i am developing a e-commerce website. The user logs in and buy a product when he checkout the page will redirect to the payment gateway. After the payment is completed it will return back to my website. This is ok. But when it is returning back the session maintained in my website get lost. This happen only for the first time. If the user again logged in and checkout the process works good and the session is maintaining.
Why does the session lost for first time.
I used session_start() in all the pages..
I cannot find the solutions. Kindly help..
Why don't you use javascript? You can create cookie to store your incoming members data.
With Jquery and cookie plugin you can do this very easy, sure you must do login for member to create this data. Some useful links:
http://www.jquery.com/
http://plugins.jquery.com/project/Cookie
http://www.electrictoolbox.com/jquery-cookies/
Why does the session lost for first time.
That's hard to tell because there is not much information in your question.
Normally a session get's lost if the session identifier (or session ID in short) is not passed from one request (page) to the other.
Please see the PHP Manual how the session ID can be passed. You need to take care with your code, for example that the cookie is properly set. If the session cookie is not set, the session id will be gone and session_start will create a new session.
Related
I'm trying to build an orderform which others can use within an Iframe on their website. Later I want to add this form to facebook.
My current form uses a session to bind the ordered products to the user, but if I disable third party cookies in Internet Explorer I can't order anything. The session ID is changing.
During last steps I ask the user to login and bind an email address to the current session.
I prefer to keep using sessions, so when someone leaves my page, the ordered items are still in their chart. What is best approach to still use sessions inside my iframe?
Thanks for everyones help...
A visitor accessing your web site is assigned a unique id, the so-called session id. This is either stored in a cookie on the user side or is propagated in the URL.
Sessions: Introduction
So this means that if cookies are disabled, you need to propagate a session id into the URL. For example:
Checkout
Now the session id will be passed along even if the user has cookies disabled. It is up to you save the users cart into a database or something for when they completely leave your website. Afaik, sessions are always completely destroyed when a user leaves.
More info on passing the session id can be found here: Passing the Session ID
The issue here is I am trying to login into my system via ajax. Let me explain it to your first.
when my user puts in his login details it will be send to the server via Ajax request and then once it gets verified i create an entry into a session and save the information like userid and logged_in flag.
And then i return those value through Json back to user which is processed by a piece of javascript and redirect the user to dashboard.
If the user is not authenticated it shows an error.
But now whats happening here is. When i create a session variable and when the user is redirected to the dashboard. Sometimes it does not create the session variables and thats why i cant show logout button?
any help will be appreciated.
If you’ve used AJAX-heavy web apps built on a CI backend, you might have noticed premature session expiration, even if you’re expiration was set to never expire ($config['sess_expiration'] = 0; in application/config/config.php)
This was apparently due to AJAX requests not regenerating sessions, and apparent collisions. Long story short, last month there was a patch introduced without much fanfare, which (so far) seems to be working for me.
Replace your system/libraries/Session.php file with the one found here (CI’s git):
https://raw.github.com/EllisLab/CodeIgniter/b211adee89f5fd2192051e9c0826146bd150f469/system/libraries/Session.php
I have a problem with cookies.
Basically I'm trying to store the user's session ID as a cookie like so:
setcookie("CheckoutSessionID",session_id(),time()+3600);
This works fine on my site, the cookie has the correct value and is valid for long enough. However, my site redirects to PayPal so the user can confirm a payment. The user is then redirected back to my site. It's when the user is redirected back to my site that ALL cookie variables are gone.
As in, print_r($_COOKIE), var_dump($_COOKIE) etc have no values. This only occurs after being directed to and from PayPal.
Any ideas as to why this is happening?
Thanks in advance for all help, I'm stumped!
Okay I've been digging quite deep and realised that an earlier question of mine is related:
PHP sessions and session_start()
Basically I had problems because PHP sessions were being deleted when I went to PayPal and back. However, I believe this was actually caused by the session COOKIE being destroyed, not the entire session.
I also found this topic here: Do PHP sessions get lost when directing to a payment gateway?
Answer given by someone suggests using a GET request with the return URL to send data back, instead of using cookies or sessions.
