I need to be able to detect if a used already visited a particular page.
I can set a cookies at their initial visit. I can also store some environment, such as IP, browser, OS, perhaps even language and create some string, like MD5 to compare against current visitor's environment.
Is there another method I should consider?
I work with PHP.
This isn't well defined enough for me to understand why just using cookies wouldn't satisfy this problem. A cookie has a domain and path that you can set on the server for each page they visit. As they visit each page you can look at those two settings to figure out if they have the cookie set on their browser or not and hence they have visited the page. You really don't have to get anymore sophisticated than that if all you want to know is did they visit the page before now.
Related
I need to know if a user visited the webpage by clicking on a link from the same website. I can use $_SERVER['HTTP_REFERER'] and check if the domain is the same. But HTTP_REFERER is not always set.
I must detect the difference between visiting a page via own website and coming from an external website (or direct visit). This must be able over and over again, meaning that if a user leaves the site and come back through a search result, I again must be able to detect this.
I thought about setting a session, but than I can't detect a second visit within the session lifetime. Also don't see an option for setting a cookie.
What other options do I have?
I think you should use Database(MySQL) to save the HTTP_REFERER each time for every visit from a specific IP and for a particular date.
You can check the time difference between the two records (like in some minutes) that an IP has accessed and can get the records if a user leaves and come back again to the website. This way you can track the logs for each visitor like how many times a visitor access the website.
Hope this way you can manage the desired output for your application.
I'm planning on creating a responsive PHP image, that retrieves just the username of the current logged in user on a small forum. It's just going to help people on the forums see who last viewed the topic.
Using a PHP image, you can gather lots of information, but I need to find out what user is logged in and viewing the page.
I can't access any of the sites cookies, so would like to grab the html source from the page that loaded the image - from a specific part, that would hold the logged in users username.
Is there any way to grab any of the source code from the page that loads the image? I can use file_get_open() on the HTTP_REFERER session variable, but that wouldn't have any of the cookies or session variables.
If the original page is PHP, in the same server and using the same session, then those are of the original page too. But it's not always the case.
Say you got redirected from another website (could check referrer) or from another engine, say the page you came from is within the same server, same domain, but a different engine like .NET then your session wouldn't be the same but the cookies might.
But then again, if like Cake, the Cookies are protected (or mangled) then you will be able to access them, but you won't be able to decipher its content.
Depending on the how the previous page setup the cookies you could even read them if they came from the same domain (i.e. a.domain.org/ble.html -> b.domain.org/image.php). But is not safe to Assume.
See:
http://php.net/manual/en/session.security.php
http://blog.teamtreehouse.com/how-to-create-totally-secure-cookies
Note: Sometimes, you can't even trust HTTP_REFERER and REMOTE_ADDR. They can be spoofed easily.
If you check the manual, you will see that
$_SERVER['HTTP_COOKIE']. It contains the raw value of the 'Cookie' header sent by the user agent
and for $_COOKIE
The value of $_COOKIE is determined by the content of cookies received in the user agent's request.
You can see $_SESSION for the session variable
I have a script that i server to my clients. Now without going into details the script is looking if the user has a cookie from a certain domain (my domain) and if the user has the right cookie some data and features are given to the user.
Now for secruity reasons me and my company had to change our base url address of the place where cookie is set.
Now even though the above seems rather strange i can ensure you that my question is fairly simple:
Is it possible to change the url of a cookie and if so how?
The browser only sends the cookies of the corresponding domain, so you have to create the cookies again, from a php script on the new domain.
I'm not great at PHP, and everything I currently know, I have just taught myself by browsing the internet.
I am currently trying to work with cookies in my page, in order to set up a persistent log in for a day.
Basically I have gotten as far as managing to set a cookie, with a value of the session username. This value is set when the user logs on.
So the user enters credentials, php checks against mysql database, if it is successful then the username is set as session variable, and this is then set as a cookie.
This works, as if I run this php and immediately echo the cookie, the username is displayed.
This is all done on my login form which is brought up in a tinybox (similar to a lightbox and other such pop up windows). The cookie and echo seems to work correctly from here.
However, when the login is successful, it refreshes the parent page, (root page of my site) and all seems well. However, if I then try to echo the cookie from the index page, I can not access it.
I know cookies have limitations on them for security, but seeing as how my login page, and my home page are on the same domain, then I thought this would have worked.
Is this something I am likely doing wrong, or is it a cookie limitation. Would it work if I set the cookie from the index page itself, rather than from within a tinybox?
If anyone wants examples of the code I am using, it can be provided.
Many thanks
Eds
Which navigator you use? Chrome can't work by default with local cookies. You can enable with command line --enable-file-cookies
http://code.google.com/p/chromium/issues/detail?id=3014
Was helped out by DaveRandom on this one.
Turns out I had to add "/" as the root path for the cookie, so that it was available to parent pages.
I have a site which I have been testing in a sub-folder of my client's site-root.
I had no log in problems during testing, but then I moved the new site files from a sub-directory to the main site root, and now I'm losing my logged in state after almost every page refresh in secure areas.
I am running a $_session based login system that refreshes the session id on every page load, with a comparison value stored in the MySQL database.
Does anyone have suggestions for what could be causing this problem?
krico was right in suggesting that the cookie path may be the cause (but the solution proposed seems a bit daft) however you've said that is not the case.
Check to see exactly what cookies (name, path, expiry, flags) are being set and returned by using iehttpheaders (MSIE) LiveHeaders (Firefox) or using a network sniffer like wireshark. Then ask the question again providing details of what you found out.
C.
Cookies are usually path relevant. Your previous sub-directory based site was probably setting the cookie (that binds the browser to the user) only for that sub-directory.
A way to fix it is to put a redirection page on the old subdir that adds a cookie to '/' and then redirects to new site on root.
If you change session id you will loose all data stored in previous session. You must set session name after every session start command
<?php
session_name('AnySessName');
?>
or use other mechanism to store your variables cross sessions.