The task was to bypass login form on remote server with a session_id acquired through a call to server's web API. So that user wouldn't have to login twice.
Since there's no way to set cookies for different domain. What we came up to was - put a little file on remote server, to which we pass encrypted session_id from hidden iframe and which is supposed to start a proper session for a remote app, which is then loaded in another iframe.
This approach works fine in FF/Chrome, but not IE... However if I copy url to self-made remote authorization script from iframe's src attribute to IE's address bar and load it from there, session get's created as expected. But for some reason it just doesn't want to do the same from an iframe.
Does anyone have any clue, why this is happening?
I just ran into the same problem and solved it by setting the time on the server serving the iframe to the time of the server that contains the iframe.
Ok, what we did for IEs, we just redirect the whole browser to the authorization script, which then redirects it back again. At least that resolves a problem, somehow.
Anyone having any better solution?
Related
Is it possible to read the cookies that are sent by a third-party homepage using php?
In concrete, i want to find out if a page using GTM does also set .ga cookies.
I was thinking of a "virtual browser" solution on the server, is that possible / is anybody experienced with that?
Thanks!
No, because PHP runs on the server and gets only the cookies of that domain
Cookies are stored on the client (browser). PHP is executed on the other side. The cookies are stored in the browser and the browser sends the cookie values along with the HTTP request to the server.
Therefore, the PHP process only gets to see the cookies of that domain.
And if you think of it, everything else would be a security flaw because every site could read for example secrets of sessions that are open on another site!
I have an application running on 192.168.1.100. This application serves a page in which an iframe is embedded which is basically another application running on totally different ip e.g. 10.0.0.1.
The issue is whenever user performs a login inside iframe a cookie is set but it is not sent back to 10.0.0.1 for subsequent requests.
What i am trying to achieve is this even possible?
Any help in this regard is appreciated.
I am trying to convert my web game into a desktop app. Everything works except for the session data. I got websockets, images, audio, and all of that working. Great! But when I try to authenticate, it POSTs to the web server just fine, returns a successful authentication, and attempts to reload the page. However, upon page reload, the subsequent AJAX requests cannot get any of the $_SESSION values again.
I was able to find my PHPSESSID using win.cookies.getAll inside of the nw.js app, but I don't see how this helps me at all. Normally this is automatic when loading the webpage from the server. How do I fix this?
so what i am trying to do is this:
login to the other server with a PHP on my own server (either with my username and pass/or with my cookies)
then have access to the page i want to display/download
i want to write a PHP script that is located on my own server, that automatically does a login to another server, that uses HTTPS and a web form for login.
after the login i have access to that page that i am trying to download.
i dont know if it would be possible to login and download the html only with the cookies that i have in my browser through a previous login, or if i need to do the login in my php script through some https login method.
can i do any of this with curl or fsocksopen or what would be the best way to realize this?
thanks in advance!
you just have to try. in most cases you should be fine if you export your cookies and use them in your curl request.
however the website mave hashed the cookies with the remote address, or given a timeout on them.
then you probably have to login from the server. with php / curl you can do that all.
the only thing that may be a problem is javascript/captcha codes.
in addition you should definately check zend http client, it has functionalities that makes "browsing" easy. for example saving cookies and automatically passing them on in the next request and also deleting them if the server tells you so etc.
Use the PEAR HTTP Request class.
we've recently done some installation but I'm facing issues with one pc in particular and its baffling. We have a webapplication installed on our local server which is accessed by all our workstations. FOr some reason we can't log into our webapplication using one workstation. The application is a PHP MYSQL collaboration system. I double checked and for some really odd reason whenever we login it creates a session ID but upon logging in and redirecting to another page the session is broken and a new session id is generated thus the individual is automatically logged out again.
What could be the issue here - is its a firewall thing - its not the web application as we can access it fine via the other workstations. We even disabled the firewall but in all cases that single dumb workstation seems to have an issue with maintaining the session.
Help please - I'm sure its an issue confined to that one PC - what could it be.
Update
The authentication sequence is as follows:
Login
Authenticate user
Build session
Store session variables with session ID in db
Redirect
SESSION variables are empty - a new session ID is generated
Since new session ID is not of an authenticated user - return to login
More details
SSL is not enabled
Cookies are enabled are on the problem machine
UPDATE
I don't understand how can redirection be the problem here. My redirection code is as follows I'm using the following function to redirect to the index page upon successful login.
function _redirect($url)
{
#To redirect to a specified page
if(headers_sent())
echo "<meta http-equiv=\"refresh\" content=\"0;URL=$url\">";
else
header("Location:$url");
exit;
}
Plus even if it is an issue why is it a problem on just one PC and not on the others? I don't wish to change my code just to accommodate one system as opposed to fixing whats wrong with that one system which is preventing it from behaving in the first place.
MORE UPDATE
I just double checked and found something odd. My login is ajax based i.e. a request is made via ajax if it is a success the session variables are generated and a boolean 1 is sent back upon receiving the user is redirected via a javascript call which is:
function _redirect(url)
{
window.location = url;
}
I commented out this call and instead when the user is logged in I manually go to the index page and it works fine!! What is the javascript redirect messing up in this one pc thats not messing up in the other workstations is beyond me :( How do I fix this?
It sounds like the cookie is not being set and sent back to the server properly on this machine. Verify that you have cookies enabled and that you don't have some 3rd party browser extension or other software blocking cookies.
what browser are you using on this workstation? IE? Firefox? Have you tried different web browsers? Tried checking the browser settings yet? What is the time out set to? Is the time on the server and workstartion syncing properly with ntp?
In IE you can disable accepting of sessions cookies if the security is set to high I believe.
If you're losing the session, it's likely because the session cookie is not being transmitted. Does the browser on that machine have cookies enabled? Are you using SSL for your login page? Does your login code do anything besides validate a username/password (e.g. validate an IP address or machine name)?
Edit
Can you verify with Fiddler/Wireshark that the session cookie is transmitted when you redirect? Can we see some example login code?
I misunderstood the question to begin with (hence my edit history)
What is the domain the login is on and the main site is on? If it's between domains (could be anything like sending between example.com and www.example.com)