The whole reason I was using a cookie in the first place was to save the user's session ID, as the sessions weren't working properly, so basically I've just made my return URL something like this:
mydomain.co.uk/mypage.php?SessionID=[session ID goes here] and then obtained it then set the user's session ID to it.
Sorted! For now... I mean I'll probably end up hitting another brick wall due to cookies/sessions not working properly.
Thanks everyone for your help :)
Actually whatever is happening (cookie is being empty), logically it's right. When you submit a page/make request the browser sends the cookie from the client's computer with the request so that you can find the cookie in the cookie variable.
But once you redirect the user to another external page/site and come back again to your page then you should not get the cookie in the cookie variable because (in your case) when the user is getting back to your site from the paypal the paypal is not submitting the cookie with the request.
In this case you can save your data in the database before you redirect the user to the paypal and once the user comes back to your site you can retrieve that data from the database.
I got similar problem cookies being removed after redirect from Paypal.
it took me a while to figure out where was a problem.
Samesite=**"Strict"** // Removes cookies after redirect from Paypal.
Samesite=**"Lax"** // does not remove cookies after redirect from Paypal.
I have a some information stored on $_SESSION, the session is stored on the database through a custom session handler.
Is there a standard way to either 'impersonate' a session having a session id or clear specific variables from another session.
I am asking about this because I have my web application, with its session variables on its own working, this is an actual shopping cart with order information using paypal. Paypal returns a response of a payment through IPN (Notifications), which are request made from their server to my site. Those requests, of course, initiate their own sessions.
What I want to find is a way to clear the original session variable from the paypal notification request that sees a different session. Is there a way to do that?
One idea might be to manually edit the database in which the session data is stored, but I want to look for something standard, regardless of the session handlers.
I am asking about this because I have my web application, with its session variables on its own working, this is an actual shopping cart with order information using paypal. Paypal returns a response of a payment through IPN (Notifications), which are request made from their server to my site. Those requests, of course, initiate their own sessions.
What I want to find is a way to clear the original session variable from the paypal notification request that sees a different session. Is there a way to do that?
If you've found yourself needing to edit data in someone else's session, you shouldn't be storing that data in a session to begin with.
If you need to read or otherwise work with the IPNs, perhaps you should store them in the database in an actual table. You can associate the row with the user's session ID, or preferably with their login or email address.
Sessions work because of browser cookies. If you remove the cookie, it will create a new session. If you change your cookie to one for another session, you're now impersonating that session.
You can use Chrome's developer tools, or the Web Developer Firefox addon to get easy access to your browers' cookies.
Did you try to create a session array and giving an id to it.
like this
$_SESSION['ipn'] ="";
$_SESSION['ipn']= "Mescalito";
This shouldn't be necessary in the first place.
I'm fairly sure you can specify a unique job ID in the IPN. Use that unique ID to find out which user the notification belongs to, and edit their data. Don't fiddle with sessions for this, it's bad design.
I need all active sessions to be destroyed when I call a certain function. This function when called needs to destory all sessions NOT immediately but after exactly 30 seconds. Even if the user leaves the page where the session was called before the 30 seconds, his browser should still be cleared of all sessions so when he comes back to the site none of those sessions will be active.
Is this possible? If so how would one go about writing such a function?
EDIT
As for why I need this, I have a shopping cart script that when submitted takes the user to paypal to process payment. If I destroy all sessions when the submit button on that payment form is clicked, I can;t pass all the form data onto paypal. If I don't destroy all sessions, when the user comes back to the site the shopping cart is still filled with the contents he purchased before.
I need the cart to be empty when the user comes back. I figured 30 seconds will give the user ample time to go to the paypal page by which point my cart script has already sent all necessary info to paypal. And then destroying all sessions is safe without fearing disruption to service.
So what I need is sort of a timer script that will work on the server side and will destroy the sessions even when the user is no longer on that page.
See http://bytes.com/topic/php/answers/4134-when-how-php-session-expire-can-i-set-minutes-inactivity
Ok, so nevermind my hairbrained sleep() approach.
Set a flag in the session, before you send them over to paypal. Check this flag and clear the session/cart if it's set.