[PHP] session cookies enabled?
Hello, How does one check to see if the user's browser accepts session cookies? Best, Craig -- - Virtual Phonecards - Instant Pin by Email - - Large Selection - Great Rates- - http://speedypin.com/?aff=743co_branded=1 - -- ** ** * Craig Spencer * * [EMAIL PROTECTED]* ** ** -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] session cookies enabled?
I don't think that there is a difference between session or regular cookie acceptance. Have a look at the 1st code example here : http://www.php-code-search.com/?q=cookie%20support berber -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 08, 2007 8:31 PM To: PHP List Subject: [PHP] session cookies enabled? Hello, How does one check to see if the user's browser accepts session cookies? Best, Craig -- - Virtual Phonecards - Instant Pin by Email - - Large Selection - Great Rates- - http://speedypin.com/?aff=743co_branded=1 - -- ** ** * Craig Spencer * * [EMAIL PROTECTED]* ** ** -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session cookies enabled?
On Tue, May 8, 2007 1:31 pm, [EMAIL PROTECTED] wrote: How does one check to see if the user's browser accepts session cookies? My browser doesn't make that decision. I do. :-) Send me one and see if it comes back. If it does come back, use it as your cookie. Don't send me a second cookie. I might refuse that one. No site needs more than one cookie, really. If you've installed some forum/blog/whatever that has its own cookie, I'll take it. If you have google analytics with their goddamned 4 or 5 cookie setup, I might take those, if I think you deserve to track my usage for site tracking purposes -- which also sticks me with advertracking, but so be it. If you're sending out a bunch of cookies with names like 'username', 'user_id', 'name', 'password' (!), 'email', etc., I'm outta there, because you clearly have no clue what you are doing... As esoteric as this may also sound, the basic principles are also true for supporting the most browsers and having a good clean design. Send one cookie, see if it comes back, and if it does, tie everything to that cookie. You can also set up php.ini and use the built-in sessions with http://php.net/session_start so that PHP will take care of this for you. -- Some people have a gift link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] session cookies, domain (host:port) issues
hi
some thoughts on session cookies...
when setting the domain for the cookie, u could use
$_SERVER['HTTP_HOST'] which would be 'example.com' or
'www.example.com' i.e.
session_set_cookie_params(30*60, '/', $_SERVER['HTTP_HOST'], false);
(assuming u don't want to set it for subdomains)
if the webserver isn't running on port 80 then $_SERVER['HTTP_HOST']
is 'example.com:101'. on www.example.com:101 or sub.example.com:101,
$_SERVER['SERVER_NAME'] is 'example.com' in which case the browser
rejects it (which it's supposed to). ofcourse this could be solved by
doing something like
list ($host, $port) = split(':', $_SERVER['HTTP_HOST']);
$host is 'sub.example.com'
$port is '101'
if the 'domain' parameter in session_set_cookie_params is empty or not
specified along with the 'secure' field, it's handled properly by the
server, accepted by the browser, etc. strange that not specifying it
helps since u'd want ur script to run regardless of the server config
and as long as u can set certain parameters and control whether it
applies to subdomains or the primary domain.
set-cookie2 supports the port directive (http://www.faqs.org/rfcs/rfc2965.html)
Port[=portlist]
dunno about implementation or browser support.
it would be good if the php handled this either using set-cookie2 or
stripping it from the domain...similar behaviour to when it's not
specified.
a comment was posted about this on the setcookie page
(http://php.net/manual/en/function.setcookie.php#36202) which i think
should be added to the function docs.
