By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
454,729 Members | 1,363 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 454,729 IT Pros & Developers. It's quick & easy.

session loss

P: n/a
Hi,

I've been searching for a long time, but couldn't come up with a
solution or a clue, so I submit my case to your attention :

1. On a Windows client, an application creates a temporary htm file and
opens it with IE 6. This file only contains a redirection instruction
to an outside URL :

<META HTTP-EQUIV=Refresh
CONTENT="0;url=http:/my.url.com/?params=zdazdazda">

2. once I navigate at this adress, everything is fine until the site
opens a pop-up window, I close it _and_ try to follow another link
(still inside the site) : the client loses the session reference

On the server side, PHP based, the file containing the session data
still exists in /tmp.

What I can do :
- update the temporary htm file
- modify the php files
What I can't do :
- skip the Windows app.
- use another browser

My config :
client : WinXP SP2 + IE 6.0.2800
server : L.A.M.P.

I'd be very willing to discuss with you any solution.

Regards.

Jul 17 '05 #1
Share this Question
Share on Google+
5 Replies


P: n/a
LucasGT wrote:

Hi Lucas,
Hi,

I've been searching for a long time, but couldn't come up with a
solution or a clue, so I submit my case to your attention :

1. On a Windows client, an application creates a temporary htm file and
opens it with IE 6. This file only contains a redirection instruction
to an outside URL :

<META HTTP-EQUIV=Refresh
CONTENT="0;url=http:/my.url.com/?params=zdazdazda">
That is a strange URL, but if it works, fine. :-)

2. once I navigate at this adress, everything is fine until the site
opens a pop-up window, I close it _and_ try to follow another link
(still inside the site) : the client loses the session reference
Oops?
The popup makes the session go away?
My first guess would be to investigate that popup thing.
Your redirection html file has nothing to do with it (I expect).

If you go to the side, does the same popup also make the session disappear?

Another thing: How can the popup delete the session? Are you the one who
owns this code and can you hunt down the problem from there?

The only thing I can think of is that the code that resides in the pop-up
code (or associated with) is responsible for ending the session.

Another more farfetched senario would be that javascript deletes the cookie
that contains the sessionid.
But then again: If it is your code, you would know...
Regards,
Erwin Moller

On the server side, PHP based, the file containing the session data
still exists in /tmp.

What I can do :
- update the temporary htm file
- modify the php files
What I can't do :
- skip the Windows app.
- use another browser

My config :
client : WinXP SP2 + IE 6.0.2800
server : L.A.M.P.

I'd be very willing to discuss with you any solution.

Regards.


Jul 17 '05 #2

P: n/a
>><META HTTP-EQUIV=Refresh
CONTENT="0;url=http:/my.url.com/?params=zdazdazda">


When sending a redirect the session isn't always sent with it. You most
likely will need to attach the session id if it is not contained within
a cookie (sometimes they are sometimes not).

Mike
Jul 17 '05 #3

P: n/a
>> <META HTTP-EQUIV=Refresh
CONTENT="0;url=http:/my.url.com/?params=zdazdazda">
That is a strange URL, but if it works, fine. :-)
Actually, the true URL is more bizarre than this one, but if it works,
fine :-D
If you go to the side, does the same popup also make the session

disappear?

I'm afreaid I don't understant what you mean by " If you go to the side
" ?

in fact, I don't own the code but have access to it, and I'm able to do
a lot of change in it
I'll try to see if / how the pop-up can delete the session (cookie) on
the client side. I'm quite sure it ain't a javascript thing, but what I
didn't tell you is that the popup is a pdf.

Another thing : if I copy/paste the _strange_ URL directly in a browser
window, no problemo. The session's never lost.

Thank you for your advices. I'll inform you of my progress.

Jul 17 '05 #4

P: n/a
Hi Mike,

This file, created on the client side, doesn't set any session. The
session is set once on the server side via the 'session_start' php
instruction.
My guess is that the session cookie is then sent back to the client.

Thanks anyway, this may be a solution : force the session id before
reaching the server.

But if I could avoid this (and it worked), I'd be glad :)

Jul 17 '05 #5

P: n/a
LucasGT wrote:
Hi Lucas,
<META HTTP-EQUIV=Refresh
CONTENT="0;url=http:/my.url.com/?params=zdazdazda">
That is a strange URL, but if it works, fine. :-)


Actually, the true URL is more bizarre than this one, but if it works,
fine :-D
If you go to the side, does the same popup also make the session

disappear?

I'm afreaid I don't understant what you mean by " If you go to the side
" ?


You don't understand because I make a typo.
Sorry. :-)
I ment SITE as in website.

My question to you was: If you visit the http:/my.url.com/?params=zdazdazda
straight without the redirection, and the popup comes up, is your session
lost too?
Because if that is the case: The popup alone is responsible for the
sessionloss.

in fact, I don't own the code but have access to it, and I'm able to do
a lot of change in it
I'll try to see if / how the pop-up can delete the session (cookie) on
the client side. I'm quite sure it ain't a javascript thing, but what I
didn't tell you is that the popup is a pdf.

Another thing : if I copy/paste the _strange_ URL directly in a browser
window, no problemo. The session's never lost.
excactly. That is what I wanted you to test. :-)
Hmm...

Honestly I am baffled.
This must be something very obscure.

Thank you for your advices. I'll inform you of my progress.


Please do: I am very curious what it turns out to be.

Regards,
Erwin Moller

PS: A tip.
I had a lot of help using a developerplugin for firefox to solve
session/cookie related problems.
Look for: Web Developer 0.9.3 "Adds a menu and a toolbar with various web
developer tools"

for example: Maybe you are using session_start(), but you do not use it on
every page. With this tool you can easily compare what changes in the
cookies and what is send. Look for PHPSESSIONID, or whatever you called it
in you php.ini.
Jul 17 '05 #6

This discussion thread is closed

Replies have been disabled for this discussion.