I need to create and delete cookies.
The issue is that I can create, then delete cookie, but after previously deleted cookie I am not able to create a new one. Why?
It works once more after I clear the cache of the browser.
Creating cookie and redirecting to test page:
<?php
$cookie_name = 'name';
$cookie_time = 2000000000;
$cookie_path = '/';
$cookie_value = uniqid();
setcookie($cookie_name, $cookie_value, $cookie_time, $cookie_path);
echo '<script> window.location.assign("test.php"); </script>';
?>
Deleting a cookie and redirecting to test page:
<?php
$cookie_name = 'name';
$cookie_path = '/';
setcookie($cookie_name, '', time() - 3600, $cookie_path);
echo '<script> window.location.assign("test.php"); </script>';
?>
The test page just has print_r($_COOKIE); in it.
What am I doing wrong here? Is the name of the cookie an issue? Is it browsers limitation?
I need to be able to create and delete the cookie whenever I need to.
I tried to avoid the cache by using this code:
<?php
header("Expires: Tue, 01 Jan 2000 00:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: no-store, no-cache, must-revalidate, max-age=0");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");
?>
The problem may be the browser is caching the page request independently of what the server is telling it to do.
There is a simple trick to get around this. Adding a changing variable to the query string will make the page request unique each time. This will also force the browser to re-load the page even when cached.
For example, add the following to the address bar / page request:
?abc=123
And change the number value each time. Alternatively you can even use a timestamp like so:
?<timestamp>
This will force a standards compliant browser to fetch the page each time.
I have searched many posts here and elsewhere but can't seem to find a solution to my problem.
I have a page which displays database entries: database.php. These entries can be filtered with a form. When I filter them and only display the ones I am interested in I can click an entry (as a link) which takes me to that entries page (via php GET). When I am on that entries page (i.e., "view.php?id=1") and hit the back button (back to database.php), the filter form requires to confirm the form resubmission. Is there any way to prevent this?
here are some (simplified) code examples:
Database.php:
<form>
<select>
<option>1</option>
<option>2
<option>
</select>
<input type="submit" name="apply_filter" />
</form>
<?php
if ( isset( $_POST[ "apply_filter" ] ) ) { // display filtered entries
$filter = $_POST[ "filter" ];
$q = "Select * from table where col = '" . $filter . "'";
$r = mysql_query( $q );
} else { // display all entries
$q = "Select * from table";
$r = mysql_query( $q );
}
while ( $rec = mysql_fetch_assoc( $r ) ) {
echo "<a href='view.php?id=" . $rec[ "id" ] . "'>" . $rec[ "name" ] . "</a><br />"; // this is where the link to the view.php page is...
}
?>
Now as mentioned, if I click on the link, it takes me to "view.php?id=whatever". On that page, I just get the ID from the url to display that single entry:
view.php:
<?php
$id = $_GET[ "id" ];
$q = "Select * from table where id = '" . $id . "'";
$r = mysql_query( $q );
while ( ) {
// display entry
}
?>
If I now hit the back button, the form on database.php (the one used to filter the DB results) requires confirmation for resubmission. Not only is this very annoying, its also useless to me.
How can I fix this? I hope the code examples and explanation of my problem are sufficient. If not let me know and I'll try to specify.
I know this question is old, but having this issue myself, two lines I've discovered that works are:
header("Cache-Control: no cache");
session_cache_limiter("private_no_expire");
There are two ways I know of to do this. The simple way and the hard way.
Regardless of the way, when you are dealing with a state-based page (using $_SESSION), which you should be doing to keep your pages "live" and under your control, is prevent the caching of all pages like this:
<?php
//Set no caching
header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
header("Cache-Control: no-store, no-cache, must-revalidate");
header("Cache-Control: post-check=0, pre-check=0", false);
header("Pragma: no-cache");
?>
The hard way involves generating an id and storing it somewhere on the page as a hidden input or a &_SESSION cookie. Then you store the same id on the server as a $_SESSION. If they don't match, a series of preprogrammed if else type statements cause nothing to happen with the page is resubmitted (which is what it tries to do when you click back).