anirudh
--
]#
Anirudh Dutt
pilot of the storm who leaves no trace
like thoughts inside a dream
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session cookies
Rasmus Lerdorf wrote: That's a bit misleading. The HTTP response headers are sent a soon as you output something from your script (calling header() or setcookie() doesn't count as output, so you can set all the headers and cookies you want). They're sent to Apache, but that doesn't mean anything is necessarily sent to the client, right? I guess I should have pointed out that this depends on a few things, such as whether the response is sent with: Transfer-Encoding: chunked or Content-Length: ... Common sense tells me that Apache can't provide a reliable Content-Length header until my script completes. :-) And the browsers tend to redirect right away once they get this header. I would find that very surprising. Maybe I'll experiment. If I understand you correctly, you're suggesting that a browser will request the new URL before receiving the previous response in its entirety. Even assuming a chunked transfer encoding, that seems weird. Chris -- Chris Shiflett Brain Bulb, The PHP Consultancy http://brainbulb.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session cookies
Rasmus Lerdorf wrote: That's a bit misleading. The HTTP response headers are sent a soon as you output something from your script (calling header() or setcookie() doesn't count as output, so you can set all the headers and cookies you want). They're sent to Apache, but that doesn't mean anything is necessarily sent to the client, right? I guess I should have pointed out that this depends on a few things, such as whether the response is sent with: Transfer-Encoding: chunked or Content-Length: ... Common sense tells me that Apache can't provide a reliable Content-Length header until my script completes. :-) That's true... it can't... and doesn't... at least not all the time... --- % telnet localhost 8004 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. GET /phpinfo.php HTTP/1.0 HTTP/1.1 200 OK Date: Fri, 02 Sep 2005 17:12:10 GMT Server: Apache/1.3.29 (Unix) PHP/4.3.4 X-Powered-By: PHP/4.3.4 Connection: close Content-Type: text/html (phpinfo output follows) --- -philip -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session cookies
Chris Shiflett wrote: Rasmus Lerdorf wrote: That's a bit misleading. The HTTP response headers are sent a soon as you output something from your script (calling header() or setcookie() doesn't count as output, so you can set all the headers and cookies you want). They're sent to Apache, but that doesn't mean anything is necessarily sent to the client, right? I guess I should have pointed out that this depends on a few things, such as whether the response is sent with: Transfer-Encoding: chunked or Content-Length: ... Common sense tells me that Apache can't provide a reliable Content-Length header until my script completes. :-) Which is why dynamic requests typically do not have a content-length header. Unless you explicitly turn on output buffering, the headers are sent as soon as you send your first real output. The end of the request has nothing to do with it. And the browsers tend to redirect right away once they get this header. I would find that very surprising. Maybe I'll experiment. If I understand you correctly, you're suggesting that a browser will request the new URL before receiving the previous response in its entirety. Even assuming a chunked transfer encoding, that seems weird. Consider yourself surprised then, that is how things work. -Rasmus -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session cookies
Chris Shiflett wrote: And the browsers tend to redirect right away once they get this header. I would find that very surprising. Maybe I'll experiment. I tested this with Firefox 1.0.4, Firefox 1.0.6, and Safari 1.3. None of them request the new URL before receiving the previous response in its entirety. Maybe Internet Explorer does. :-) Chris -- Chris Shiflett Brain Bulb, The PHP Consultancy http://brainbulb.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session cookies
Chris Shiflett wrote:
Chris Shiflett wrote:
And the browsers tend to redirect right away once they get this
header.
I would find that very surprising. Maybe I'll experiment.
I tested this with Firefox 1.0.4, Firefox 1.0.6, and Safari 1.3. None of
them request the new URL before receiving the previous response in its
entirety. Maybe Internet Explorer does. :-)
Then you have configured your server to always turn on output buffering
or your test script is bad.
Try this:
?php
header(Location: http://www.php.net;);
$fp = fopen(/tmp/log.txt,w);
for($i=0; $i100; $i++) {
$str = Count $i\n;
echo $str;
fputs($fp, $str);
}
?
What do you think you will see both on your screen and in /tmp/log.txt?
-Rasmus
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session cookies
Rasmus Lerdorf wrote:
Then you have configured your server to always turn on output
buffering or your test script is bad.
I don't think it's either, but I'll let you decide. I tried a new test
with your code and some slight modifications:
?php
header('Location: http://www.php.net/');
$fp = fopen('/tmp/log.txt', 'w');
for ($i = 0; $i 30; $i++)
{
$str = Count $i\n;
echo $str;
fputs($fp, $str);
sleep(1);
flush();
}
?
Basically, I'm only looping 30 times, but I'm sleeping for a second and
flushing the buffer each time. The result is a response that looks
something like this:
HTTP/1.1 302 Found
Date: Fri, 02 Sep 2005 18:12:02 GMT
Server: Apache/1.3.33 (Debian GNU/Linux)
Location: http://www.php.net/
Transfer-Encoding: chunked
Content-Type: text/html; charset=iso-8859-1
8
Count 0
8
Count 1
8
Count 2
...
