Re: [PHP] session cookies enabled?
On Tue, May 8, 2007 1:31 pm, [EMAIL PROTECTED] wrote: > How does one check to see if the user's browser accepts > session cookies? My browser doesn't make that decision. I do. :-) Send me one and see if it comes back. If it does come back, use it as your cookie. Don't send me a second cookie. I might refuse that one. No site needs more than one cookie, really. If you've installed some forum/blog/whatever that has its own cookie, I'll take it. If you have google analytics with their goddamned 4 or 5 cookie setup, I might take those, if I think you deserve to track my usage for site tracking purposes -- which also sticks me with advertracking, but so be it. If you're sending out a bunch of cookies with names like 'username', 'user_id', 'name', 'password' (!), 'email', etc., I'm outta there, because you clearly have no clue what you are doing... As esoteric as this may also sound, the basic principles are also true for supporting the most browsers and having a good clean design. Send one cookie, see if it comes back, and if it does, tie everything to that cookie. You can also set up php.ini and use the built-in sessions with http://php.net/session_start so that PHP will take care of this for you. -- Some people have a "gift" link here. Know what I want? I want you to buy a CD from some indie artist. http://cdbaby.com/browse/from/lynch Yeah, I get a buck. So? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] session cookies enabled?
I don't think that there is a difference between session or regular cookie acceptance. Have a look at the 1st code example here : http://www.php-code-search.com/?q=cookie%20support berber -Original Message- From: [EMAIL PROTECTED] [mailto:[EMAIL PROTECTED] Sent: Tuesday, May 08, 2007 8:31 PM To: PHP List Subject: [PHP] session cookies enabled? Hello, How does one check to see if the user's browser accepts session cookies? Best, Craig -- - Virtual Phonecards - Instant Pin by Email - - Large Selection - Great Rates- - http://speedypin.com/?aff=743&co_branded=1 - -- ** ** * Craig Spencer * * [EMAIL PROTECTED]* ** ** -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] session cookies enabled?
Hello, How does one check to see if the user's browser accepts session cookies? Best, Craig -- - Virtual Phonecards - Instant Pin by Email - - Large Selection - Great Rates- - http://speedypin.com/?aff=743&co_branded=1 - -- ** ** * Craig Spencer * * [EMAIL PROTECTED]* ** ** -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] session cookies, domain (host:port) issues
hi some thoughts on session cookies... when setting the domain for the cookie, u could use $_SERVER['HTTP_HOST'] which would be 'example.com' or 'www.example.com' i.e. session_set_cookie_params(30*60, '/', $_SERVER['HTTP_HOST'], false); (assuming u don't want to set it for subdomains) if the webserver isn't running on port 80 then $_SERVER['HTTP_HOST'] is 'example.com:101'. on www.example.com:101 or sub.example.com:101, $_SERVER['SERVER_NAME'] is 'example.com' in which case the browser rejects it (which it's supposed to). ofcourse this could be solved by doing something like list ($host, $port) = split(':', $_SERVER['HTTP_HOST']); $host is 'sub.example.com' $port is '101' if the 'domain' parameter in session_set_cookie_params is empty or not specified along with the 'secure' field, it's handled properly by the server, accepted by the browser, etc. strange that not specifying it helps since u'd want ur script to run regardless of the server config and as long as u can set certain parameters and control whether it applies to subdomains or the primary domain. set-cookie2 supports the port directive (http://www.faqs.org/rfcs/rfc2965.html) Port[="portlist"] dunno about implementation or browser support. it would be good if the php handled this either using set-cookie2 or stripping it from the domain...similar behaviour to when it's not specified. a comment was posted about this on the setcookie page (http://php.net/manual/en/function.setcookie.php#36202) which i think should be added to the function docs. anirudh -- ]# Anirudh Dutt pilot of the storm who leaves no trace like thoughts inside a dream -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session cookies
