Re: [PHP] PHP session variables
On Aug 15, 2012, at 4:42 PM, Andrew Ballard aball...@gmail.com wrote:
On Wed, Aug 15, 2012 at 3:24 PM, Tedd Sperling t...@sperling.com wrote:
The php manual ( http://us3.php.net/manual/en/function.session-start.php )
First Note states that session_start() must be called *before* anything sent
to the Browser.
So, to rewrite your code --
for($i=1; $i 1000; $i++)
{
if (!defined('SID'))
{
session_start();
echo __LINE__, '::session_start()br';
}
}
-- should work better, right?
Cheers,
tedd
-snip-
However, due to the nature of your test page you are still
sending output from the first loop before you call session_start() in
the second loop.
Duh!
Too many brain surgeons working on this brain!
In the real world neither of us would have made those mistakes.
It is only when we try to make things simple do we over complicate.
Cheers,
tedd
_
t...@sperling.com
http://sperling.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP session variables
On Aug 15, 2012, at 4:13 PM, Robert Cummings rob...@interjinn.com wrote: I only pointed it out because I used to do exactly the same thing :) Cheers, Rob. Thanks, I was starting to feel pretty dumb. Cheers, tedd _ t...@sperling.com http://sperling.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP session variables
On Aug 14, 2012 1:36 AM, tamouse mailing lists tamouse.li...@gmail.com wrote: On Aug 13, 2012 8:01 AM, Robert Cummings rob...@interjinn.com wrote: On 12-08-10 04:42 PM, Tedd Sperling wrote: On Aug 10, 2012, at 1:21 PM, Ege Sertçetin sertce...@itu.edu.tr wrote: Hi. My question will maybe out of topic, I'm sorry. How can you know that one way will be much slower than other one? I mean, how can I learn which function is faster before I test it? Ege: No your question is on topic. This question should be asked on the list, so I'll present Q:A instead of answering privately http://www.webbytedd.com/b/timed1/ The code is there -- if you have questions, please post them to the list. Ted, Please see the current signature for microtime(): mixed microtime ([ bool $get_as_float = false ] ) The optional paramter was added in PHP 5.0.0. I think it's safe to update your habits :) Cheers, Rob. -- E-Mail Disclaimer: Information contained in this message and any attached documents is considered confidential and legally protected. This message is intended solely for the addressee(s). Disclosure, copying, and distribution are prohibited unless authorized. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php What are the timing values if you do something besides session start with no close? Just to clarify, since at least 4.3.x subsequent calls session_start raise an E_NOTICE and are ignored, so you're first call is generating almost all the time.
Re: [PHP] PHP session variables
On Fri, Aug 10, 2012 at 11:56 AM, Tedd Sperling t...@sperling.com wrote:
On Aug 10, 2012, at 11:45 AM, Tedd Sperling t...@sperling.com wrote:
On Aug 9, 2012, at 5:16 PM, Jim Lucas li...@cmsws.com wrote:
You are relying on PHP's loose typing. This is a poor check.
session_id() returns a string, not boolean.
You should do this instead.
if ( session_id() === '' )
--
Jim Lucas
Thanks Jim -- you're right.
What about?
if (!defined(SID))
{
session_start();
}
Before you answer, the (!defined(SID)) is over 50 times slower than (
session_id() === '' )
Your way is better.
Cheers,
tedd
tedd,
I think this is because you passed SID to defined() as a constant
rather than a string, so the if test always returns true. When I
changed this to
if (!defined('SID'))
{
session _start();
}
it worked as expected, and I got much more similar results. I also
added a call to session_destroy() between the two tests so that each
loop initialized the session once. (In your test, the second loop
never initializes the session since it was already started by the
first loop.)