9
Count 27
9
Count 28
9
Count 29
0
This result is not buffered on the server by PHP or Apache - each of
these chunks are received about one second apart, and the headers are
received barely more than one second after the request is sent (only
because I didn't flush before the first sleep):
[2005-09-02 14:12:07] [+0.004467 seconds] HTTP Server: socket_read() ...
[2005-09-02 14:12:08] [+1.131124 seconds] Headers Received
[2005-09-02 14:12:08] [+0.002197 seconds] Transfer-Encoding [chunked]
[2005-09-02 14:12:08] [+0.004580 seconds] chunk_length [8]
[2005-09-02 14:12:09] [+1.013278 seconds] chunk_length [8]
[2005-09-02 14:12:10] [+0.972697 seconds] chunk_length [8]
Of the three browsers I tested, none sent a request for
http://www.php.net/ until they had received the very last byte of the
response - the 0 indicating no more content. This happens a little more
than 30 seconds after the request is sent and a little more than 29
seconds after the HTTP response line and headers (including Location)
are received.
Chris
--
Chris Shiflett
Brain Bulb, The PHP Consultancy
http://brainbulb.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session cookies
Chris Shiflett wrote: Rasmus Lerdorf wrote: Then you have configured your server to always turn on output buffering or your test script is bad. I don't think it's either, but I'll let you decide. I tried a new test with your code and some slight modifications: Why modify my test? What did you see in log.txt from my version and on your screen? There are buffering issues on both ends here, but my original test describes shows exactly how browsers will redirect long before the end of a request. Your test rewrite simply makes sure there is less output. -Rasmus -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session cookies
Rasmus Lerdorf wrote: Why modify my test? Because it has less delay. Thus, it's more difficult to tell if the browser is requesting the new URL before or after receiving the entire response. My script is essentially the same thing, but the script takes 30 seconds to execute. It makes the distinction very clear. The addition of flush() forces the chunked response. You can remove that if your server uses chunked transfer encoding without it. What did you see in log.txt from my version and on your screen? You would see the output Count0\nCount1\n... in the log and the PHP web site in the browser. I'm not sure how that's relevant. No browser is going to render content from a 302 response, but that doesn't prove that it won't wait for it. For the browsers I've tested (including Internet Explorer now), the new request (for http://www.php.net/) is not sent until after the previous response is received in its entirety. There are buffering issues on both ends here, but my original test describes shows exactly how browsers will redirect long before the end of a request. Your script, without modifications, exhibits the same behavior. It's a bit more difficult to visualize, but I can verify it with timestamps. The request for http://www.php.net/ is not sent until after the previous response has been received in its entirety. I'd be curious to know which browser you're using that behaves differently. I'm not saying it's not possible, but it seems weird. Chris -- Chris Shiflett Brain Bulb, The PHP Consultancy http://brainbulb.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session cookies
Chris Shiflett wrote: Rasmus Lerdorf wrote: Why modify my test? Because it has less delay. Thus, it's more difficult to tell if the browser is requesting the new URL before or after receiving the entire response. My script is essentially the same thing, but the script takes 30 seconds to execute. It makes the distinction very clear. The addition of flush() forces the chunked response. You can remove that if your server uses chunked transfer encoding without it. What did you see in log.txt from my version and on your screen? You would see the output Count0\nCount1\n... in the log and the PHP web site in the browser. I'm not sure how that's relevant. No browser is going to render content from a 302 response, but that doesn't prove that it won't wait for it. Yes it does. The last number in log.txt tells you exactly when the browser stopped listening to the response and closed the socket because PHP will abort the script at that point. If what you are saying is true, how do you explain the fact that you don't see a count all the way up to 999,999 in my test in the log.txt file? I'd be curious to know which browser you're using that behaves differently. I'm not saying it's not possible, but it seems weird. I'm just using Firefox. -Rasmus -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session cookies
Rasmus Lerdorf wrote:
Chris Shiflett wrote:
Rasmus Lerdorf wrote:
Why modify my test?
Because it has less delay. Thus, it's more difficult to tell if the
browser is requesting the new URL before or after receiving the entire
response. My script is essentially the same thing, but the script takes
30 seconds to execute. It makes the distinction very clear.