Rasmus Lerdorf wrote: > Chris Shiflett wrote: > >>Rasmus Lerdorf wrote: >> >> >>>Why modify my test? >> >> >>Because it has less delay. Thus, it's more difficult to tell if the >>browser is requesting the new URL before or after receiving the entire >>response. My script is essentially the same thing, but the script takes >>30 seconds to execute. It makes the distinction very clear. >> >>The addition of flush() forces the chunked response. You can remove that >>if your server uses chunked transfer encoding without it. >> >> >>>What did you see in log.txt from my version and on your screen? >> >> >>You would see the output "Count0\nCount1\n..." in the log and the PHP >>web site in the browser. I'm not sure how that's relevant. No browser is >>going to render content from a 302 response, but that doesn't prove that >>it won't wait for it. > > > Yes it does. The last number in log.txt tells you exactly when the > browser stopped listening to the response and closed the socket because > PHP will abort the script at that point. If what you are saying is > true, how do you explain the fact that you don't see a count all the way > up to 999,999 in my test in the log.txt file? Also, just add a single line to your own test script and make it look like this: header('Location: http://www.php.net/'); $fp = fopen('/tmp/log.txt', 'w'); for ($i = 0; $i < 30; $i++) { $str = "Count $i\n"; echo str_repeat($str,1000); fputs($fp, $str); sleep(1); flush(); } Then time how long it takes for the redirect to happen. Is it still taking 30 seconds? If not, why not? -Rasmus -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session cookies
Chris Shiflett wrote: > Rasmus Lerdorf wrote: > >> Why modify my test? > > > Because it has less delay. Thus, it's more difficult to tell if the > browser is requesting the new URL before or after receiving the entire > response. My script is essentially the same thing, but the script takes > 30 seconds to execute. It makes the distinction very clear. > > The addition of flush() forces the chunked response. You can remove that > if your server uses chunked transfer encoding without it. > >> What did you see in log.txt from my version and on your screen? > > > You would see the output "Count0\nCount1\n..." in the log and the PHP > web site in the browser. I'm not sure how that's relevant. No browser is > going to render content from a 302 response, but that doesn't prove that > it won't wait for it. Yes it does. The last number in log.txt tells you exactly when the browser stopped listening to the response and closed the socket because PHP will abort the script at that point. If what you are saying is true, how do you explain the fact that you don't see a count all the way up to 999,999 in my test in the log.txt file? > I'd be curious to know which browser you're using that behaves > differently. I'm not saying it's not possible, but it seems weird. I'm just using Firefox. -Rasmus -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session cookies
Rasmus Lerdorf wrote: Why modify my test? Because it has less delay. Thus, it's more difficult to tell if the browser is requesting the new URL before or after receiving the entire response. My script is essentially the same thing, but the script takes 30 seconds to execute. It makes the distinction very clear. The addition of flush() forces the chunked response. You can remove that if your server uses chunked transfer encoding without it. What did you see in log.txt from my version and on your screen? You would see the output "Count0\nCount1\n..." in the log and the PHP web site in the browser. I'm not sure how that's relevant. No browser is going to render content from a 302 response, but that doesn't prove that it won't wait for it. For the browsers I've tested (including Internet Explorer now), the new request (for http://www.php.net/) is not sent until after the previous response is received in its entirety. There are buffering issues on both ends here, but my original test describes shows exactly how browsers will redirect long before the end of a request. Your script, without modifications, exhibits the same behavior. It's a bit more difficult to visualize, but I can verify it with timestamps. The request for http://www.php.net/ is not sent until after the previous response has been received in its entirety. I'd be curious to know which browser you're using that behaves differently. I'm not saying it's not possible, but it seems weird. Chris -- Chris Shiflett Brain Bulb, The PHP Consultancy http://brainbulb.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session cookies