This is your code with my modifications:
?php
$starttime = microtime(true);
// whatever you want timed, you do here.
for($i=1; $i 1000; $i++)
{
if (!defined('SID'))
{
echo __LINE__, '::session_start()br';
session_start();
}
}
session_destroy();
$endtime = microtime(true);
$totaltime = $endtime - $starttime;
$totaltime = round($totaltime,5);
echo pFirst in $totaltime seconds./p;
$starttime = microtime(true);
// whatever you want timed, you do here.
for($i=1; $i 1000; $i++)
{
if (session_id() ==='')
{
echo __LINE__, '::session_start()br';
session_start();
}
}
$endtime = microtime(true);
$totaltime = $endtime - $starttime;
$totaltime = round($totaltime,5);
echo pSecond in $totaltime seconds./p;
session_destroy();
?
Andrew
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP session variables
On Aug 14, 2012, at 11:01 AM, Robert Cummings rob...@interjinn.com wrote: I'm not sure if you're making a joke, but your changes have no effect. You've merely explicitly stated the optional parameter's default value. What I had meant was to change the following: ?php $starttime = microtime(); $startarray = explode( , $starttime); $starttime = $startarray[1] + $startarray[0]; ? To the following :) ?php $starttime = microtime( true ); ? Cheers, Rob. Rob: Again thanks. Sorry, I totally missed your point. In my defense I commonly use the value returned from microtime() as a string and not as a float. The code that followed my microtime( false ); demo broke the string and recombined it into a float. So, when you said: Please see the current signature for microtime(): mixed microtime ([ bool $get_as_float = false ] ) I looked at that and said to myself, Oh, I need to define it as 'false' because I was using it as a sting. I completely overlooked your point that microtime() could return a float and thus no need to work with it as a string -- duh! The demo is fixed (I think): http://www.webbytedd.com/b/timed1/ Thanks, tedd _ t...@sperling.com http://sperling.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP session variables
Andrew:
Your points are well taken -- thanks.
However, my only concern is given this:
for($i=1; $i 1000; $i++)
{
if (!defined('SID'))
{
echo __LINE__, '::session_start()br';
session_start();
}
}
The php manual ( http://us3.php.net/manual/en/function.session-start.php )
First Note states that session_start() must be called *before* anything sent to
the Browser.
So, to rewrite your code --
for($i=1; $i 1000; $i++)
{
if (!defined('SID'))
{
session_start();
echo __LINE__, '::session_start()br';
}
}
-- should work better, right?
Cheers,
tedd
_
t...@sperling.com
http://sperling.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP session variables
On 12-08-15 03:19 PM, Tedd Sperling wrote: Rob: Again thanks. Sorry, I totally missed your point. In my defense I commonly use the value returned from microtime() as a string and not as a float. The code that followed my microtime( false ); demo broke the string and recombined it into a float. So, when you said: Please see the current signature for microtime(): mixed microtime ([ bool $get_as_float = false ] ) I looked at that and said to myself, Oh, I need to define it as 'false' because I was using it as a sting. I completely overlooked your point that microtime() could return a float and thus no need to work with it as a string -- duh! The demo is fixed (I think): http://www.webbytedd.com/b/timed1/ Thanks, tedd I only pointed it out because I used to do exactly the same thing :) Cheers, Rob. -- E-Mail Disclaimer: Information contained in this message and any attached documents is considered confidential and legally protected. This message is intended solely for the addressee(s). Disclosure, copying, and distribution are prohibited unless authorized. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP session variables
On Wed, Aug 15, 2012 at 3:24 PM, Tedd Sperling t...@sperling.com wrote:
Your points are well taken -- thanks.
I've seen a lot of people code that way, so it's easy to miss. In your
original code, that first statement was calling session_start() 1,000
times. This is because the first time through, SID is undefined so
defined(SID) was equivalent to defined('SID') and both would have
returned false. After the first session_start(), though, SID WAS
defined, but would have had some pseudo-random session identifier as
its value. As a result, the last 999 times through your loop, you were
actually scanning the defined constants to see if there was one named
something like '7cjubadsh5lkq80opemht2ea03'. Obviously, it would never
exist.
However, my only concern is given this:
for($i=1; $i 1000; $i++)
{
if (!defined('SID'))
{
echo __LINE__, '::session_start()br';
session_start();
}
}
The php manual ( http://us3.php.net/manual/en/function.session-start.php )
First Note states that session_start() must be called *before* anything sent
to the Browser.