The addition of flush() forces the chunked response. You can remove that
if your server uses chunked transfer encoding without it.
What did you see in log.txt from my version and on your screen?
You would see the output Count0\nCount1\n... in the log and the PHP
web site in the browser. I'm not sure how that's relevant. No browser is
going to render content from a 302 response, but that doesn't prove that
it won't wait for it.
Yes it does. The last number in log.txt tells you exactly when the
browser stopped listening to the response and closed the socket because
PHP will abort the script at that point. If what you are saying is
true, how do you explain the fact that you don't see a count all the way
up to 999,999 in my test in the log.txt file?
Also, just add a single line to your own test script and make it look
like this:
header('Location: http://www.php.net/');
$fp = fopen('/tmp/log.txt', 'w');
for ($i = 0; $i 30; $i++)
{
$str = Count $i\n;
echo str_repeat($str,1000);
fputs($fp, $str);
sleep(1);
flush();
}
Then time how long it takes for the redirect to happen. Is it still
taking 30 seconds? If not, why not?
-Rasmus
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] session cookies
Hi, Is there a way, using PHP, to determine if session cookies are enabled (or disabled) in the user's browser privacy settings? Thanks, Don
Re: [PHP] session cookies
Is there a way, using PHP, to determine if session cookies are enabled (or disabled) in the user's browser privacy settings? Set a cookie using setcookie(). Then use an HTML meta refresh (or javascript, just not Header(Location...) to redirect them to another page. On that page, see if the cookie value is set. If it is, they have cookies enabled. If it's not, they don't. -philip -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session cookies
Jasper Bryant-Greene wrote: Philip Hallstrom wrote: Then use an HTML meta refresh (or javascript, just not Header(Location...) to redirect them to another page. Why not header(Location...)? Just out of interest -- it's always worked for me, and it's a much better way to redirect users for many reasons[1] (like not breaking the back button). [1] http://www.w3.org/QA/Tips/reback Because if you just re-direct to a new location then the cookie that you have also set in the headers will not reach the client. Mikey -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session cookies
Philip Hallstrom wrote: Then use an HTML meta refresh (or javascript, just not Header(Location...) to redirect them to another page. Why not header(Location...)? Just out of interest -- it's always worked for me, and it's a much better way to redirect users for many reasons[1] (like not breaking the back button). [1] http://www.w3.org/QA/Tips/reback For some reason (and maybe it's no longer true) I've had problems setting a cookie and then doing a header(Location...). Seems some browsers wouldn't pick up the cookie. Now... when this happened (could have been as early as 98) I don't recall, but it's always stuck with me and I usually end up spitting back a little javascript to send the user wherever it is I want them to go... -philip -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session cookies
Philip Hallstrom wrote: Then use an HTML meta refresh (or javascript, just not Header(Location...) to redirect them to another page. Why not header(Location...)? Just out of interest -- it's always worked for me, and it's a much better way to redirect users for many reasons[1] (like not breaking the back button). [1] http://www.w3.org/QA/Tips/reback -- Jasper Bryant-Greene Freelance web developer http://jasper.bryant-greene.name/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session cookies
Mikey wrote: Jasper Bryant-Greene wrote: Philip Hallstrom wrote: Then use an HTML meta refresh (or javascript, just not Header(Location...) to redirect them to another page. Why not header(Location...)? Just out of interest -- it's always worked for me, and it's a much better way to redirect users for many reasons[1] (like not breaking the back button). [1] http://www.w3.org/QA/Tips/reback Because if you just re-direct to a new location then the cookie that you have also set in the headers will not reach the client. That is not true. The output to the client will look like this: HTTP/1.1 302 Found Set-Cookie: name=value;domain=whatever Location: http://my.domain.com/my.php [...] Therefore the cookie does reach the client, and unless the client is buggy it will set the cookie. In my experience most modern browsers have no problem with this, but if someone else has more experience with this than me then please correct me. -- Jasper Bryant-Greene Freelance web developer http://jasper.bryant-greene.name/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session cookies
