Using symfony framework 1.4 I have created a website. I'm using sfguard for authentication.
Now, this is working great on WAMP (windows). I can login to several accounts on different browsers and use the website.
I have ubuntu server 9.10 running apache (everything up to date and default configuration). On my server, when I login to the website in one browser it works great. When I on my other computer login with another user account on the public website, the login is successful. But when I refresh/go to another page the first user is shown as logged in instead!
Also, when I press logout, It's not showing that I'm logged out after page load. When I press f5 again I'm logged out.
As mentioned, all this works as expected on my local installation. I'm thinking there something wrong with my PHP session configuration on my ubuntu server, but I've never touched it..
Please help me. This is a school project and I'm presenting it today :(
It's unlikely to be the session handler (certainly not the problem if you are using the default handler). Top of my list of things to check is whether you are sending out the right caching information in the authenticated pages (i.e. either no-cache or Varies: cookie).
C.
Related
First - coming back to this project - never saw this issue before so asking if anybody else has - when I set the project down it was working perfectly. Additionally - several other projects on the same server using the same setup are working flawlessly.
So problem is this.
I login, the login is valid (I'm using DirectoryTree/Laravel to authenticate against LDAP, and have logs showing authentication was successful. All other projects are also using DirectoryTree/Laravel - and since the login is processing I cant see this being the root cause).
I'm immediately redirected back to the / (correct behavior) - but the login form returns instead of loading the vue components when auth:check = true.
I can hard refresh the page - and suddenly I'm logged in. (Must clear cache hard refresh at the browser) same action whether on Firefox, Chrome, Edge. The log in is processed - but its like the session isnt being updated.
I'm using the normal login form with the ui:auth setup.
Anybody ever seen this?
Turns out the issue was a web service worker I had forgotten I had on the HTTPS site. Best guess is its not recognizing that the site is online and is reloading information from the cache as it is a PWA application meant to be used on the internal network of the company. Once I removed the service worker - all was good. Never saw this action from it before so will investigate that further, but I have at least found the main error.
Closing this question and shout out to #Wesley Smith for getting my brain working.
I have this script that works well on other servers but the session part fails on a particular host. I have pointed to another server but would really like to figure out what could be the problem. I have observed that :
It takes 5-15 mins for changes on code to reflect(e.g changing
text on index page).The server seems to cache pages especially index
(BTW i cleared my browsers cache e.t.c)
When i logout and login as another user the server still retains
the session of the last user on the index page (the other pages seem
OK)
I can open index.php (without logging any user) and what i
believe is the last logged in users details display
I tried swapping my code for some authentication systems on github (just to be sure) even PHPAuth which uses cookies (not sessions) fails the same way. But the same code works flawlessly on localhost as well as other servers.
So i would like to figure out exactly what goes on on that host. It is a shared hosting package.
Got a reply from the host. Seems the problem was with the hosts session variable path. They fixed it.Thanks
My website was working properly in last year, we need better performance of the website then we have run two script on Centos 6.9 server
1) mysqltunner script
2) Engintron Nginx v1.8.5
It has been after installed then Some time down website, now website is working.
Problem: multiple users login same time with different system then some user account display all thing to another user data,
for example : Mark is login with our username and password, Peter is already login then some time(2min after) Mark moved to Peter a
The problem is with Engintron and micro-caching, if you disable engintron session will work normally
I use wamp to develop on a windows 7 machine. For this app I have an admin area which tracks the admin username and encrypted password with $_SESSION and a cookie which keeps track of the randomly generated encryption key for the password.
I set the cookie like:
setcookie('key', $key, time()+7200, 'admin/');
The admin user verification is run on every admin page after the admin user has entered username and password details to login.
The directory structure of the site and the admin is:
localhost/mysite/
locahost/mysite/admin/
A session runs in the admin section, and a session also runs in the user interface of the front-end to keep track of chosen criteria for searches.
When I run long database queries in the admin area ie. multiple updates and inserts where each iteration requires a connection to an external API, I am unable to load the front-end user interface in the same browser ie. firefox until after the admin operation has completed. If I use a different browser ie. chrome , I am able to load the front-end of the site while running admin mysql functions with no problems.
I'd like to view the site while these operations are running, and use the same browser. It's a small problem, but I'd like to know how to get around it because I want to learn. I mean I could just tell myself that it doesn't matter because the site works fine when I open another browser, and the final user isn't going to be running admin operations while viewing the site anyway, so from that perspective it doesn't matter, but I am curious.
What is going on with the sessions and cookies that stops me from viewing the site whilst the admin operations are running? Is my question even a good one? Part of me thinks that it's a silly question because ultimately the site works perfectly well in a separate browser. Anyway, thank you for looking!
I think your session is being locked. On the page that takes a long time to run add this at the top: session_write_close(); that should fix it.
we've recently done some installation but I'm facing issues with one pc in particular and its baffling. We have a webapplication installed on our local server which is accessed by all our workstations. FOr some reason we can't log into our webapplication using one workstation. The application is a PHP MYSQL collaboration system. I double checked and for some really odd reason whenever we login it creates a session ID but upon logging in and redirecting to another page the session is broken and a new session id is generated thus the individual is automatically logged out again.
What could be the issue here - is its a firewall thing - its not the web application as we can access it fine via the other workstations. We even disabled the firewall but in all cases that single dumb workstation seems to have an issue with maintaining the session.
Help please - I'm sure its an issue confined to that one PC - what could it be.
Update
The authentication sequence is as follows:
Login
Authenticate user
Build session
Store session variables with session ID in db
Redirect
SESSION variables are empty - a new session ID is generated
Since new session ID is not of an authenticated user - return to login
More details
SSL is not enabled
Cookies are enabled are on the problem machine
UPDATE
I don't understand how can redirection be the problem here. My redirection code is as follows I'm using the following function to redirect to the index page upon successful login.
function _redirect($url)
{
#To redirect to a specified page
if(headers_sent())
echo "<meta http-equiv=\"refresh\" content=\"0;URL=$url\">";
else
header("Location:$url");
exit;
}
Plus even if it is an issue why is it a problem on just one PC and not on the others? I don't wish to change my code just to accommodate one system as opposed to fixing whats wrong with that one system which is preventing it from behaving in the first place.
MORE UPDATE
I just double checked and found something odd. My login is ajax based i.e. a request is made via ajax if it is a success the session variables are generated and a boolean 1 is sent back upon receiving the user is redirected via a javascript call which is:
function _redirect(url)
{
window.location = url;
}
I commented out this call and instead when the user is logged in I manually go to the index page and it works fine!! What is the javascript redirect messing up in this one pc thats not messing up in the other workstations is beyond me :( How do I fix this?
It sounds like the cookie is not being set and sent back to the server properly on this machine. Verify that you have cookies enabled and that you don't have some 3rd party browser extension or other software blocking cookies.
what browser are you using on this workstation? IE? Firefox? Have you tried different web browsers? Tried checking the browser settings yet? What is the time out set to? Is the time on the server and workstartion syncing properly with ntp?
In IE you can disable accepting of sessions cookies if the security is set to high I believe.
If you're losing the session, it's likely because the session cookie is not being transmitted. Does the browser on that machine have cookies enabled? Are you using SSL for your login page? Does your login code do anything besides validate a username/password (e.g. validate an IP address or machine name)?
Edit
Can you verify with Fiddler/Wireshark that the session cookie is transmitted when you redirect? Can we see some example login code?
I misunderstood the question to begin with (hence my edit history)
What is the domain the login is on and the main site is on? If it's between domains (could be anything like sending between example.com and www.example.com)