Chris Shiflett wrote: > Rasmus Lerdorf wrote: > >> Then you have configured your server to always turn on output >> buffering or your test script is bad. > > > I don't think it's either, but I'll let you decide. I tried a new test > with your code and some slight modifications: Why modify my test? What did you see in log.txt from my version and on your screen? There are buffering issues on both ends here, but my original test describes shows exactly how browsers will redirect long before the end of a request. Your test rewrite simply makes sure there is less output. -Rasmus -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session cookies
Rasmus Lerdorf wrote: Then you have configured your server to always turn on output buffering or your test script is bad. I don't think it's either, but I'll let you decide. I tried a new test with your code and some slight modifications: http://www.php.net/'); $fp = fopen('/tmp/log.txt', 'w'); for ($i = 0; $i < 30; $i++) { $str = "Count $i\n"; echo $str; fputs($fp, $str); sleep(1); flush(); } ?> Basically, I'm only looping 30 times, but I'm sleeping for a second and flushing the buffer each time. The result is a response that looks something like this: HTTP/1.1 302 Found Date: Fri, 02 Sep 2005 18:12:02 GMT Server: Apache/1.3.33 (Debian GNU/Linux) Location: http://www.php.net/ Transfer-Encoding: chunked Content-Type: text/html; charset=iso-8859-1 8 Count 0 8 Count 1 8 Count 2 ... 9 Count 27 9 Count 28 9 Count 29 0 This result is not buffered on the server by PHP or Apache - each of these chunks are received about one second apart, and the headers are received barely more than one second after the request is sent (only because I didn't flush before the first sleep): [2005-09-02 14:12:07] [+0.004467 seconds] HTTP Server: socket_read() ... [2005-09-02 14:12:08] [+1.131124 seconds] > Headers Received [2005-09-02 14:12:08] [+0.002197 seconds] > Transfer-Encoding [chunked] [2005-09-02 14:12:08] [+0.004580 seconds] > chunk_length [8] [2005-09-02 14:12:09] [+1.013278 seconds] > chunk_length [8] [2005-09-02 14:12:10] [+0.972697 seconds] > chunk_length [8] Of the three browsers I tested, none sent a request for http://www.php.net/ until they had received the very last byte of the response - the 0 indicating no more content. This happens a little more than 30 seconds after the request is sent and a little more than 29 seconds after the HTTP response line and headers (including Location) are received. Chris -- Chris Shiflett Brain Bulb, The PHP Consultancy http://brainbulb.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session cookies
Chris Shiflett wrote: > Chris Shiflett wrote: > >> > And the browsers tend to redirect right away once they get this >> > header. >> >> I would find that very surprising. Maybe I'll experiment. > > > I tested this with Firefox 1.0.4, Firefox 1.0.6, and Safari 1.3. None of > them request the new URL before receiving the previous response in its > entirety. Maybe Internet Explorer does. :-) Then you have configured your server to always turn on output buffering or your test script is bad. Try this: http://www.php.net";); $fp = fopen("/tmp/log.txt","w"); for($i=0; $i<100; $i++) { $str = "Count $i\n"; echo $str; fputs($fp, $str); } ?> What do you think you will see both on your screen and in /tmp/log.txt? -Rasmus -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session cookies
Chris Shiflett wrote: > And the browsers tend to redirect right away once they get this > header. I would find that very surprising. Maybe I'll experiment. I tested this with Firefox 1.0.4, Firefox 1.0.6, and Safari 1.3. None of them request the new URL before receiving the previous response in its entirety. Maybe Internet Explorer does. :-) Chris -- Chris Shiflett Brain Bulb, The PHP Consultancy http://brainbulb.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session cookies
Chris Shiflett wrote: > Rasmus Lerdorf wrote: > >> That's a bit misleading. The HTTP response headers are sent a soon >> as you output something from your script (calling header() or >> setcookie() doesn't count as output, so you can set all the headers >> and cookies you want). > > > They're sent to Apache, but that doesn't mean anything is necessarily > sent to the client, right? I guess I should have pointed out that this > depends on a few things, such as whether the response is sent with: > > Transfer-Encoding: chunked > > or > > Content-Length: ... > > Common sense tells me that Apache can't provide a reliable > Content-Length header until my script completes. :-) Which is why dynamic requests typically do not have a content-length header. Unless you explicitly turn on output buffering, the headers are sent as soon as you send your first real output. The end of the request has nothing to do with it. >> And the browsers tend to redirect right away once they get this >> header. > > I would find that very surprising. Maybe I'll experiment. If I > understand you correctly, you're suggesting that a browser will request > the new URL before receiving the previous response in its entirety. Even > assuming a chunked transfer encoding, that seems weird. Consider yourself surprised then, that is how things work. -Rasmus -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session cookies