So, to rewrite your code --
for($i=1; $i 1000; $i++)
{
if (!defined('SID'))
{
session_start();
echo __LINE__, '::session_start()br';
}
}
-- should work better, right?
Cheers,
tedd
Yes, that is more correct. I think we have output buffering enabled on
most of our servers (a lot of our legacy stuff really depends on it)
so I didn't notice any errors, but you are correct. You really don't
need the echo lines that I added in your test at all though. I just
threw it in there to be able to see when the function was being
called. However, due to the nature of your test page you are still
sending output from the first loop before you call session_start() in
the second loop. To be absolutely correct, you'd have to remove those
echo statements I added for debugging, store all of your timings in
separate variables and then output them at the end of the script.
Andrew
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP session variables
On Aug 13, 2012 8:01 AM, Robert Cummings rob...@interjinn.com wrote: On 12-08-10 04:42 PM, Tedd Sperling wrote: On Aug 10, 2012, at 1:21 PM, Ege Sertçetin sertce...@itu.edu.tr wrote: Hi. My question will maybe out of topic, I'm sorry. How can you know that one way will be much slower than other one? I mean, how can I learn which function is faster before I test it? Ege: No your question is on topic. This question should be asked on the list, so I'll present Q:A instead of answering privately http://www.webbytedd.com/b/timed1/ The code is there -- if you have questions, please post them to the list. Ted, Please see the current signature for microtime(): mixed microtime ([ bool $get_as_float = false ] ) The optional paramter was added in PHP 5.0.0. I think it's safe to update your habits :) Cheers, Rob. -- E-Mail Disclaimer: Information contained in this message and any attached documents is considered confidential and legally protected. This message is intended solely for the addressee(s). Disclosure, copying, and distribution are prohibited unless authorized. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php What are the timing values if you do something besides session start with no close?
Re: [PHP] PHP session variables
On Aug 13, 2012, at 10:59 AM, Robert Cummings rob...@interjinn.com wrote: On 12-08-10 04:42 PM, Tedd Sperling wrote: On Aug 10, 2012, at 1:21 PM, Ege Sertçetin sertce...@itu.edu.tr wrote: Hi. My question will maybe out of topic, I'm sorry. How can you know that one way will be much slower than other one? I mean, how can I learn which function is faster before I test it? Ege: No your question is on topic. This question should be asked on the list, so I'll present Q:A instead of answering privately http://www.webbytedd.com/b/timed1/ The code is there -- if you have questions, please post them to the list. Ted, Please see the current signature for microtime(): mixed microtime ([ bool $get_as_float = false ] ) The optional paramter was added in PHP 5.0.0. I think it's safe to update your habits :) Cheers, Rob. Rob: Fixed. Thanks -- my habits are always in a state of being updated -- just ask my wife. Cheers, tedd _ t...@sperling.com http://sperling.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP session variables
On 12-08-14 10:41 AM, Tedd Sperling wrote: On Aug 13, 2012, at 10:59 AM, Robert Cummings rob...@interjinn.com wrote: On 12-08-10 04:42 PM, Tedd Sperling wrote: On Aug 10, 2012, at 1:21 PM, Ege Sertçetin sertce...@itu.edu.tr wrote: Hi. My question will maybe out of topic, I'm sorry. How can you know that one way will be much slower than other one? I mean, how can I learn which function is faster before I test it? Ege: No your question is on topic. This question should be asked on the list, so I'll present Q:A instead of answering privately http://www.webbytedd.com/b/timed1/ The code is there -- if you have questions, please post them to the list. Ted, Please see the current signature for microtime(): mixed microtime ([ bool $get_as_float = false ] ) The optional paramter was added in PHP 5.0.0. I think it's safe to update your habits :) Cheers, Rob. Rob: Fixed. Thanks -- my habits are always in a state of being updated -- just ask my wife. I'm not sure if you're making a joke, but your changes have no effect. You've merely explicitly stated the optional parameter's default value. What I had meant was to change the following: ?php $starttime = microtime(); $startarray = explode( , $starttime); $starttime = $startarray[1] + $startarray[0]; ? To the following :) ?php $starttime = microtime( true ); ? Cheers, Rob. -- E-Mail Disclaimer: Information contained in this message and any attached documents is considered confidential and legally protected. This message is intended solely for the addressee(s). Disclosure, copying, and distribution are prohibited unless authorized. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP session variables
