Firebug destroying session variables in Codeigniter application - php

Well I m having strange problem here. I have a codeigniter 2 web application which requires user login.
My session works perfectly when I jump from one page to another. But when I turn on Firebug and try to jump to another page, i m kicked back to login page.
This happens always everytime I turn firebug on, but works okay if its not turned on. I have no clue whats going around.
Why Codeigniter session is not working when Firebug is turned on?
Any help will be highly appreciated.
Edit:
I have two separate applications made with Codeigniter. Both have same issue.
P.S. I am facing this problem in my local machine, haven't checked in remote server.
Thanks,
Sabin

if you have the session filtering by user agent that's the problem. firebug adds additional stuff which can cause CI to think your session has been hijacked.
if you have firebug on globally, you may notice some sites tell you to disable the plugin for their site(for example gmail) for that very reason.

Also, if the sessions are not setting try a couple different values in cookie_domain. Setting it to empty did the trick to me. It appears that codeigniter tries to fill in the value for you ($config['cookie_domain'] = "";)

Related

Session ID change with every load inside iFrame when disabled Third-party cookies in the browser

I am searching for answers across Internet, but most of the answers are old that does not work anymore or they involve changing the host and the remove server. I want a solution where I can give a working iframe html code to my clients and they can embedded it into their website's and use the build-in shop from my website into their website. The website opens successfully, but the session changes every time there is a new request. I tried put this on my server end, but this is not working
session_set_cookie_params(["SameSite" => "None"]); //none, lax, strict
session_set_cookie_params(["Secure" => "true"]); //false, true
session_set_cookie_params(["HttpOnly" => "true"]); //false, true
I am open to idea's for my problem. After a lot of digging I can see that Chrome changed something and now you can't have persist session from one site to other, because of hacking attacks I guess.
Is there a way to keep the session between pages in Chrome 106 and above is my question without changing anything to the remote server website?
Update: #Cbroe is right this is happening probably because I disabled the Third-party cookies in my browser, but is someone give me a working solution to that I will be more then glad or if there is a working solution to that at all or I have to change my code and send the session with GET/POST requests like CBroe is suggesting.

Problems logging into Magento Admin

Occasionally I run into a problem logging into the Magento admin panel. The username and password I enter is correct and the url in the browser window tells me that I have logged in correctly (ie: I see domain.com/index.php/admin/areallylongstring), however the login window is displayed again. No error message telling me that the log in details are incorrect is displayed, I am just routed back to the log in window. Has anyone come across this before and can anyone please suggest a solution?
Thanks!
Try start a private browser session and see if you can login, if so clear your cookies for the website and you should be able to login.
I occasionally get this problem, next time I get it I will dig into the code with my debugger to see what is actually going on.
This problem arises due to multiple reasons and the cheapest solution for this will be comment out the following lines in one of core files of magento.
FILE :- app/code/core/Mage/Core/Model/Session/Abstract/Varien.php.
// set session cookie params
session_set_cookie_params(
$this->getCookie()->getLifetime(),
$this->getCookie()->getPath()//,
//dependes which versin of mage you are using, you may comment these as well
//$this->getCookie()->getDomain(),
//$this->getCookie()->isSecure(),
//$this->getCookie()->getHttponly()
);
Find out above code in that file and then comment out those three cookies as shown above.
But as I said it is the cheapest and easiest solution that you can go with. For more information, checkout this link

Tank_Auth on IE7 -- login redirects to 404 error

I am using CI 2.0 and Tank_Auth.
On IE7 (Win XP), there is the weirdest behavior. I fill out the login page info, and when I click on "Login", it takes me to a 404 error on this page:
http://example.com/auth/index.html
My CI error logs show this
ERROR - 2011-04-11 13:00:49 --> 404 Page Not Found --> auth/index.html
Needless to say, this does not happen on any other browser, including FF, Cr, Saf and IE8.
I have also read about several issues re cookies with IE7, have made changes to the cookie names (removing underscores) and duration to no avail. I even wonder if this has anything to do with cookies at all.
Does anyone have a suggestion how I should troubleshoot this? I've been trying this issue at the CI forums, but no solution.
Any roadmap or advice is greatly appreciated.
This does sound weird. What controller/method is the login form posting to? Have you tried making a simple form NOT using TankAuth to see if the problem is recreated? I would first troubleshooting without TankAuth and see how you get on, gradually building up functionality to help you troubleshoot.

Using javascript history.back() fails in Safari .. how do I make it cross-browser?