Hi there! Try using ob_start() and then set sessions, and then user HEADER... http://se.php.net/manual/sv/function.ob-start.php /G @varupiraten.se - Original Message - From: Philip Hallstrom [EMAIL PROTECTED] To: Jasper Bryant-Greene [EMAIL PROTECTED] Cc: php list php-general@lists.php.net Sent: Thursday, September 01, 2005 10:43 PM Subject: Re: [PHP] session cookies Philip Hallstrom wrote: Then use an HTML meta refresh (or javascript, just not Header(Location...) to redirect them to another page. Why not header(Location...)? Just out of interest -- it's always worked for me, and it's a much better way to redirect users for many reasons[1] (like not breaking the back button). [1] http://www.w3.org/QA/Tips/reback For some reason (and maybe it's no longer true) I've had problems setting a cookie and then doing a header(Location...). Seems some browsers wouldn't pick up the cookie. Now... when this happened (could have been as early as 98) I don't recall, but it's always stuck with me and I usually end up spitting back a little javascript to send the user wherever it is I want them to go... -philip -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session cookies
Philip Hallstrom wrote: Is there a way, using PHP, to determine if session cookies are enabled (or disabled) in the user's browser privacy settings? Set a cookie using setcookie(). Then use an HTML meta refresh (or javascript, just not Header(Location...) to redirect them to another page. Why not? I much prefer real headers to the http-equiv stuff in meta tags. After all, that is just a way to let you mimic real headers. Chris -- Chris Shiflett Brain Bulb, The PHP Consultancy http://brainbulb.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session cookies
Jasper Bryant-Greene wrote:
That is not true. The output to the client will look like this:
HTTP/1.1 302 Found
Set-Cookie: name=value;domain=whatever
Location: http://my.domain.com/my.php
[...]
Very nice explanation. :-)
It is a common misconception that header('Location: ...') redirects the
client as soon as that statement is executed. The Location header is
only special in the sense that PHP also modifies the response status
code (to 302). Aside from that, it's just a regular header, and the
browser can't possible take any action on it before it receives the HTTP
response (which isn't sent until your PHP script completes). This is
similar to how a browser can't predict when you're going to set a
cookie. :-)
Just to counter my own explanation (what the heck), I do recall older
versions of IE mishandling (surprise) an HTTP response such as what
Jasper illustrated. They would request the new URL but fail to set the
cookie as requested. It was a browser bug, and I think this bug is the
source of all the confusion.
Chris
--
Chris Shiflett
Brain Bulb, The PHP Consultancy
http://brainbulb.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session cookies
Chris Shiflett wrote:
Jasper Bryant-Greene wrote:
That is not true. The output to the client will look like this:
HTTP/1.1 302 Found
Set-Cookie: name=value;domain=whatever
Location: http://my.domain.com/my.php
[...]
Very nice explanation. :-)
It is a common misconception that header('Location: ...') redirects the
client as soon as that statement is executed. The Location header is
only special in the sense that PHP also modifies the response status
code (to 302). Aside from that, it's just a regular header, and the
browser can't possible take any action on it before it receives the HTTP
response (which isn't sent until your PHP script completes).
That's a bit misleading. The HTTP response headers are sent a soon as
you output something from your script (calling header() or setcookie()
doesn't count as output, so you can set all the headers and cookies you
want). It doesn't wait for the end of the request unless you are
buffering everything. And the browsers tend to redirect right away once
they get this header. Whether or not your script runs to completion
once the browser is gone is controlled by your 'ignore_user_abort'
setting. See chapter 40 - Connection Handling in the manual for a full
explanation of that.
