I am facing a really weird issue here.
I have two websites: **A** and **B**
**A** is the landing page (a micro website). **A** is running Joomla.
**B** - payment pages. Coded with CodeIgniter. Uses session library and stores session data in a database.
=================
Scenario:
a user visits a landing page (website A), chooses a service package and clicks buy. Then he is taken to the payment page (website B) and starts filling in his application form.
Once he is done, he is taken to a payment gateway (provided by SecureTrading) and makes a payment. After a successful payment, a user is taken back to website B, where he has to finish the last bit of his application.
Problems:
After a successful payment, user is redirected back to website B, but for some reason all session data is lost.
When does this happen:
Session data is lost only when a user is coming from the landing page (A).
If i start filling the application form without visiting the landing page at first, everything works just fine.
Why is this happening?
How do i fix this?
Make sure in your application/config.php file you have the following setting set to this value:
$config['cookie_domain'] = ".mysite.com";
Take note of the leading . which denotes that the cookie domain is site-wide. This will make sure the cookie can be accessed from all sub-domains. Here is more information on how cookie domains work. You should always setup this config option as it defaults to empty and will thus use the default cookie setting which in most setups is not what the developer will want.
Related
I'm working on a PHP project that implements bank payments provided by another company.
Let's assume that my webpage is http://www.mypage.com/
The payment is submitted by submitting a POST form, but the action is going to other server. http://www.otherdomain.com/payment
Post data contains an ID of the payment.
When the payment is completed, the response goes back to my website. http://www.mypage.com/payment_completed
After going back, the PHPSESSID cookie has changed, and therefore the user is being logged out.
I noticed, that this only happens in Firefox, and not in Chrome. The weird thing is that if I have more than one logged-in tabs open, the PHPSESSID changes only on the one page that did the POST to other server. Other tabs remain logged-in.
Is there a way to make sure that the session will not be destroyed in that one tab after sending a POST to other server?
My project is using Zend Framework.
I have a url shortener that I created to track incoming links. Currently the php sets a cookie and inserts visitor information into the database. It attaches an id to the redirect url and redirects the user to the website.
The website has javascript on the page that takes the id and tries to set a cookie on the front end. If cookies are disabled, the javascript attempts other things to store that id. The reason I am setting the id is due to the javascript sending random pieces of information to the backend.
Is there a way for php to have a fallback if the person doesn't have cookies enabled? I don't want to create a new database entry for someone who visits the same link multiple times who doesn't have cookies enabled. Don't want to be tracking the same person as 2 or more people.
Edit
If I can't prompt the user that their cookies are disabled, are there any alternatives?
2nd Edit
One of the comments brought this up, so I thought I'd post the link here: User recognition without cookies or local storage
I'm having a problem where sometimes Magento loses my session data - for example, when I'm logging in, or during the checkout process.
Let me explain:
When I enter my email address and password in the customer account login page, sometimes the site just loops backs to the login page without displaying any error.
Similarly, when I add a product to my cart, click "Proceed to Checkout", and try to enter email/password credentials on the login form there, sometimes the site empties my cart and redirects me to the View Cart page with an empty shopping cart.
This has happened on all the browsers and operating systems I've tried. I've observed that once we clean the cookies and cache of the operating system and browser, the site starts behaving normally again. I've also noticed that when we try to visit the site and login with from a different network (e.g. from a smartphone browser) it works, but even here after a few logins and logouts we start encountering the problem again.
Here are some things that the Magento forum users suggested to me - none of them have worked:
Change everything under "Session Validation Settings" in System -> Configuration -> Web to "No".
Change cookie lifetime under "Session Cookie Management" in System -> Configuration -> Web to "86400" or to leave the field blank.
Tell Magento to store session data in the filesystem instead of the database.
I can tell that I'm not the only one having this problem: here's a post on the Magento forums that describes the same problem I'm having.
If you want to see the problem in the wild, my website is SyberPlace.com - we're an Indian e-commerce company.
I've a Code Igniter project using database backed sessions. The web application is password protected, meaning that I have an abstract controller checking if the user is logged in before I allow him to see any pages, apart from the login form.
While I had no problems implementing this, I'm having some difficulty understanding how to make the application redirect the user to the page he wanted to see if he need to login first.
How it goes: the user is logged out and types in a URL. The application detects he's not logged in so send him to the login page and creates a row in the ci_session table. At the same time I store the url the user entered in the session object using either flashdata or userdata. My problem is that once the user logs in, the application will create a new row in the database, meaning a new session, completely ignoring the values I stored previously.
Shouldn't it be one row per session?
The CI URL Helper has a redirect function that you can use. http://codeigniter.com/user_guide/helpers/url_helper.html
Does a "header redirect" to the local URI specified. Just like other functions in this helper, this one is designed to redirect to a local URL within your site. You will not specify the full site URL, but rather simply the URI segments to the controller you want to direct to. The function will build the URL based on your config file values.
The optional second parameter allows you to choose between the "location" method (default) or the "refresh" method. Location is faster, but on Windows servers it can sometimes be a problem. The optional third parameter allows you to send a specific HTTP Response Code - this could be used for example to create 301 redirects for search engine purposes. The default Response Code is 302. The third parameter is only available with 'location' redirects, and not 'refresh'. Examples:
if ($logged_in == FALSE)
{
redirect('/login/form/', 'refresh');
}
// with 301 redirect
redirect('/article/13', 'location', 301);
I think you're misunderstanding how sessions works between a browser and your web application. When a user opens your login page, they are assigned a unique session ID which codeigniter keeps track of. Unless your session gets expired, either forcefully by logging out or due to your own session expire settings, codeigniter should only be writing 1 row per unique session in your database. Make sure you have your sess_expiration variable in config.php set to something realistic.
I don't see how removing the underscore from your cookie name could have fixed this, as the name has nothing to do with how sessions work in general.
You can user something like this.
When the user tries to access a page like
http://test.com/userpage.php
If he is not logged in, redirect him to
http://test.com/login.php?redirectpage=userpage.php
(This redirect will be done by userpage.php after checking the login status from the cookie or the session.)
The login page has the value "redirectpage" and once the user logs in at the login page, redirect him to the page he was previously trying to visit.
You will have to check the user login status in all the pages that you need the user to be logged in.
Solved it.
My problem was not how to redirect or how to store data. My problem was the application creating two sessions per request.
I changed the name of my cookie to something that didn't include underscores and voila, fixed. One session per request and everything works as it should.
I have created a mobile version of a site. It uses the CodeIgniter session to store some data. This seemed okay on Blackberry a few weeks ago but now it is making multiple sessions on every page and therefore it can't access the session where the data is saved. This works fine on the desktop and iPhone. The cookies are being saved to the Blackberry. I've got it so that it using the database to save the data.
On every page it checks to see whether the phone is touch screen to show the page differently. There is also some other data. It's all being saved but into many sessions.
It's on a subdomain - m.domain.com so I'm wondering if the domain name for the cookie might need to be set differently.
EDIT:
I managed to sort it out by saving the session id in a different cookie and then calling that in a query to get the info. Thank you to the person who replied.
do you proceed you session-id on every link and every form? if not, and the client doesn't accept cookies the session will be lost on every new page load - exactly what you're describing.
EDIT: to correct that, take a look at the documentation (+ Passing the Session ID) - just add the SID-constant to all you links and forms, it will automatically be empty if the browser accepts cookies, so the url isn't that ugly for those clients.