) via PHP on Wordpress site

I'm trying to get three things into a hidden form field in a Wordpress page:
The last "offsite" page visited before someone visited any page on my site (e.g., quite possibly a Google page)
The first page they visited on my site
The last page on my site before they went to the form page
The third one is easy (just use ), but the first two are giving me problems.
I'm trying to save #1 and #2 by using session variables, so that on every page, in the header, I have the following code:
<?php
session_start();
if (! isset($_SESSION['offsite_referer'])) {
$_SESSION['offsite_referer'] = $_SERVER['HTTP_REFERER'];
}
if (! isset($_SESSION['first_page'])) {
$_SESSION['first_page'] = $_SERVER['REQUEST_URI'];
}
?>
Then further down I have, as test code (to be changed to input type=hidden etc. later):
<p>offsite_referer: <?= $_SESSION['offsite_referer'] ?></p>
<p>first_page: <?= $_SESSION['first_page'] ?></p>
(FWIW, I also have session_start() at the top of my wp-config.php. Yes, my site has register_globals turned off.)
For some reason, $_SESSION['offsite_referer'] always ends up as my home page, even when I hit the form page (/free-reports) directly via link from another site. Similarly, first_page always shows up as /
Yes, I'm clearing all my cookies etc. between attempts, to force a new session to be created.
This code used to work fine on my pre-Wordpress site, so I can only think it has something to do with WP, specifically perhaps WP's redirection (WP's mod_rewrite stuff in .htaccess)
I tried changing $_SESSION['offsite_referer'] = $_SERVER['HTTP_REFERER'] to wp_get_original_referer() but it seemed to have no effect.
Incidentally, if I access my form page (at /free-reports/) as the first page on my site (after clearing cookies etc.) and printing $_SERVER['HTTP_REFERER'], it correctly shows the last offsite page - even though $_SESSION['offsite_referer'] doesn't.
I'm pretty perplexed, and have spent a fair amount of time trying to figure it out on my own, so any help to solve this would be appreciated.
Chances are, you can't really get the referer URL since some browsers don't send that and some people disable that, but here's how you could do that and I'll give you some extra tips here:
//first of all, initialize the session
session_start();
//Now call logvisit() to log where the user is coming from
logvisit();
function logvisit() {
$_SESSION['offsite_referer'] = $_SERVER['HTTP_REFERER']);
$browser = $_SERVER['HTTP_USER_AGENT']; //Gets the browser the user is using
//If you want to test it (disable the code below if you don't want to print that information):
echo "Offsite referer: $_SESSION['offsite_referer']<br>";
echo "Browser: $browser<br>";
}
Then to destroy the session you can use unset($_SESSION['offsite_referer']);
This is how I usually do it, and it's often a tidy way to do it.
I believe scunliffe had the key to this, as I was using IE to do the testing.
It works fine now, which I attribute to actually closing and restarting IE (apparently just deleting cookies doesn't do it, as you'd think, even though that works fine in Firefox).
I also changed what I was doing slightly to just save the full in-site browse history in a session variable, rather than only first and last page on the site.
The code I ended up with was the following, which is just at the top of my theme's header.php file:
<?php
session_start();
if (! isset($_SESSION['site_history'])) {
$_SESSION['offsite_referer'] = $_SERVER['HTTP_REFERER'];
$_SESSION['site_history'] = '';
}
$_SESSION['site_history'] .= ($_SERVER['REQUEST_URI'] . ';');
?>
I originally had session_start() also in wp-config.php when I was trying to figure this out, but was able to remove it (leaving just the above code in header.php) and things still work fine.
In case anyone finds this page wanting to do something similar, I was able to access this info in my WP page by adding the following to my theme's functions.php:
function get_offsite_referer() { return $_SESSION['offsite_referer']; }
add_shortcode('offsite-referer', 'get_offsite_referer');
function get_site_history() { return $_SESSION['site_history']; }
add_shortcode('site-history', 'get_site_history');
and then to pass the info on my Wordpress page/form:
<input type="hidden" name="offsite_referer" value="[offsite-referer]" />
<input type="hidden" name="site_history" value="[site-history]" />
scunliffe, if you'd posted your comment as a "reply" I would have "accepted" it, since it was what most closely led me in the right direction, but as a comment I could only upvote it so that's what I did. Thanks!