-Rasmus
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session cookies in firefox
On Tue, May 10, 2005 7:04 pm, Kirsten said: I'm using php sessions with cookies. I realized that Firefox shared cookies between different instances (unlike IE that when someone open a new bank window a new session is created). That's because IE stupidly creates a whole new program/process on each. Has anyone found a solution to this problem? Maybe detecting the new instance and generating a new session id. Here's a solution: It's not a problem. It's the way it's SUPPOSED to be. :-) It's actually a BETTER browser because of that. That said, if you REALLY want to be certain that I don't run two windows accessing your site (why you care, I dunno) you could try sending out a token with each HTTP response, embed that token in each URL/FORM/etc and then check what comes back against what you expected. Maybe it's just me, but it sounds to me like you just want all your users to use IE as if that's the only way a browser can/should work... That's not a Good Idea, imho. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session cookies in firefox
On Wednesday 11 May 2005 05:04, Kirsten wrote: I'm using php sessions with cookies. I realized that Firefox shared cookies between different instances (unlike IE that when someone open a new bank window a new session is created). Has anyone found a solution to this problem? Maybe detecting the new instance and generating a new session id. Solution 1: Check the referer to your page and consider a new window all requests whose referer is from your domain (or your site, or your site + URI, etc. - it's up to you to figure out the exact criteria). Solution 2: Patch the Firefox browser since it's OSS :-) Thanks! -- Cyberly yours, Petar Nedyalkov Devoted Orbitel Fan :-) PGP ID: 7AE45436 PGP Public Key: http://bu.orbitel.bg/pgp/bu.asc PGP Fingerprint: 7923 8D52 B145 02E8 6F63 8BDA 2D3F 7C0B 7AE4 5436 pgpmE1f9KIK8T.pgp Description: PGP signature
Re: [PHP] Session cookies in firefox
Here's a solution: It's not a problem. It's the way it's SUPPOSED to be. :-) It's actually a BETTER browser because of that. I found dozens of firefox related sites that say that this is one of the good things IE has (like showModalDialog). Maybe it's just me, but it sounds to me like you just want all your users to use IE as if that's the only way a browser can/should work... That's not a Good Idea, imho. Exactly the opposite. My site actually is designed for IE only because 99% of the users that access it use IE 5.5+ (according to apache's statistics). Because I DO like Firefox I'm redesigning it, solving any incompatibilities like session handling. Why to have multiple sessions cookies? For example when an user wants to check multiple webmail accounts in the same moment. Kirsten -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session cookies in firefox
On Wednesday 11 May 2005 13:26, Richard Lynch wrote: On Tue, May 10, 2005 7:04 pm, Kirsten said: I'm using php sessions with cookies. I realized that Firefox shared cookies between different instances (unlike IE that when someone open a new bank window a new session is created). That's because IE stupidly creates a whole new program/process on each. That behaviour is (or maybe was, don't have IE around to test) user configurable. So if the OP is relying on that feature then their website is bound to break for some users. -- Jason Wong - Gremlins Associates - www.gremlins.biz Open Source Software Systems Integrators * Web Design Hosting * Internet Intranet Applications Development * -- Search the list archives before you post http://marc.theaimsgroup.com/?l=php-general -- New Year Resolution: Ignore top posted posts -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Session cookies in firefox
I'm using php sessions with cookies. I realized that Firefox shared cookies between different instances (unlike IE that when someone open a new bank window a new session is created). Has anyone found a solution to this problem? Maybe detecting the new instance and generating a new session id. Thanks! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Session cookies in firefox
I'm using php sessions with cookies. I realized that Firefox shared cookies between different instances (unlike IE that when someone open a new bank window a new session is created). Has anyone found a solution to this problem? Maybe detecting the new instance and generating a new session id. Thanks! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Session cookies
Hi, When the user logs in , i create a session with session varialbles, the session cookie is saved on clients computer. When i log off i say session_unset(); session_destroy(); setcookie(session_name()); The session in the tmp is deleted , but the cookie is still there , i know this because when i login , the same session id is used ! Why is that ? The session id changes when you close the browser , as the default is 0. Thanks Shaun -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] session cookies
OK guys... here's my question - I'm using 4.2.3 and apache 1.3.26, and I've got sessions setup. however, it seems to be using an SID attached to the URL, and I want to force it to use a cookie that points to a transparent SID on my system. I've got the following options in my php.ini, but the system doesn't seem to ever use a cookie, and the sessions don't die. (that's my biggest concern is that the user has to login to the system EVERY time he visits the site.) session.use_cookies = 1 session.use_only_cookies = 1 session.use_trans_sid = 1 -- Thanks, Jeff Bluemel -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session cookies