On 12-08-10 04:42 PM, Tedd Sperling wrote: On Aug 10, 2012, at 1:21 PM, Ege Sertçetin sertce...@itu.edu.tr wrote: Hi. My question will maybe out of topic, I'm sorry. How can you know that one way will be much slower than other one? I mean, how can I learn which function is faster before I test it? Ege: No your question is on topic. This question should be asked on the list, so I'll present Q:A instead of answering privately http://www.webbytedd.com/b/timed1/ The code is there -- if you have questions, please post them to the list. Ted, Please see the current signature for microtime(): mixed microtime ([ bool $get_as_float = false ] ) The optional paramter was added in PHP 5.0.0. I think it's safe to update your habits :) Cheers, Rob. -- E-Mail Disclaimer: Information contained in this message and any attached documents is considered confidential and legally protected. This message is intended solely for the addressee(s). Disclosure, copying, and distribution are prohibited unless authorized. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP session variables
Am 09.08.12 23:16, schrieb Jim Lucas: On 08/09/2012 01:45 PM, Tedd Sperling wrote: On Aug 8, 2012, at 5:41 PM, Jim Ginerjim.gi...@albanyhandball.com wrote: On 8/8/2012 11:24 AM, Ansry User 01 wrote: I am setting the _SESSION variables in one of my file, but whenever I leave the php page session variables are not accessible. Not sure what I need to do additionally other then defining _SESSION[]. Any pointer. You must make it a habit to start each script with session_start(); You should definitely not make that a habbit! Why create/open a session and send a cookie everytime script call even if you won't need it? Why access a hard disk to create/open a session file even if there is no use for it? Only call session_start() if you need it and call session_write_close() as early as possible to avoid write locks on the users session file. And up from PHP 5.4 you can use http://de2.php.net/manual/de/function.session-status.php to check a session status. -- Marco Behnke Dipl. Informatiker (FH), SAE Audio Engineer Diploma Zend Certified Engineer PHP 5.3 Tel.: 0174 / 9722336 e-Mail: ma...@behnke.biz Softwaretechnik Behnke Heinrich-Heine-Str. 7D 21218 Seevetal http://www.behnke.biz signature.asc Description: OpenPGP digital signature
Re: [PHP] PHP session variables
On Aug 10, 2012, at 1:21 PM, Ege Sertçetin sertce...@itu.edu.tr wrote: Hi. My question will maybe out of topic, I'm sorry. How can you know that one way will be much slower than other one? I mean, how can I learn which function is faster before I test it? Ege: No your question is on topic. This question should be asked on the list, so I'll present Q:A instead of answering privately http://www.webbytedd.com/b/timed1/ The code is there -- if you have questions, please post them to the list. Cheers, tedd _ t...@sperling.com http://sperling.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP session variables
On Aug 9, 2012, at 5:16 PM, Jim Lucas li...@cmsws.com wrote:
You are relying on PHP's loose typing. This is a poor check.
session_id() returns a string, not boolean.
You should do this instead.
if ( session_id() === '' )
--
Jim Lucas
Thanks Jim -- you're right.
What about?
if (!defined(SID))
{
session_start();
}
Cheers,
tedd
_
t...@sperling.com
http://sperling.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP session variables
On Aug 10, 2012, at 11:45 AM, Tedd Sperling t...@sperling.com wrote:
On Aug 9, 2012, at 5:16 PM, Jim Lucas li...@cmsws.com wrote:
You are relying on PHP's loose typing. This is a poor check.
session_id() returns a string, not boolean.
You should do this instead.
if ( session_id() === '' )
--
Jim Lucas
Thanks Jim -- you're right.
What about?
if (!defined(SID))
{
session_start();
}
Before you answer, the (!defined(SID)) is over 50 times slower than (
session_id() === '' )
Your way is better.