The easy way is to simply redirect the user back to the form submission page if the form was submitted successfully, like so:
header('Location: http://www.mydomain.com/redirect.php');
I hope this helps!
One thing that might help is making your filter form use a GET method instead of POST.
Browsers usually prevent POST input from being automatically resubmitted, which is something they don't do when GET input is used. Also, this will let users link to your page using a filter.
header("Cache-Control: no cache");
session_cache_limiter("private_no_expire");
NOTE: After using the post data what you have submitted from the form then, these two lines should be used at the end of function.so, when we are back to the redirected page, it will not ask you to resubmit the page. This will work.
I used the answer at How do I detect if a user has got to a page using the back button? to detect whether or not the visit was triggered by a browser's back button click, and then if that was the case, I used JavaScript to reload the page. When the page is reloaded, my code already handles the corresponding validations to make sure that the form is never submitted twice. The important part in my case was forcing the page reload when the form was revisited after clicking the browser's back button. This is my code in the URL where I wanted to apply this validation:
<script type="text/javascript">
if (window.performance && window.performance.navigation.type == window.performance.navigation.TYPE_BACK_FORWARD) {
location.reload();
}
</script>
An alternative solution that also works if/when the page is reloaded involves checking the post's originality using $_SESSION. In a nutshell, check for a unique or random string.
In the form, add an input element with a value set using rand() or microtime():
<input type="hidden" name="formToken" value="<?php echo microtime();?>"/>
And then wrap the PHP function to validate and parse the form data in an if block:
if(!isset($_SESSION['formToken']) || $_POST['formToken'] !== $_SESSION['formToken'])){
$_SESSION['formToken'] = $_POST['formToken'];
/*continue form processing */
}
The solution the works for me is
$(document).ready( function() {
//prevent form submit on refresh or resubmit with back button
if ( window.history.replaceState ) window.history.replaceState( null, null, window.location.href );
}
Its already mentioned above but again i will say it, if you have used session_start() in your code then you just need to add this line in your header file like:-
<?php
header("Cache-Control: no cache");
?>
but if you didnt have used yet the session_start() then you can add the line below in your header file like:-
<?php
header("Cache-Control: no cache");
session_cache_limiter("private_no_expire");
?>
The following worked for me when I add this code to the end of my script after the submission/redirection
unset($_POST);
exit();
So simple but it took way too long for me to figure it out.
You need to remove the request which POST data from browser history
history.replaceState("", "", "/the/result/page")
See this answer
Also you may follow the Post/Redirect/Get pattern.
I'm trying to make a PHP script that sets cookies to the browser by reading them from a file first. In the file is the piece of HTTP header "Cookie: x=foo; y=bar; etc". The script does a cleanup of the string so we end up with only the variable name (x) and the value of the variable (foo). The problem is when I set the cookies from the file, using Wireshark I see the exact values of the variables being sent to the broser. When I see what cookies the browser sends to the page, they are different, i.e I set cookie x=foo;, then the browser sends it back to the page as Cookie: x=bar. Do you know what may be causing this? When I use the Greasemonkey script for injecting cookies everything works fine tough.
Here is my code:
<?php
function inject($what)
{
for($i=0;$i<count($what);$i++)
{
$name = $what[$i][0];
echo "injecting cookie named \"$name\" .... <br> ";
setrawcookie($what[$i][0], $what[$i][1]);
}
echo 'all cookies injected properly, ready';
}
$newcook=file("/home/todor/cook.txt");
echo '<pre>';
for ($i=0; $i<count($newcook); $i++)
$newcook[$i] = str_replace('Cookie: ', '', $newcook[$i]);
$newcook = explode('; ', $newcook[0]);
for($i=0;$i<count($newcook);$i++)
$newcook[$i] = explode('=', $newcook[$i]);
for($i=0;$i<count($newcook);$i++)
echo 'cookie variable name "'.$newcook[$i][0].'" with value of "'.$newcook[$i][1].'"<br>';
echo '</pre>';
inject($newcook);
?>
---------------Cookies being set----------------------
Set-Cookie: MoodleSession=h0j51hvrkvu30mdeu3d9321thit8c8pdkle66llr2lipj80chjb0
Set-Cookie: __utma=16796069.1074685784.1352477410.1352477410.1352477410.1
Set-Cookie: __utmc=16796069
Set-Cookie: __utmz=16796069.1352477410.1.1.utmcsr
---------------Cookies being sent to the server -----------
Cookie: MoodleSession=hn92mn8vhl6kvg7f8qogpgm8reeisnoope27o7q3ivrecnr84gb1; __utma=16796069.1720416199.1352484234.1352484234.1352484234.1; __utmb=16796069.1.10.1352484234; __utmc=16796069; __utmz=16796069.1352484234.1.1.utmcsr=(direct)|utmccn=(direct)|utmcmd=(none)
As part of this php login and redirect software I have a piece of code I need to add to the beginning of every page to be secured.