Jeff Bluemel wrote: I want to force it to use a cookie that points to a transparent SID on my system. Can you elaborate on this? I have no idea what you mean. I've got the following options in my php.ini, but the system doesn't seem to ever use a cookie, and the sessions don't die. (that's my biggest concern is that the user has to login to the system EVERY time he visits the site.) session.use_cookies = 1 session.use_only_cookies = 1 session.use_trans_sid = 1 With use_trans_sid set, PHP is going to append the session ID to the URL of links, etc., on: 1) The client's first visit, determined by the fact that the client sent no session ID 2) Any other visit where the client sent a session ID on the URL but not in a cookie It sounds to me like either you're only noticing the first case there, or your browser is not supplying the cookie on subsequent requests. Maybe this bit of information will help you. Happy hacking. Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session cookies
I also just noticed that you have session.use_only_cookies = 1, so unless you get the session ID back in a cookie, the session will restart. Chris Shiflett wrote: I've got the following options in my php.ini, but the system doesn't seem to ever use a cookie, and the sessions don't die. (that's my biggest concern is that the user has to login to the system EVERY time he visits the site.) session.use_cookies = 1 session.use_only_cookies = 1 session.use_trans_sid = 1 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session cookies
Jeff Bluemel wrote: I want to force it to use a cookie that points to a transparent SID on my system. Can you elaborate on this? I have no idea what you mean. for some reason when I was reading the documentation on sessions on php.net I thought it stated that it was possible to have a cookie point at a transaprent ID. I guess one of my biggest concerns is security. I don't want somebody to be able to open a session with an ID, and I want them to login everytime. this all happens behind ssl too. I check my browser cookies, and I never see a cookieis, and my pages always pass a session ID number with them. what is the best, secure way, to have sessions ID's that the browser never see's? I've got the following options in my php.ini, but the system doesn't seem to ever use a cookie, and the sessions don't die. (that's my biggest concern is that the user has to login to the system EVERY time he visits the site.) session.use_cookies = 1 session.use_only_cookies = 1 session.use_trans_sid = 1 With use_trans_sid set, PHP is going to append the session ID to the URL of links, etc., on: 1) The client's first visit, determined by the fact that the client sent no session ID 2) Any other visit where the client sent a session ID on the URL but not in a cookie I set session.use_trans_sid = 0, but I still see the SID in the URL passing from session to session. It sounds to me like either you're only noticing the first case there, or your browser is not supplying the cookie on subsequent requests. Maybe this bit of information will help you. Happy hacking. Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] session/cookies
Start by adding a session_start() to the 2nd file, then see what happens. Kirk Hi again, I am doing a simple example of cookies and my server seems to get frozen. Basically, what I do is: file01.php: ? session_start(); seession_register(sess_var); sess_var = Hello; ? file02.php ? echo $sess_var; session_unregister(sess_var); ? What ends up happening when I go to the second file is the server just opens the file forever never showing the content, and ends up giving me an error message. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] session/cookies
Hi again, I am doing a simple example of cookies and my server seems to get frozen Basically, what I do is: file01php: ? session_start(); seession_register(sess_var); sess_var = Hello; ? file02php ? echo $sess_var; session_unregister(sess_var); ? What ends up happening when I go to the second file is the server just opens the file forever never showing the content, and ends up giving me an error message Can anyone suggest what I do wrong? Thanks, Vlad -- PHP General Mailing List (http://wwwphpnet/) To unsubscribe, visit: http://wwwphpnet/unsubphp
[PHP] session cookies not destroyed
Hi all, I was wondering if anyone has had any problems with sessions and IE 5.0 (mac). As I (limitedly) understand it, the session cookie (kept by IE) should be destroyed when I quit IE. It should, therefor, not be there when I restart IE. HOWEVER.. I seem to get very unpredictable behaviour in that sometimes the cookie is destroyed and sometimes it isn't. The only constant seems to be that if I close IE, then restart the computer, the cookie is always gone. But if i don't restart the computer, the cookie is sometimes destroyed and sometimes not. Has anyone experienced this problem. even better, does anyone know how to solve this problem. :) Thanks in advanced, Brad -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Session, cookies not allowed, ssl
Hello everybody,
I am fairly new to php and have the following problem:
I wrote an application that uses sessionhandling. I will enclose parts
of the code below.
It runs fine under Netscape 4.74, or Explorer 5 and also under other
Browsers.
Problems arise under Netscape 4.6 when cookies are not allowed.
When I ask for the startpage, only one of three parts of a frame
appears, and disappears again,
and another part of the frame is briefly displayed and disappears again.
It keeps flickering and doesnt stop.
I have also seen a browser where it was flickering a few seconds but
then finally the
page was properly displayed. I thought that was because PHP seems to set
cookies, but if that doesnt
work it uses its own sessionmanagement.
Something seems to go wrong in our case.