Cheers,
tedd
_
t...@sperling.com
http://sperling.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP session variables
On Aug 8, 2012, at 5:41 PM, Jim Giner jim.gi...@albanyhandball.com wrote:
On 8/8/2012 11:24 AM, Ansry User 01 wrote:
I am setting the _SESSION variables in one of my file, but whenever I leave
the php page session variables are not accessible. Not sure what I need to
do additionally other then defining _SESSION[].
Any pointer.
You must make it a habit to start each script with
session_start();
I like this way:
if (!session_id())
{
session_start();
}
Cheers,
tedd
_
t...@sperling.com
http://sperling.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP session variables
On 08/09/2012 01:45 PM, Tedd Sperling wrote:
On Aug 8, 2012, at 5:41 PM, Jim Ginerjim.gi...@albanyhandball.com wrote:
On 8/8/2012 11:24 AM, Ansry User 01 wrote:
I am setting the _SESSION variables in one of my file, but whenever I leave the
php page session variables are not accessible. Not sure what I need to do
additionally other then defining _SESSION[].
Any pointer.
You must make it a habit to start each script with
session_start();
I like this way:
if (!session_id())
{
session_start();
}
Cheers,
tedd
_
t...@sperling.com
http://sperling.com
You are relying on PHP's loose typing. This is a poor check.
session_id() returns a string, not boolean.
You should do this instead.
if ( session_id() === '' )
--
Jim Lucas
http://www.cmsws.com/
http://www.cmsws.com/examples/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP session variables
On Wed, Aug 8, 2012 at 11:24 AM, Ansry User 01 yrsna.res...@gmail.com wrote: I am setting the _SESSION variables in one of my file, but whenever I leave the php page session variables are not accessible. Not sure what I need to do additionally other then defining _SESSION[]. Any pointer. If you're not telling PHP (in php.ini) to auto-start the session, then you'll need session_start() before accessing $_SESSION. If you're certain the session is being properly instantiated in the code, make sure that the user as which the web server (Apache, et al) is running has permission and available disk space to access the session storage media (file system such as /tmp, database table, et cetera). -- /Daniel P. Brown Network Infrastructure Manager http://www.php.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP session variables
On Wed, Aug 8, 2012 at 8:24 AM, Ansry User 01 yrsna.res...@gmail.comwrote: I am setting the _SESSION variables in one of my file, but whenever I leave the php page session variables are not accessible. As always, post some code demonstrating what you're doing. Help us help you! :) David
RE: [PHP] PHP session variables
-Original Message- From: David Harkness [mailto:davi...@highgearmedia.com] Sent: Wednesday, August 08, 2012 11:53 AM To: Ansry User 01 Cc: php-general@lists.php.net Subject: Re: [PHP] PHP session variables On Wed, Aug 8, 2012 at 8:24 AM, Ansry User 01 yrsna.res...@gmail.comwrote: I am setting the _SESSION variables in one of my file, but whenever I leave the php page session variables are not accessible. As always, post some code demonstrating what you're doing. Help us help you! :) David You have to set session_start also on the page where you are trying to retrieve the session variables. Jen -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] PHP Session Variables Not Being Set For Certain Browsers
-Original Message-
From: Andy Higgins [mailto:[EMAIL PROTECTED]
Sent: Saturday, December 27, 2003 6:04 AM
To: [EMAIL PROTECTED]
Subject: [PHP] PHP Session Variables Not Being Set For Certain Browsers
Hello All,
I have been racking my head over a problem where a large percentage of users
are unable to log into my php site due to what seems to be a problem with
setting php session variables on certain end user browsers (certain versions
of AOL seem to be particularly problematic). Below are some snippets of code
that are used to do the authentication/ login.
Has anyone encountered the same problem and if so do you have a solution?
The only solution I can think of is to pass the session using PHPSESSION in
the URL however I would like to avoid this if at all possible as it involves
a major re-write of the code (as session variables are used elsewhere in the
session) and if I am not mistaken if a user accesses a non-php page then the
session is lost requiring them to log in again.