setcookie not removing cookie

I really don't know what the issue is here.
I have a script called "login.php" that works perfectly. It's called with AJAX, and if it returns successfully, the page refreshes and the user is logged in. The cookie is set on that page with
setcookie("main", $row[0], time() + 3600, "/")
Then I have a script called "logout.php". It is called the same way (AJAX and then page refresh). It only has two lines:
<?php
setcookie("main", "", time() - 3600, "/");
echo "Done";
?>
Calling it form the page wasn't working, so I just loaded logout.php in the browser. The output was "done" but checking my cookies in Chrome showed me that the cookie was still set to "1" (which was $row[0]) and to expire at the time set in login.php.
login.php and logout.php are both in the same folder, the root directory, which is the same folder as everything else.
Earlier, this was working, but the only changes I've made are to make the title bar on the website its own file (still in the root directory) and to take the JavaScript functionality for the Logout button, which is just an AJAX call and some jQuery hover effects, and make it its own script file, which is in the _js folder. But I didn't change logout.php at all, so it should still work when I navigate directly to it, right? Is there something wrong with my setcookie command, or what other problem could be causing it?
EDIT: I tried setting it to expire in 100 seconds instead of -3600, and then tried changing its name so I could recognize it as a totally separate cookie. Neither of them made it show up. The cookie simply isn't getting set at all.
EDIT 2: I reverted to the last commit, and everything is working again. I don't know why reorganizing my site by creating some new files (logout.php isn't changed at all) makes a certain script unable to create cookies.
Cookies must be set before any content goes to the client. Make sure you haven't sent anything to the client before calling a setcookie as it's actually a Set-Cookie header coming back through the request.
Something as little as a space in an include file can ruin this. (You said you worked on other files, check that nothing being included has anything such as a debug echo or whitespace outside of your <?php ... ?> brackets)
As a general rule of thumb, if I have a file that is exclusively PHP code I only include the opening tag (<?php) and exempt the last one. PHP will still parse and run, but this avoids any whitespace at the end of the file that may become problematic. e.g.
mycodefile.php
<?php
define('...', ...);
function ...(){ }
Also, you mentioned using chrome. Open your debugger in chrome (ctrl+shft+i) and click the Network tab. Then find your logout call and select it, then click Headers and verify your cookie is being cleared. (likewise you can click Resources and look under Cookies to view any set.

Setcookie won't work?

I set the cookies regularly in a callback page in my Twitter application. Everything works fine.
Now, using jQuery, I submit a form, and the callback function activates a PHP script. That script only needs to set one cookie to the serialized values of $_POST; and the values run fine (both serialized and normal, I echoed them out to debug). The expiration time is set to 1 year ahead. But for some reason, the cookie just won't appear anywhere. Here's the code:
// js/main.js
$('#settings-form').live('submit', function() {
$.post('controllers/settings.php', $(this).serialize(), function(data) { // Everything here works.
if (data == 'OK') // no errors spits out "OK". this works
changeView({'msg': 'Your settings were saved successfully.'}); // This just resets the view and adds a message div at the top. This works
else
changeView({'msg': data}); // This echoes the error if any exists. Doesn't happen, no errors arise
});
return false; // Cancels redirecting after submitting form
});
// controllers/settings.php
setcookie('user_settings', serialize($_POST), strtotime('+1 year'));
I checked all the variables and I even tried setting dummy ones for test (like "boo" instead of serialize($_POST). for some reason that doesn't work.
Any ideas why this is happening? I tried doing a chdir('..'); to make the cookie dir go to the right place, but that doesn't seem to be the problem, checking the cookies inside my browser doesn't seem to work at all, for any path. It just doesn't work at all. I also just tried manually changing the domain and path, but those don't work either.
Firstly, the chdir() thing is a red-herring -- Cookies are domain-specific; the directory path doesn't have any bearing on them.
Cookies can work a bit strangely when you're making ajax type calls, and I think this is what you're seeing -- The server is probably setting the cookie, but the browser may not be setting it in the cookies data it as it's not a page load.
I would suggest you'd be better off using PHP's session handling rather than cookies; it's better for security, less bandwidth (because the whole of the cookie data is transmitted in both directions with every http single request), and more likely to work.
If you really want to use cookies, it may work better if you use Javascript to do it. You can set cookies in your javascript code by accessing document.cookie. (you need to get the syntax right for the cookie string, but JQuery probably has its own functions that makes them easier to work with)

Categories