I have a PHP site that makes use of sessions, which obviously are not supposed to be able to persist if you close your browser. I've done this scores of times, no issues.
And no issue currently - except within Microsoft's new Edge browser. If the user logs in, works in the site, closes Edge's window in the top right corner, and then re-opens the page and pastes the web address (or bookmarked it before), all their variables from the previous visit are still present. That's a problem, as each visit the viewer will likely want to give/lookup changing information.
I've successfully replicated the problem in Edge. What I can't figure out is why Edge is doing it. Every other browser kills the session and all its variables upon closing of the window (tested all the major browsers, including Internet Explorer). The only thing I can think of is Edge isn't actually closing as a program when the window is closing. Has anyone else ran into this problem? I can't find anything in the forums.
It is possible the session ended, but there is a bug with the cache.
I noticed that Edge is very aggressive with using cached pages. It would show a signed in page even after the user signed off (actually killing their session and updating the session cookie) because it would not respect the etag or any other cache instructions. I had to specifically prevent IE11 and Edge from caching at all.
Related
I changed my website at the beginning of March to use php instead of shtml. I put server-side redirects in place, and my analytics showed almost everyone picking up the php versions within a couple of days. The only devices that went on and on showing as .shtml were all iOS, but even that seemed to stop after a week or so. However, I have just now seen a .shtml usage come up on an iOS 10.3.3 tablet running Safari 10.0. How can this be happening? Surely no browser is going to cache a page for over 40 days? There were no special cache settings on the old shtml pages.
Any ideas gratefully received.
Thanks
Mandy
From the comments:
iOS seems to keep tabs open indefinitely now, and just suspends the page as if it were an app. It's possible that the person with the tablet just hasn't visited your page in a couple months, discovered the tab while scrolling through them, and re-opened it. The browser MIGHT try to do a reload, but if it doesn't, they may have just tried to navigate inside a stale version of your app
Today is THE day I didn't find the answer I'm looking on the web (it never happened before). The fact is, I didn't find how to question google.
My problem : I run a PHP script "X" on my server (who need several hours) and I can't go to another page "Y" on the same server with Firefox.
But if I load page "Y" with Chrome, it works. How can I setup my server to launch several scripts (on the same server) with the same browser ?
This happens when you use sessions: When you run a script that uses a session, the session is locked. As the same browser is trying to access the same session, it will not work; the browser will have to wait until the session by the other tab / browser window is closed.
Possible solutions are for example:
Close the session as soon as possible / when you don't need it any more;
Don't use sessions for the long-running scripts;
Use different browsers / incognito mode so that the session information is not shared.
You're right.
I had to release the session lock in the scripts with "session_write_close() "and now it work.
Thanks for helping!
I don't know how to explain it or what to call it. Suppose I am logged in. And at that time I shut down my browser without closing the page.
While I'm restarting the browser after a certain time to open the same page, it's getting an error. It supposed to take me to the log in page if session is out rather it stays on the page tries the ajax calls that are on my page and fails to do it. When I reload the page then it takes me to the login page.
What's wrong?? Why isn't it taking me to the login page at the starting of browser?
Let me know if you need to see any particular portion of code. I'm new to symfony2. Please explain why this is happening if possible!!
Update: Checked with Chrome, it's working as I wanted. But problem exists for firefox.
Your browser is most likely loading the contents of that particular page from the cache. It's not making a call to your app server at all, so the server doesn't have the opportunity to tell your browser that the session is no longer active. This has nothing to do with Symfony in particular.
I have a PHP program that uses session variables to pass data over several PHP scripts. When I test it on my normal computer it flows just fine, and the session data holds through where expected, gets maintained on page refreshes, etc.
The strange thing I'm encountering is that on a secondary computer, the session is wildly inconsistent. I'll arrive at a page and it acts as if none of the session variables had been set. What's even stranger is, if I try reloading the page, sometimes the variables will actually load (and if I refresh again, they disappear again).
From what I can tell the problem doesn't seem to be browser-specific (I've tested on Chrome, Firefox and IE on both computers), but rather computer-specific, which seems really strange to me. I asked two other people to try it out, and discovered the exact same issue -- for one person the program runs just fine, but for the other person the session variables load inconsistently.
Any thoughts? I'm not doing anything fancy with the session, I just have the session_start() calls at the beginning of the scripts, post data via forms, and access/store via $_SESSION.
Edit: Some additional details --- in firebug, on the computer that isn't affected I'm seeing 3 cookies, which I guess I should be expecting (I'm admittedly not much experienced in session management and cookies). On the computer that is affected though, I'm not seeing any cookies at all in Firebug, even when the page does randomly load properly.
Also for clarification, I do expect the session data to be distinct for each computer, I'm not expecting data from one computer's session to be available on another computer's session.
Edit 2: I checked the cookies in firebug again, and it does seem like the 3 cookies are showing up on the affected computers (maybe it wasn't loading properly earlier today). I've done a var_dump of the $_SESSION variable on the pages that aren't displaying the data correctly, and sure enough all the information is there. It's just, for some reason it only sometimes loads in the HTML section below. I'll keep digging.
After a ton of digging around and testing, I finally figured it out, and the answer was surprisingly obscure and yet under my nose at the same time. My company uses VPN to tunnel remote desktops to our work servers. Although the pages I had set up on the work servers were accessible and worked properly via the browser (which is what threw me off), the session cookies weren't passing properly to the affected computers because those computers didn't have the site's IP address mapped to the work domain in their Windows hosts files. Once I mapped the IP address to the site domain, everything worked perfectly like my primary computer. Thanks to everyone who gave the issue some thought!
In my Zend Application, I am trying to make our authenticated users be automatically logged out when they close their browser.
For that I'd write following code:
ini_set('session.cookie_lifetime', 0);
And its working fine on browsers like Chrome, Safari, IE7 and IE8, but in case of firefox, users still remain logged on when they close their browser.
Does anyone know what is causing problem?
Thanks In advance...
A value of 0 indicates "session cookie" - i.e. one that the browser should destroy when the "session" is over and the browser is closed.
However:
Different browsers have different interpretations of exactly what a "session" is - some will destroy these cookies when your close the tab, some when you close the window, some won't destroy the cookies until all instances of the browser have been closed - all tabs in all windows.
Since cookies are stored and transmitted by the client, they are completely the responsibility of the client. You should not rely on cookies alone to control whether a user has a valid login because they are ridiculously easy to spoof, you should implement some kind of activity timeout as well.
Make sure you have actually ended your Firefox session when testing - close all open tabs and windows, and watch the process list to ensure there are no instances left. If you are still having a problem, you are probably looking at some kind of bug in Firefox (or maybe you've made some strange change in about:config) and you need to ask for Firefox-specific help - SuperUser.com would be a better place for that. One thing you can be fairly sure of is that if it works everywhere else, it's not a problem with your PHP.