Currently the following code is used to check whether a user is logged in:
?php
$notAuthenticated = !isset($HTTP_SESSION_VARS['authenticatedUser']);
$notLoginIp = isset($HTTP_SESSION_VARS['loginIpAddress'])
($HTTP_SESSION_VARS['loginIpAddress'] != $_SERVER[REMOTE_ADDR]);
if ($notAuthenticated || $notLoginIp) {
if (!session_is_registered(targetURL))
session_register(targetURL);
$HTTP_SESSION_VARS['targetURL'] = $_SERVER[REQUEST_URI];
header(Location: /smartbid/php/Login.php);
}
?
And in Login.php after doing a check on the username and password the
following session variables are set:
session_start();
session_register(authenticatedUser);
$HTTP_SESSION_VARS['authenticatedUser'] = $userId;
session_register(loginIpAddress);
$HTTP_SESSION_VARS['loginIpAddress'] = $_SERVER[REMOTE_ADDR];
It is the setting of the above session variables in Login.php that appears
to be failing for some browsers resulting in users using these browsers
continually being redirected to the Login page when the above check to see
if they are logged in is done.
Any help that could be supplied would be greatly appreciated.
Thank you.
Regards,
Andy
-
Andy,
Not sure, but maybe AOL users on proxy and their ip address can change.
Andras Kende
http://www.kende.com
-
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Session Variables Not Being Set For Certain Browsers
Hi Andras,
Yes, good point Thank you. It could be that the IP address of the user is
changing on each HTTP request that is made, which would explain the problem
(although that does seem quite odd). Can anyone confirm whether AOL (or any
other ISPs for that matter) change a user's IP address as seen by the web
server (for eample through a proxy) within the same session?
Assuming that the above is the problem, does any one know whether by
removing the check in the authentication to see whether the user is using
the same IP address as they logged in with comprises the security of the
login i.e. will it be possible for some one to hijack the login if this
check is not there? Or does anyone have any other suggesstions for doing
authentication?
Thank you.
Regards,
Andy
Andras Kende [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
-Original Message-
From: Andy Higgins [mailto:[EMAIL PROTECTED]
Sent: Saturday, December 27, 2003 6:04 AM
To: [EMAIL PROTECTED]
Subject: [PHP] PHP Session Variables Not Being Set For Certain Browsers
Hello All,
I have been racking my head over a problem where a large percentage of
users
are unable to log into my php site due to what seems to be a problem with
setting php session variables on certain end user browsers (certain
versions
of AOL seem to be particularly problematic). Below are some snippets of
code
that are used to do the authentication/ login.
Has anyone encountered the same problem and if so do you have a solution?
The only solution I can think of is to pass the session using PHPSESSION
in
the URL however I would like to avoid this if at all possible as it
involves
a major re-write of the code (as session variables are used elsewhere in
the
session) and if I am not mistaken if a user accesses a non-php page then
the
session is lost requiring them to log in again.
Currently the following code is used to check whether a user is logged in:
?php
$notAuthenticated = !isset($HTTP_SESSION_VARS['authenticatedUser']);
$notLoginIp = isset($HTTP_SESSION_VARS['loginIpAddress'])
($HTTP_SESSION_VARS['loginIpAddress'] != $_SERVER[REMOTE_ADDR]);
if ($notAuthenticated || $notLoginIp) {
if (!session_is_registered(targetURL))
session_register(targetURL);
$HTTP_SESSION_VARS['targetURL'] = $_SERVER[REQUEST_URI];
header(Location: /smartbid/php/Login.php);
}
?
And in Login.php after doing a check on the username and password the
following session variables are set:
session_start();
session_register(authenticatedUser);
$HTTP_SESSION_VARS['authenticatedUser'] = $userId;
session_register(loginIpAddress);
$HTTP_SESSION_VARS['loginIpAddress'] = $_SERVER[REMOTE_ADDR];
It is the setting of the above session variables in Login.php that appears
to be failing for some browsers resulting in users using these browsers
continually being redirected to the Login page when the above check to see
if they are logged in is done.
Any help that could be supplied would be greatly appreciated.
Thank you.
