i am having some application in PHP and providing service to some other client. they have put our link in the iframe on their site page. The problem is with session establishment. it works great in google chrome , firefox and IE 8. but it is creating a problem in IE 9. For the first time, when the page is opened , the session is not established on our application but if the page is refreshed then the session is established.
IF i copy the iframe link to the IE9 address bar, then also the session is established. I have not used any domain for our application just given them the public IP to be used.
For session , the client is sending its details along with our page and we authenticate and establish the session on our server. Our session is different than the session used by client. The application is hosted our own server.
Related
I'm using Symfony Session component with NativeStorage.
The initialization is very simple (session property has type Symfony\Component\HttpFoundation\Session\Session)
$this->session->start();
I'm facing a session issue during payment redirects, my application redirects user to Paypal payment, if the user push "abort" link in Paypal page it will be redirected to the abort page of the initial application.
During this second redirect somehow the session is refreshed and a new cookie and a session-id is activated.
I'm working with Firefox without private mode. I have tried to open the page manually in a new browser tab but the session is discarded in the same way.
What can cause a session expiration during a page redirect? The cookie generated is the standard cookie made by Symfony Session class and PHP:
Domain and protocol (https) dont change. The URL path changes from initial page to abort page.
UPDATE:
The issue seems to be connected to Firefox.
I have tested it with Chrome and works, I have tested the case with Firefox in privacy mode and it works... so I guess it is something wrong with my firefox sessions.
I am making a small two page php project for someone.
I have a login page which redirects to a page with 20-odd checkboxes populated from the DB.
On login if the details are valid it creates a session user and a few others.
Locally everything is fine.
On the server however, it's not configured to use any custom session path and apparently is a shared hosting eviroment so I can't change the php.ini to include the session info.
It seems that the host is also blocking php post information.
Is there any other way I can simulate the same effect as having a session variable?
I have a php application in which I scrape a website and get all of the links present in the site. While I am running the scraper in a tab of a browser and open the app in the other tab of the same browser, it keeps loading until the other tab processing(running scraper) is complete.
I have tried using ajax in this case i.e. I send the request through ajax post to find the links, but it is not effecting.
Any kind of help and guidance will be appreciated.
That is probably caused by the session lock. If your multiple connections (tabs) require the same session, you can't.
If they could be independent, then you would have to pass a session id in the URL to identify which tab is communicating with the server.
Note that the web server may also have restrictions configured on the number of simultaneous sessions from the same IP.
Let a user using Mozilla browser , On three tabs he login to his yahoo account ,gmail and hotmail.
Now if we Clear Recent History , all three session will be cleared.
But at the same time if there is another session in any another browser it will not be cleared.
So What i am trying to ask here is , the cookies and session related details ,browser cache will be in the local computer and it will be cleared on clearing history.
But is it browser specific?
The cookie and all will have any browser specific id , how it will differentiate that now clear the IE history or clear chrome history.
You can in fact use two different accounts on two different browsers at the same time. The browser history/cookies etc are specific to the browser in question.
There isn't a "standard" where browser save their settings, each do it as they file. MSIE might use the Windows Registry while Firefox might use a local database file.
For the server to keep track of a client session a session id is sent to the client. Which the client uses in each request to the server.
On the local computer each browser has it's own way of saving the cookie files. So when you clear the cookies in Firefox, then the cookies saved by Firefox will be deleted. Same thing with Chrome, IE, Safari etc.
They could even be using a own way of serializing the cookies for all that I know.
we've recently done some installation but I'm facing issues with one pc in particular and its baffling. We have a webapplication installed on our local server which is accessed by all our workstations. FOr some reason we can't log into our webapplication using one workstation. The application is a PHP MYSQL collaboration system. I double checked and for some really odd reason whenever we login it creates a session ID but upon logging in and redirecting to another page the session is broken and a new session id is generated thus the individual is automatically logged out again.
What could be the issue here - is its a firewall thing - its not the web application as we can access it fine via the other workstations. We even disabled the firewall but in all cases that single dumb workstation seems to have an issue with maintaining the session.
Help please - I'm sure its an issue confined to that one PC - what could it be.
Update
The authentication sequence is as follows:
Login
Authenticate user
Build session
Store session variables with session ID in db
Redirect
SESSION variables are empty - a new session ID is generated
Since new session ID is not of an authenticated user - return to login
More details
SSL is not enabled
Cookies are enabled are on the problem machine
UPDATE
I don't understand how can redirection be the problem here. My redirection code is as follows I'm using the following function to redirect to the index page upon successful login.
function _redirect($url)
{
#To redirect to a specified page
if(headers_sent())
echo "<meta http-equiv=\"refresh\" content=\"0;URL=$url\">";
else
header("Location:$url");
exit;
}
Plus even if it is an issue why is it a problem on just one PC and not on the others? I don't wish to change my code just to accommodate one system as opposed to fixing whats wrong with that one system which is preventing it from behaving in the first place.
MORE UPDATE
I just double checked and found something odd. My login is ajax based i.e. a request is made via ajax if it is a success the session variables are generated and a boolean 1 is sent back upon receiving the user is redirected via a javascript call which is:
function _redirect(url)
{
window.location = url;
}
I commented out this call and instead when the user is logged in I manually go to the index page and it works fine!! What is the javascript redirect messing up in this one pc thats not messing up in the other workstations is beyond me :( How do I fix this?
It sounds like the cookie is not being set and sent back to the server properly on this machine. Verify that you have cookies enabled and that you don't have some 3rd party browser extension or other software blocking cookies.
what browser are you using on this workstation? IE? Firefox? Have you tried different web browsers? Tried checking the browser settings yet? What is the time out set to? Is the time on the server and workstartion syncing properly with ntp?
In IE you can disable accepting of sessions cookies if the security is set to high I believe.
If you're losing the session, it's likely because the session cookie is not being transmitted. Does the browser on that machine have cookies enabled? Are you using SSL for your login page? Does your login code do anything besides validate a username/password (e.g. validate an IP address or machine name)?
Edit
Can you verify with Fiddler/Wireshark that the session cookie is transmitted when you redirect? Can we see some example login code?
I misunderstood the question to begin with (hence my edit history)
What is the domain the login is on and the main site is on? If it's between domains (could be anything like sending between example.com and www.example.com)