473,324 Members | 2,002 Online
Bytes | Software Development & Data Engineering Community
Post Job

Home Posts Topics Members FAQ

Join Bytes to post your question to a community of 473,324 software developers and data experts.

PHP Session Issue

I have developed an (PHP)application which has been tested on different development servers.

So when I login to the app and navigate to a specific page just after loggin-in, the app logs-out and I have to re-enter the user credentials. But after loggin-in again, it works fine(and doesn't shows the log-in screen until we log-out). I wonder why it works in such an unpredictable way.!!

I have used session for security reasons and am quite eager to know if this is something to do with cache.

I am using the below code on almost all the pages of the app.(so that the user just can't enter the URL of the page and start accessing the application)

Expand|Select|Wrap|Line Numbers
  1. session_start();
  2.  
  3.     header("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
  4.     header("Cache-Control: no-store, no-cache, must-revalidate");
  5.     header("Cache-Control: post-check=0, pre-check=0", false);
  6.     header("Pragma: no-cache");
  7.  
  8. /*
  9. The app matches the current session-ID with the session ID which previous page has sent and if it doesn't matches, LOG-Out.
  10. */
  11.  
  12. try {
  13.      if(($_GET['session'])==(session_id())){    
  14. //                   do nothing
  15.  }else{
  16.         echo '<script type="text/javascript">parent.location="../index.php";</script>';
  17. }
  18.  }catch(Exception $e){
  19.         echo '<script type="text/javascript">parent.location="../index.php";</script>';
  20. }
I strongly feel that if the app performs well on one server then it shud work perfectly fine on the other system.

I, however have no idea of the php.ini file on the server which throws this issue of loggin-out. but I can certainly find out the details if it is something to do with php.ini file.

If there's any modification I need to do in the cache setting, lemme know.


Any help/suggestion would be appreciated.
Virendra Maloo.
Dec 22 '09 #1
7 2390
Dormilich
8,658 Expert Mod 8TB
it’s a little difficult without knowing the session parameters…
Expand|Select|Wrap|Line Numbers
  1. if(($_GET['session'])==(session_id())){
that’s a rather strange test. to work, it requires the session variable to be manipulated. check the following:
- session_name() (checks, if the session parameter is named "session")
- ini_get("session.use_trans_sid") (checks if the session id is written in the url)
- ini_get("session.use_cookies") (dito, only for cookies)
- ini_get("session.use_only_cookies") (checks, if the session is not written in the URL))

and I doubt that session_id() can throw an Exception, thus I’d omit the try…catch for this session check.
Dec 22 '09 #2
Thanks for that quick reply.

session_name() (checks, if the session parameter is named "session")

=> When I redirect my app to a certain page using link, what I do is :
Page1.php?session=<?php echo session_id(); ?>

and the code which I had sent in the original thread is pasted on page1.php, which checks if the current session is equal to the session rec.

Do you still think that this is caused by session para?(If this was the case then y does it work perfectly from second log-in)....Isn't this cache related error?
Dec 22 '09 #3
Dormilich
8,658 Expert Mod 8TB
can’t really tell, but you have a rather clumsy session system. usually you leave the session handling completely to PHP, i.e. you set some session options (like those mentioned above) and PHP and the browser handle the session for you. all that’s left is using the $_SESSION array.

to check, if you’re logged in, normally you ceck for a ‘log-in’ parameter in the session array, something along:
Expand|Select|Wrap|Line Numbers
  1. // the isset() prevents a notice, if the key does not exist
  2. if (isset($_SESSION["login"]) and true == $_SESSION["login"])
  3.     // do something for logged-in users
  4. else
  5.     // goto login page
or
Expand|Select|Wrap|Line Numbers
  1. if (!isset($_SESSION["login"]) or false == $_SESSION["login"])
  2.     // goto login page
Dec 22 '09 #4
I had performed these tricks long ago and they worked perfectly.

But the problem still occurs!!

Is this anything to do with session cookie? If yes, how do I retain the value of session (for the first time) which the first page passes onto the other pages?