Regards,
Andy
-
Andy,
Not sure, but maybe AOL users on proxy and their ip address can
change.
Andras Kende
http://www.kende.com
-
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Session Variables Not Being Set For Certain Browsers
On Saturday 27 December 2003 07:03 am, Andy Higgins wrote: Hello All, I have been racking my head over a problem where a large percentage of users are unable to log into my php site due to what seems to be a problem with setting php session variables on certain end user browsers (certain versions of AOL seem to be particularly problematic). Below are some snippets of code that are used to do the authentication/ login. Has anyone encountered the same problem and if so do you have a solution? The only solution I can think of is to pass the session using PHPSESSION in the URL however I would like to avoid this if at all possible as it involves a major re-write of the code (as session variables are used elsewhere in the session) and if I am not mistaken if a user accesses a non-php page then the session is lost requiring them to log in again. Im just putting the finishing touches to my code, that I had to rewrite for similar reasons as you. You're going to have to include the session id in the url for those users who do not allow cookies. Using this fact about the constant SID a) If the user's browser accepts cookies, SID will be empty b) If the user's browser does not accept cookies, SID will be PHPSESSID=xxx So what I did, was append the constant SID to all urls/forms and php header() (for redirection) functions that point to the site that is serving the content (dont append SID to urls going to other sites). So the final results will be a) If the user's browser accepts cookies, urls/forms/php header() will be normal b) If the user's browser does not accept cookies, the session id is appended to urls/forms/php header() OR you can take the easy way out, and turn on transparent ids with - http://us2.php.net/manual/en/ install.configure.php#install.configure.enable-trans-sid -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Session Variables Not Being Set For Certain Browsers
Hi Gerard, Thank you very much for the response. Please can you clarify the following: 1. At the time of login will the login code need to check if the clients browser accepts cookies and if not then append the SID as described? If so, do you perhaps have a sample piece of code that does this? 2. Am I correct in understanding that if the client has logged in (with no cookies enabled i.e. the SID needs to be passed) and the site contains other static pages (that cannot pass the SID) that if the client browses any of these static pages and then returns to a page that required the client to be logged that they will have to log in again? 3. For forms, where the SID need to be passed, do you pass this as a hidden form variable or do you do it on the URL? You help is greatly appreciated. Thanks again. Regards, Andy Gerard Samuel [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] On Saturday 27 December 2003 07:03 am, Andy Higgins wrote: Hello All, I have been racking my head over a problem where a large percentage of users are unable to log into my php site due to what seems to be a problem with setting php session variables on certain end user browsers (certain versions of AOL seem to be particularly problematic). Below are some snippets of code that are used to do the authentication/ login. Has anyone encountered the same problem and if so do you have a solution? The only solution I can think of is to pass the session using PHPSESSION in the URL however I would like to avoid this if at all possible as it involves a major re-write of the code (as session variables are used elsewhere in the session) and if I am not mistaken if a user accesses a non-php page then the session is lost requiring them to log in again. Im just putting the finishing touches to my code, that I had to rewrite for similar reasons as you. You're going to have to include the session id in the url for those users who do not allow cookies. Using this fact about the constant SID a) If the user's browser accepts cookies, SID will be empty b) If the user's browser does not accept cookies, SID will be PHPSESSID=xxx So what I did, was append the constant SID to all urls/forms and php header() (for redirection) functions that point to the site that is serving the content (dont append SID to urls going to other sites). So the final results will be a) If the user's browser accepts cookies, urls/forms/php header() will be normal b) If the user's browser does not accept cookies, the session id is appended to urls/forms/php header() OR you can take the easy way out, and turn on transparent ids with - http://us2.php.net/manual/en/ install.configure.php#install.configure.enable-trans-sid -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] PHP Session Variables Not Being Set For Certain Browsers
-Original Message- From: Andy Higgins [mailto:[EMAIL PROTECTED] Can anyone confirm whether AOL (or any other ISPs for that matter) change a user's IP address as seen by the web server (for eample through a proxy) within the same session? It's been pointed out and confirmed many, many times here. An IP is not useful for authentication in the general case (you may have a specific case on an intranet, but major players like AOL put everything through load balancing proxies that change from request to request). -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Session Variables Not Being Set For Certain Browsers
Hi Mark, Thank you for confirming that for me. I am new to the list and did do a search though past messages but did not find this point (obvioulsy I did not look hard enough). Thanks again. Regards, Andy Mark Charette [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] -Original Message- From: Andy Higgins [mailto:[EMAIL PROTECTED] Can anyone confirm whether AOL (or any other ISPs for that matter) change a user's IP address as seen by the web server (for eample through a proxy) within the same session? It's been pointed out and confirmed many, many times here. An IP is not useful for authentication in the general case (you may have a specific case on an intranet, but major players like AOL put everything through load balancing proxies that change from request to request). -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Session Variables Not Being Set For Certain Browsers
On Saturday 27 December 2003 10:54 am, Andy Higgins wrote:
1. At the time of login will the login code need to check if the clients
browser accepts cookies and if not then append the SID as described? If so,
do you perhaps have a sample piece of code that does this?