My boss thinks our problem has something to do with cookies,
as it runs fine as long as cookies are enabled. It also runs fine if we
order it via https (SSL).
Do you have any clue what could go wrong and how I could try to fix
it???
Why does it work with SSL?
I hope I have been precisely enough in describing my problem. I tried as
hard as I could ;-)
If not please ask for more information.
Thank you very much for your help!
Here is part of the code:
The following function is called on top of every page that I wrote by
?php
top_of_page(getenv("SCRIPT_FILENAME"));
?
HTML and the rest of html and php-Code.
function top_of_page($page_name, $db_persistent_connection = true,
$redirect = true)
{
/*
Error reporting
*/
error_reporting(255);
global $db, $sess_rolle, $sess_ben_id, $QUERY_STRING;
/*
QUERY_STRING
*/
build_query_string();
/*
free $page_name from path
*/
$page_name = basename($page_name);
/*
Headers to prevent page from being cached
*/
header ("Expires: Mon, 26 Jul 1997 05:00:00 GMT");// Date in the
past
header ("Last-Modified: " . gmdate("D, d M Y H:i:s") . " GMT");
// always modified
header ("Cache-Control: no-cache, must-revalidate"); //
HTTP/1.1
header ("Pragma: no-cache"); // HTTP/1.0
/*
Set PHP Options
*/
ignore_user_abort(TRUE);
/*
Open Handle to DB (PostgreSQL)
*/
if ($db_persistent_connection)
{ @$db=pg_pconnect("dbname=license port=5432 user=postgres
password=a73hui09w"); }
else
{ @$db=pg_connect("dbname=license port=5432 user=postgres
password=a73hui09w"); }
if (!$db)
{
/*
redirect client to error page
if connect was not successful
*/
header("Location: ../error/db_err.html");
return TRUE;
}
/*
Start Session
ALERT! If browser rejects all cookies,
the server only returns empty documents.
*/
@session_start();
if (!session_is_registered("sess_rolle"))
{
/*
New session! goto index page!
*/
$sess_rolle=-1;
session_register("sess_rolle");
$sess_ben_id=-1;
session_register("sess_ben_id");
$sess_message="";
session_register("sess_message");
writeLog("utils.inc.php", "session started", true);
if ($page_name!="index.php" and $redirect)
{
header("Location: index.php?" . SID);
exit;
}
}
--
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, e-mail: [EMAIL PROTECTED]
For additional commands, e-mail: [EMAIL PROTECTED]
To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Session cookies appearing where there is no session
This must sound pretty far-fetched, but as far as I can tell, my site is attempting to set a session cookie from any and all PHP pages, even when the page has no calls to session_* functions and where there were also no previous visits to pages with such calls. Where is the setting that is initializing these unneccessary sessions and sending the cookies? I looked for something in php.ini or phpinfo() to explain it, but came up empty. Below are excerpts from a phpinfo() dump. I wondered about that "session.use_trans_sid", but there's no reference to it in my php.ini file (yes, I checked that phpinfo says I'm looking at the correct one) and I also cannot find anything about it in the PHP.net online docs. What does that setting do, and where is it configured? TIA begin excerpts from phpinfo() Directive Local Value Master Value assert.active 1 1 assert.bail 0 0 assert.callback no value no value assert.quiet_eval 0 0 assert.warning 1 1 safe_mode_allowed_env_vars PHP_ PHP_ safe_mode_protected_env_vars LD_LIBRARY_PATH LD_LIBRARY_PATH session.use_trans_sid 1 1 session Session Support enabled Directive Local Value Master Value session.auto_start On On session.cache_expire 60 60 session.cache_limiter nocache nocache session.cookie_domain no value no value session.cookie_lifetime 0 0 session.cookie_path / / session.entropy_file no value no value session.entropy_length 0 0 session.gc_maxlifetime 1800 1800 session.gc_probability 1 1 session.name SID SID session.referer_check no value no value session.save_handler files files session.save_path /tmp /tmp session.serialize_handler php php session.use_cookies On On snip HTTP Response Headers Set-Cookie SID=0c6a1e4a46c8d9d840ac865d4a9d8e6f; path=/ Expires Thu, 19 Nov 1981 08:52:00 GMT Cache-Control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma no-cache snip -- CC -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