Rasmus Lerdorf wrote: That's a bit misleading. The HTTP response headers are sent a soon as you output something from your script (calling header() or setcookie() doesn't count as output, so you can set all the headers and cookies you want). They're sent to Apache, but that doesn't mean anything is necessarily sent to the client, right? I guess I should have pointed out that this depends on a few things, such as whether the response is sent with: Transfer-Encoding: chunked or Content-Length: ... Common sense tells me that Apache can't provide a reliable Content-Length header until my script completes. :-) That's true... it can't... and doesn't... at least not all the time... --- % telnet localhost 8004 Trying 127.0.0.1... Connected to localhost. Escape character is '^]'. GET /phpinfo.php HTTP/1.0 HTTP/1.1 200 OK Date: Fri, 02 Sep 2005 17:12:10 GMT Server: Apache/1.3.29 (Unix) PHP/4.3.4 X-Powered-By: PHP/4.3.4 Connection: close Content-Type: text/html (phpinfo output follows) --- -philip -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session cookies
Rasmus Lerdorf wrote: That's a bit misleading. The HTTP response headers are sent a soon as you output something from your script (calling header() or setcookie() doesn't count as output, so you can set all the headers and cookies you want). They're sent to Apache, but that doesn't mean anything is necessarily sent to the client, right? I guess I should have pointed out that this depends on a few things, such as whether the response is sent with: Transfer-Encoding: chunked or Content-Length: ... Common sense tells me that Apache can't provide a reliable Content-Length header until my script completes. :-) And the browsers tend to redirect right away once they get this header. I would find that very surprising. Maybe I'll experiment. If I understand you correctly, you're suggesting that a browser will request the new URL before receiving the previous response in its entirety. Even assuming a chunked transfer encoding, that seems weird. Chris -- Chris Shiflett Brain Bulb, The PHP Consultancy http://brainbulb.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session cookies
Chris Shiflett wrote: > Jasper Bryant-Greene wrote: > >> That is not true. The output to the client will look like this: >> >> HTTP/1.1 302 Found >> Set-Cookie: name=value;domain=whatever >> Location: http://my.domain.com/my.php >> [...] > > > Very nice explanation. :-) > > It is a common misconception that header('Location: ...') redirects the > client as soon as that statement is executed. The Location header is > only special in the sense that PHP also modifies the response status > code (to 302). Aside from that, it's just a regular header, and the > browser can't possible take any action on it before it receives the HTTP > response (which isn't sent until your PHP script completes). That's a bit misleading. The HTTP response headers are sent a soon as you output something from your script (calling header() or setcookie() doesn't count as output, so you can set all the headers and cookies you want). It doesn't wait for the end of the request unless you are buffering everything. And the browsers tend to redirect right away once they get this header. Whether or not your script runs to completion once the browser is gone is controlled by your 'ignore_user_abort' setting. See chapter 40 - Connection Handling in the manual for a full explanation of that. -Rasmus -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session cookies