I am using
Back
to provide a back to previous page link. It works fine on Windows (IE/Mozilla) but fails in Safari on both Windows/Mac.
Is there a way to make it work on all of the systems/browsers (cross-browser/platform)?
If it's not possible, is there any other way using PHP etc?
it should be history.go(-1); return false;
or
history.go(-1); event.preventDefault();
You should consider doing it like this instead:
Back
Try this instead. It should work across IE, FF, Safari and Chrome.
<a href="#" onclick="if(document.referrer) {window.open(document.referrer,'_self');} else {history.go(-1);} return false;">Cancel<a>
The below code is working.
Back
If anyone is still struggling with this issue try removing the href-attribute from the link you want to use window.history.back() with. I'm not sure if this workaround complies with HTML-standards but it worked out fine for me.
I've faced the same issue recently, and although I'm not exactly sure why, this is the solution that worked for me:
If the user is on iOS:
history.go(-2)
If not:
history.go(-1)
I faced a similar issue on an e-commerce site I have been building for one of my customers. I initially went the route of calling:
window.history.back();
when the button was clicked. I encountered the same problem you are having with cross compatibility issues.
To answer you question about
If it's not possible, is there any other way using PHP etc?
My opinion is you should not invoke a method on the server to do a client operation. This is unnecessary overhead on your app and in my opinion, poor design/implementation.
Now to answer your main question:
Is there a way to make it work on all of the systems/browsers (cross-browser/platform)?
To solve the issue I found a client cookie library produced by Mozilla (https://developer.mozilla.org/en-US/docs/Web/API/Document/cookie) from another StackOverflow post (my apologies to the author - I don't have the link to your post).
Using the library I create a cookie with a key of 'back-url' when the user navigates to the part of my app where I want them to be able to go back:
$('#id-of-button-clicked').click(function() {
docCookies.setItem("back-url", window.location.href, ".myDomain.com", "/");
});
This code sets a cookie with a key-value pair 'back-url', and the current url and makes it accessible from the root directory of myDomain.com.
Next, on the page where I want the user to be able to navigate back to the URL set in the cookie, I call the following code:
$(‘#id-of-back-button’).click(function() {
window.location.href = docCookies.getItem('back-url');
});
This code sets the window location by getting the value of 'back-url'.
Disclaimer: I am no professional js developer - just trying to put in my two cents from some lessons I have learned.
Challenges to this answer:
This answer uses cookies, many people don't like the use of cookies. My customers requirements allow me to use cookies.
I'm not encrypting the cookie - some may consider this bad practice. I am still in the early implementation phase of our development. I am, however, restricting access to the cookie to only within our domain.

Installing Recaptcha in Joomla 1.5 user registration

I am trying to install ReCaptcha into the user registration of Joomla 1.5. This may just be an issue with Joomla but when i hit register nothing happens. I think it's doing some JavaScript form validation but there is nothing telling the user what went wrong. if, God forbid, they do fill out the form correctly Joomla will redirect the user to the homepage and give no notice of success.
Is this a Joomla issue or is there something wrong with my install? Does anyone know of a plug-in or module for Joomla that would make this easier?
Thanks in advance,
Samuel
UPDATE: Joomla does a lot of "stuff"/"something" to the $_POST and $_GET variables which was causing the reCaptcha to not function. This was for work which is past so I am not spending anymore time on it. Shameless Plug: use wordpress instead.
this can be closed as I don't have time to verify which answer works
Are you sure you tried all reCaptcha plugins for Joomla? There are plenty:
http://extensions.joomla.org/extensions/search/reCaptcha
Make sure your template contains the message tag to display messages to the user regarding successful or unsuccessful registrations (among other things!)
http://docs.joomla.org/Jdoc_statements
Are you sure that no error is displayed ? Iam using it with some php applications, the error is inside the "BOX".
Try the community builder component, module.
If by 'nothing happens' you mean the visitor stays on the registration page and doesn't advance, check the JavaScript error log for your browser and ensure that a fatal error isn't keeping the form from being submitted. If you mean that the page does advance and the result is a completely blank page, there may be a PHP error being encountered, and you have errors not being publicly displayed. Log into the hosting server and look at the PHP log to see if there's any fatal errors showing up.
I strongly recommend using mollom/moovum. It works with registration and the beautiful thing is that you don't have to hack any files while users will only notice your protection if there is doubt or spam.
Joomla does a lot of "stuff"/"something" to the $_POST and $_GET variables which was causing the reCaptcha to not function. This was for work which is past so I am not spending anymore time on it.
using wordpress from now on.

Categories