I have a kohana (php) web site and we have a problem with the sessions when used by computers on a local network under a proxy.
The problem:
PC 1 and PC 2 are in the same local network. They use a proxy server to access the external web site.
PC 1 access the site with "USER A", he is in the main page now and the site says "Connected with USER A".
PC 2 enters the site and access with "USER B", he is in the main page now and the site says "Connected with USER B".
PC 1 press F5 to reload the site main page, and the site now says that is logged with "USER B".
The system is installed externally and we have this problem only in this under-proxy network. Access from other PCs also under local networks (but no proxy) don have this problem.
We enabled the "user_token" part in the auth module (it uses a new table named "user_tokens" that uses the browser user agent), but the problem persists.
-- edit --
We are using Kohana 3.0, PHP 5.2.9 and postgres 8.4
Does your proxy support caching? It should NOT cache pages which are different if the client is logged in.
You application may have to set appropriate HTTP headers to tell the proxy that it is not allowed to cache HTTP responses.
If this doesn't fix it, make sure you're not using the client IP address as the Session key.
(If you still fancy using the IP, create a whitelist for allowed proxies, then use the HTTP forwarded_for header. It'll only fix the problem for proxies you trust though.)
Can you turn the proxy off temporarily to confirm the issue?
Can you try accessing the site with Firefox and the Firebug extension? This will let you see the exact HTTP response codes and headers that are being sent from the site. Knowing what they are will help us diagnose the problem for you.
Related
I developed this website using Laravel 5.5 for my research group and uploaded it to my university web host. The website's address is in the format of xxxx.cse.yyyy.edu .
When I browse some pages of this website it gets inaccessible and I can't even access the cse.yyyy.edu subdomain anymore for a while (usually after 10-12 hours). I can ping the IP address of the CSE subdomain but can't ping the domain address (possibly a DNS issue?). Although I am not sure, I think restarting my local router makes the website accessible again.
The only thing out of the ordinary about the website is the insecure login page that is not using https at the moment. Other than that, everything is just straightforward laravel code adopted from the original laravel documentations.
I'd be happy to provide more information but I don't really know what kind of info I should be providing here.
What do you think might be causing this problem? Thank you in advance!
So, I figured what was causing the problem. I asked the system administrator to look into the logs of the web host. Turns out that web hosts can have a blocking mechanism in case too many 404 errors are generated. Turning off that mechanism solved my issue. Note that this wasn't something I could fix on my own and might be the same in your case if you don't have full access to your web server settings.
I have migrated a Magento website to a live server, but it shows the old website on my PC and when I open in my mobile phone, it shows new website. How can I solve this problem?
Some actions to try:
Clear your browser cache.
Try clearing the cookies.
Try in Incognito mode if your browser have it.
Try with a different browser.
Try in a different network (the DNS could still be propagating the required info).
Try requesting an URL with some additional query string parameter, to avoid caching by URL. For example, if your site is in http://example.com/, try visiting http://example.com/?testing=1
Make sure you had not pointed your domain to your local IP in your development computer.
I have a Joomla site running on local intranet. It works perfectly if accessed via LAN. But if someone tries to access the same via VPN network then gives below error.
Access to the Web site is blocked by your administrator. Please notify your system administrator. Made http request for GET /index.php?option=com_content&view=category&id=634:blackberry-&Itemid=59&layout=default HTTP/1.1 to techiecloud:80
What could be the possible reason for the same, Is it application configuration issue or related to network.
That's a network error message rather than a Joomla one.
Try uploading any website there - Joomla or not - and I assume you will get the same message.
We have around 10 iMac's connected to mac mini server. php and Apache enabled on server. I am developing intranet website using php. My requirement is to get the username of the client connected to the server. $_SERVER['REMOTE_USER'] is not working. I don't know why. Please help me out. Is it possible to write JS to find it? It should not ask for user login. It should directly take from client machine login.
$_SERVER['REMOTE_USER'] will contain the username used for HTTP auth. There is no reasonable way to persuade a browser to tell you what OS user the visitor is logged in as (you might have some luck with a signed Java applet, but I wouldn't bet on it).
For an intranet site/app, where you have control over the client machines, you can use some script/application running on system startup which will read the username and store it as a cookie. You can than read that cookie from you web site.
How cookies are stored differs between browser. For example, firefox 3+ uses an sqlite database with a documented format (see this post for some more info). You have to make sure, that the browser is not running when accessing the cookies.
I believe what you're looking for is Single Sign On (SSO). This is most commonly used on windows computers connected to a domain which allows users to authenticate to intranet sites without entering any credentials (eg it uses their domain credentials).
I don't know of a pure mac equivalent. The (most recent) Windows system is called Kerberos and is supported by Firefox on Mac as mentioned here: http://www.cgl.ucsf.edu/Security/CGLAUTH/CGLAUTH.html
It's worth noting that this requires the OS, Browser and Website to all work together. Some issues: firefox (even on windows) doesn't send the login details automatically, it requires a config change to include the site you want to authenticate with. The website needs to be able to verify the authenticity of the credentials passed to it which usually means it needs to be able to communicate with the credential authority (Domain controller/RADIUS/X500 server, etc.). The pesmissions mechanism needs to support (and be configured) to allow credential delegation (that is, the client PC is allowed to pass tokens on to the website to prove identity).
This question was by someone who's managed to get this working on linux so should be a good starting point
My application running on amazon cloud server. when i navigate to various pages the URL remains my domain name . www.mydomain.com while when I navigate through ip binded for that domain it work fine, and when i am running the same application locally on XAMPP server then also it works fine.
I have binded my domain name with the ip of my server.
Can u guess the problem and describe the solution to me?
Due to this problem when user refreshes the page through browser by clicking on refresh button then always the home opens
Please check the configuration of your domain at your registrar.
Some registrars offer a "framing" or "web redirection" service in addition to a DNS service. The behavior you have described makes it sound like you're using one of those services instead of having correct DNS records.