If there's anything I can do with session re-storation on cookies when the user logs-on for first time, this problem can be solved..but the problem is, I have no clue on how to set the session cookie for the vey first time.
Dec 22 '09 #5
Dormilich
8,658 Expert Mod 8TB
you don’t have to set the session cookie yourself. all you need is to make sure, the session.use_cookies parameter is set to true (or 1), which is the default setting (you can check it through phpinfo()). everything else is done by PHP.
Dec 22 '09 #6
"When I log-in for the first time and redirect the user to a certain page, the page expires and subsequent login-redirection works fine."
This is because the session-id I pass through the link is different than the session-id on the redirected page(only for the first time access!!!).
(I checked it by echo-ing it on screen)
Dec 23 '09 #7
Was browsing randomly in php forums and landed here!
Although very late in coming back, but this issue got resolved and the app has been working fine for the last 6 years now :)
Apr 20 '15 #8

Sign in to post your reply or Sign up for a free account.

Similar topics

27
by: mrbog | last post by:
Tell me if my assertion is wrong here: The only way to prevent session hijacking is to NEVER store authentication information (such as name/password) in the session. Well, to never authenticate...
3
by: headware | last post by:
I have an issue that I've been encountering in an ASP application I'm working on. Most of the application is written in ASP, but there is one page written in ASP.NET. The ASP.NET page needs to have...
5
by: Mark Rodrigues | last post by:
Hi Everyone, I have been fighting a problem for a while and I wonder if someone out there can help. This problem has been presented in a number of news postings previously but I am yet to see a...
5
by: ASP.Confused | last post by:
As you can tell from my previous posts on this issue...I'm really confused :-/ I have a few ASP.NET web applications on my web host's "https" server. Our web host has a single "bin" folder for...
5
by: fbwhite | last post by:
I know this issue has been brought up many times, but I have tried many of the solutions to no avail. I wanted to give my specific case to see if someone could be of any help. We are using the...
10
by: Li Pang | last post by:
Hi, I created a html page from which I give a link to another web site. The new site is opened in a new window. When I opened multiple windows, they all have the same SessionID. I want ot know...
9
by: cashdeskmac | last post by:
I have put a string into Session and tried to retrieve it on the next page I visit but the Session appears empty. I have exactly the same spelling for both adding and retrieving the value: ...
18
by: BillE | last post by:
When a user opens a new IE browser window using File-New-Window the integrity of an application which relies on session state is COMPLETELY undermined. Anyone who overlooks the fact that...
11
by: Joseph Geretz | last post by:
I've been looking at two approaches for the maintenance of Session state for a Web Service application. One approach uses the old familiar Session object which I've used in the past for Web...
7
by: Microsoft Newsserver | last post by:
Hi Folks. I have an issue I need some help with if thats OK. I am running Framework 2.0 using Windows Integrated Security. For most of the application we manage session timeouts without the...
0
by: DolphinDB | last post by:
Tired of spending countless mintues downsampling your data? Look no further! In this article, you’ll learn how to efficiently downsample 6.48 billion high-frequency records to 61 million...
0
isladogs
by: isladogs | last post by:
The next Access Europe meeting will be on Wednesday 6 Mar 2024 starting at 18:00 UK time (6PM UTC) and finishing at about 19:15 (7.15PM). In this month's session, we are pleased to welcome back...
0
by: Vimpel783 | last post by:
Hello! Guys, I found this code on the Internet, but I need to modify it a little. It works well, the problem is this: Data is sent from only one cell, in this case B5, but it is necessary that data...
0
by: jfyes | last post by:
As a hardware engineer, after seeing that CEIWEI recently released a new tool for Modbus RTU Over TCP/UDP filtering and monitoring, I actively went to its official website to take a look. It turned...
0
by: ArrayDB | last post by:
The error message I've encountered is; ERROR:root:Error generating model response: exception: access violation writing 0x0000000000005140, which seems to be indicative of an access violation...
1
by: PapaRatzi | last post by:
Hello, I am teaching myself MS Access forms design and Visual Basic. I've created a table to capture a list of Top 30 singles and forms to capture new entries. The final step is a form (unbound)...
1
by: Defcon1945 | last post by:
I'm trying to learn Python using Pycharm but import shutil doesn't work
1
by: Shællîpôpï 09 | last post by:
If u are using a keypad phone, how do u turn on JavaScript, to access features like WhatsApp, Facebook, Instagram....
0
by: Faith0G | last post by:
I am starting a new it consulting business and it's been a while since I setup a new website. Is wordpress still the best web based software for hosting a 5 page website? The webpages will be...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.