We have a PHP site that our users as well as clients use. Our login system works fine on all browsers.
Recently we came across a client who was unable to login into the system. We also tested the same on the clients side and failed to find a solution.
When a client logs in a cookie tk_client_admin is created in the browser, this is created correctly on all browsers at our side, but the same fails to create in the clients browser both IE and Chrome. On FF is works both sides.
This issues seems to be happening only on IE and Chrome and for certain clients only, what could be the problem?
Based on the information you provided, it sounds like there is some sort of network wide restriction placed on IE and Chrome. Maybe they're not permitted to created cookies.
Have you tried using the same browsers (IE and Chrome) on their machines to connect to other sites that also require cookies?
Related
so my file does not work properly if it is on I.E <11 so I want to redirect the user to a chrome broswer and/or provide a hyperlink to take them to chrome if they are on I.E how would I do that?
A browser cannot launch any other applications on the machine.
I also agree with the suggestions to identify the browser and display the message that this version of the IE browser is not supported.
There are some ways like modifying the registry or by using the batch file or using the custom protocol handler to launch the Chrome browser but these are not the suitable solutions as you need to implement it on each machine.
So most suitable workaround is to inform the users of using the supported browsers by your web app.
The latest Firefox, version 63.0, on both Mac and Windows, has somehow broken the login I have built for the admininstrative backend of my ecommerce website. This was previously working fine. I use PHP.
On successful login with valid credentials a $_SESSION['admin_logged_in'] variable is set to TRUE and I am correctly logged in and redirected to a starting page. However when I then attempt to navigate to any other page within the admin site I am immediately logged out as if the session variable has suddenly been lost.
On every single page at the very beginning, including the starting page, I have an include with a short login check script which is as follows:
<?php
//start session
session_start() ;
//check user is logged in
if (($_SESSION['admin_logged_in'] !== TRUE) || (!isset($_SESSION['admin_logged_in']))) {
header("location: /index.php") ;
$_SESSION['admin_reason'] = "illegal" ;
exit;
}
?>
I may have thought this a bug with Firefox however recently I am also logged out, usually though after navigating through a couple of pages, by the latest version of Safari on iOS 12 and MacOS Mojave.
Currently working and no problems on Opera or Chrome (tested on Mac).
I have tried clearing the cache in Firefox and adjusting the privacy settings but no luck. I have spoken with my web hosts and they are not aware of any server side issues or changes.
But if there was a problem with the PHP code and session variables, since this is handled server side, presumably it would not work on any browser and also not worked previously?
Grateful for any suggestions.
I managed to solve this issue, please see my answer below.
I managed to solve this myself.
To clarify, issue on Firefox version 63.0 on both Mac and Windows, Safari version 12.0 on MacOS Mojave and Safari on iOS 12.0.1. Other browsers tested, Chrome and Opera, were fine.
I did some testing with a basic set of pages and found that in Firefox on all pages subsequent to any PHP session variable being set it was not available/did not exist. Safari usually lost it after navigating through a couple of pages.
I then discovered the following page of an old post on the Mozilla forums reference favicons:
https://bugzilla.mozilla.org/show_bug.cgi?id=263057
I checked developer tools and discovered that these browsers, every time in the case of Firefox, and every few pages in the case of Safari, were requesting favicon.ico and getting a 404 response since I did not have one there. For some reason this was breaking the PHP session variables. I am not clear as to why.
So the fix was simply to place a favicon.ico in the root directory of the website.
Thank you for your comments.
It's perhaps linked to new security policy that block some JavaScript or other resources used in your login system.
Check the Firefox web console https://developer.mozilla.org/en-US/docs/Tools/Web_Console/Opening_the_Web_Console
You may have messages like:
Content Security Policy: Ignoring “'unsafe-inline'” within script-src: ‘strict-dynamic’ specified
Content Security Policy: Ignoring “https:” within script-src: ‘strict-dynamic’ specified
Cross-Origin Request Blocked: The Same Origin Policy disallows reading the remote resource at https://XXX. (Reason: CORS header ‘Access-Control-Allow-Origin’ missing).
See https://developer.mozilla.org/en-US/docs/Web/HTTP/CORS
I've just started using PHP and have run into a rather odd issue with using sessions and google chrome.
I start a session and set some variables when a user first logs in, and then access the session variables at different points across my web-app, which is working as expected. The problem is that if someone else visits the web-app from a different computer (on the same network), they are treated as being logged in as the first user.
What's weirder is that this only seems to occur when using chrome. If I sign-in using firefox or IE, then navigate to the app on a separate computer (using any browser) the problem doesn't occur.
Clearing cookies in chrome seems to work, but I would like to know why this is happening to prevent security problems in the future.
We have about 100 users accessing our website daily. A majority of them have no issues logging in. However, once a month we get a call or email ticket with complaints that users just see the login page refresh, with no error messages or anything.
All error messages are sent through the PHP Session cookie, and of course everything after logging in is based off of that session. The only reason I could think that the page just refreshes HAS to be because they are blocking that session cookie on their local machine...
Now most often the user is on internet explorer, but occationally it even happens with Chrome or Firefox. I've even had a user (on OSX) who tried Safari, Chrome, FF - and it would NEVER let them log in, the page would just basically refresh. I had the user add the website as trusted, and still no luck.
It's the worst because I cannot reproduce it from any network or from any browser/computer, ever.
Does anyone know what could be causing something like this? The site IS forcing SSL (the HTACCESS file redirects to HTTPS). The site IS forcing the session cookie as HTTP-Only and the Secure flag is also set to TRUE (and these 2 are somewhat recent changes).
I'm unsure what other settings on the server or the PHP instance would be causing something like this, or if it's soley a client-side issue (which it appears to be). And if it's client side, I'd like to learn the issue and possible solutions to it.
To preempt everyone, no - I cannot share the website URL for debugging because the client would not appreciate that, unfortunately. Thanks for any help, I'll be happy to answer any question that I can!
Do you have more than one web server behind a load balancer? And are the PHP sessions stored locally on each web server? If so it is the load balancer's job to make sure a user keeps going back to the same server on repeated accesses. If something goes wrong, they could get sent to a server where they do not have a session. It could be some intermittent glitch sending users to the wrong server.
Just guessing, because as others noted, we don't really have enough info.
Does your session cookie have a valid name? I've run into this problem in the past where some browsers don't accept a session cookie if it has an invalid name, but other browsers do accept them;
http://php.net/manual/en/function.session-name.php
I have two open sessions on different browsers (Firefox, Opera). Both of them run on different user accounts. When I navigate through the administration page, the cookies are ok. But when I try to upload some images, the uploading php script receives the same cookies as in Firefox.
This doesn't happen if I use Internet Explorer instead of Opera.
If you're using Flash - which it seems like you do - this is because all browsers share Flash cookies since they're stored in the same location on the computer. This is not a browser problem, but rather a Flash problem (or feature).
Edit: See Local Shared Object on Wikipedia for a bit more information about Flash cookies.