No, php does this for you. Thats why I gave the explanation of the value of
SID when browsers accept, or dont accept cookies.
Sample code
?php
session_start();
if (SID === '')
{
echo 'Cookie Exists';
}
else
{
echo 'Cookie doesnt exist';
}
echo 'pa href=' . $_SERVER['PHP_SELF'] . '?' . SID . 'CLICK ME/a/p';
?
If the browser does accept cookies, on the first page load, it will report
Cookie doesn't exist because the cookie wont become available till the next
page load. After the initial page load, it will report Cookie Exists.
If the browser does not accept cookies, it will always say Cookie doesnt
exists.
2. Am I correct in understanding that if the client has logged in (with no
cookies enabled i.e. the SID needs to be passed) and the site contains
other static pages (that cannot pass the SID) that if the client browses
any of these static pages and then returns to a page that required the
client to be logged that they will have to log in again?
Yes that is correct. The session id must stay in all urls within the site.
If you are able to direct them to a static page, you should still be able to
pass the SID in the url/form/iframe/etc they click.
3. For forms, where the SID need to be passed, do you pass this as a hidden
form variable or do you do it on the URL?
I have it passing in the form's action attribute, so it stays in $_GET domain
like regular links.
echo 'form action=foo.php' . SID . ' method=post
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Session Variables Not Being Set For Certain Browsers
Hi Gerard,
Thank you for your assistance you have been of enormous help.
Regards,
Andy
Gerard Samuel [EMAIL PROTECTED] wrote in message
news:[EMAIL PROTECTED]
On Saturday 27 December 2003 10:54 am, Andy Higgins wrote:
1. At the time of login will the login code need to check if the clients
browser accepts cookies and if not then append the SID as described? If
so,
do you perhaps have a sample piece of code that does this?
No, php does this for you. Thats why I gave the explanation of the value
of
SID when browsers accept, or dont accept cookies.
Sample code
?php
session_start();
if (SID === '')
{
echo 'Cookie Exists';
}
else
{
echo 'Cookie doesnt exist';
}
echo 'pa href=' . $_SERVER['PHP_SELF'] . '?' . SID . 'CLICK
ME/a/p';
?
If the browser does accept cookies, on the first page load, it will report
Cookie doesn't exist because the cookie wont become available till the
next
page load. After the initial page load, it will report Cookie Exists.
If the browser does not accept cookies, it will always say Cookie doesnt
exists.
2. Am I correct in understanding that if the client has logged in (with
no
cookies enabled i.e. the SID needs to be passed) and the site contains
other static pages (that cannot pass the SID) that if the client browses
any of these static pages and then returns to a page that required the
client to be logged that they will have to log in again?
Yes that is correct. The session id must stay in all urls within the
site.
If you are able to direct them to a static page, you should still be able
to
pass the SID in the url/form/iframe/etc they click.
3. For forms, where the SID need to be passed, do you pass this as a
hidden
form variable or do you do it on the URL?
I have it passing in the form's action attribute, so it stays in $_GET
domain
like regular links.
echo 'form action=foo.php' . SID . ' method=post
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