It lets a user on perfectly if they have valid user login information, but if they go to another 'secured' page and attempt to revisit the original page (or just copy and paste its address in a new tab to visit) it goes to a denied access screen.
Does this error occur because theres something wrong with the session cache headers or is it some deeper problem?
It currently looks like this:
<?php
session_start();
session_cache_limiter();
header("Expires: Sat, 01 Jan 2000 00:00:00 GMT");
header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
header("Cache-Control: post-check=0, pre-check=0",false);
require('config.php');
require('functions.php');
//this is group name or username of the group or person that you wish to allow access to
// - please be advise that the Administrators Groups has access to all pages.
if (allow_access(Users) != "yes")
{
include ('/home/folder/public_html/members/no_access.php');
exit;
}
?>
I've tried changing the headers from other people's questions etc but it doesnt change the problem. I've also looked at any relevant links and made sure they are not broken etc.
The allow access function seems to be this:
function allow_access($group)
{
if ($_SESSION[group1] == "$group" || $_SESSION[group2] == "$group" || $_SESSION[group3] == "$group" ||
$_SESSION[group1] == "Administrators" || $_SESSION[group2] == "Administrators" || $_SESSION[group3] == "Administrators" ||
$_SESSION[user_name] == "$group")
{
$allowed = "yes";
}else{
$allowed = "no";
}
return $allowed;
}
You don't need:
session_cache_limiter();
header("Expires: Sat, 01 Jan 2000 00:00:00 GMT");
header("Last-Modified: ".gmdate("D, d M Y H:i:s")." GMT");
header("Cache-Control: post-check=0, pre-check=0",false);
And might be the stuff that's actually causing the problems.
You can improve this answer by telling us what:
allow_access
Is. And of course use booleans instead of textual yes or no.
Also what is Users ? Is it not a constant from what I see and it is not an object from what I see and it is not a variable...So what is that?
I have the following code in index.php (simplified):
<?php
print_r($_GET);
if ($_GET['f'] == "activate") {
//do stuff
}
if ($_GET['f'] == "disable") {
//do stuff
}
?>
and further down the page, some HTML:
<tr>
<td style='font-size: 0.9em;'>email#address.ac.uk</td>
<td style='font-size: 0.75em;'><span style="color: #00AF28;">Active</span></td><td style='font-size: 0.75em;'>Disable</td>
</tr>
The two hyperlinks will point the browser to the URL index.php?f=disable&id=email#address.ac.uk and index.php?f=disable&id=email#address.ac.uk, respectively.
Upon clicking the hyperlink (and directing the browser to index.php?f=disable&id=email#address.ac.uk), the result of print_r($_GET) is:
Array ( [f] => disable [id] => email#address.ac.uk )
However, the 'if' statement:
if ($_GET['f'] == "disable") {
//do stuff
}
Does not execute until I refresh the page, or press the enter key on the address bar.
I'm using Chrome 16 on OSX for this, with PHP5.
Many thanks
Try to disable the cache. You can do this by sending some http headers to the browser. Here are an example from php.net
<?php
header("Cache-Control: no-cache, must-revalidate"); // HTTP/1.1
header("Expires: Sat, 26 Jul 1997 05:00:00 GMT"); // Date in the past
?>