Jasper Bryant-Greene wrote: That is not true. The output to the client will look like this: HTTP/1.1 302 Found Set-Cookie: name=value;domain=whatever Location: http://my.domain.com/my.php [...] Very nice explanation. :-) It is a common misconception that header('Location: ...') redirects the client as soon as that statement is executed. The Location header is only special in the sense that PHP also modifies the response status code (to 302). Aside from that, it's just a regular header, and the browser can't possible take any action on it before it receives the HTTP response (which isn't sent until your PHP script completes). This is similar to how a browser can't predict when you're going to set a cookie. :-) Just to counter my own explanation (what the heck), I do recall older versions of IE mishandling (surprise) an HTTP response such as what Jasper illustrated. They would request the new URL but fail to set the cookie as requested. It was a browser bug, and I think this bug is the source of all the confusion. Chris -- Chris Shiflett Brain Bulb, The PHP Consultancy http://brainbulb.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session cookies
Philip Hallstrom wrote: > Is there a way, using PHP, to determine if session cookies > are enabled (or disabled) in the user's browser privacy > settings? Set a cookie using setcookie(). Then use an HTML meta refresh (or javascript, just not Header("Location...) to redirect them to another page. Why not? I much prefer real headers to the "http-equiv" stuff in meta tags. After all, that is just a way to let you mimic real headers. Chris -- Chris Shiflett Brain Bulb, The PHP Consultancy http://brainbulb.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session cookies
Hi there! Try using ob_start() and then set sessions, and then user HEADER... http://se.php.net/manual/sv/function.ob-start.php /G @varupiraten.se - Original Message - From: "Philip Hallstrom" <[EMAIL PROTECTED]> To: "Jasper Bryant-Greene" <[EMAIL PROTECTED]> Cc: "php list" Sent: Thursday, September 01, 2005 10:43 PM Subject: Re: [PHP] session cookies Philip Hallstrom wrote: Then use an HTML meta refresh (or javascript, just not Header("Location...) to redirect them to another page. Why not header("Location...")? Just out of interest -- it's always worked for me, and it's a much better way to redirect users for many reasons[1] (like not breaking the back button). [1] http://www.w3.org/QA/Tips/reback For some reason (and maybe it's no longer true) I've had problems setting a cookie and then doing a header("Location..."). Seems some browsers wouldn't pick up the cookie. Now... when this happened (could have been as early as 98) I don't recall, but it's always stuck with me and I usually end up spitting back a little javascript to send the user wherever it is I want them to go... -philip -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session cookies
Mikey wrote: Jasper Bryant-Greene wrote: Philip Hallstrom wrote: Then use an HTML meta refresh (or javascript, just not Header("Location...) to redirect them to another page. Why not header("Location...")? Just out of interest -- it's always worked for me, and it's a much better way to redirect users for many reasons[1] (like not breaking the back button). [1] http://www.w3.org/QA/Tips/reback Because if you just re-direct to a new location then the cookie that you have also set in the headers will not reach the client. That is not true. The output to the client will look like this: HTTP/1.1 302 Found Set-Cookie: name=value;domain=whatever Location: http://my.domain.com/my.php [...] Therefore the cookie does reach the client, and unless the client is buggy it will set the cookie. In my experience most modern browsers have no problem with this, but if someone else has more experience with this than me then please correct me. -- Jasper Bryant-Greene Freelance web developer http://jasper.bryant-greene.name/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session cookies
Philip Hallstrom wrote: Then use an HTML meta refresh (or javascript, just not Header("Location...) to redirect them to another page. Why not header("Location...")? Just out of interest -- it's always worked for me, and it's a much better way to redirect users for many reasons[1] (like not breaking the back button). [1] http://www.w3.org/QA/Tips/reback For some reason (and maybe it's no longer true) I've had problems setting a cookie and then doing a header("Location..."). Seems some browsers wouldn't pick up the cookie. Now... when this happened (could have been as early as 98) I don't recall, but it's always stuck with me and I usually end up spitting back a little javascript to send the user wherever it is I want them to go... -philip -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session cookies
Jasper Bryant-Greene wrote: Philip Hallstrom wrote: Then use an HTML meta refresh (or javascript, just not Header("Location...) to redirect them to another page. Why not header("Location...")? Just out of interest -- it's always worked for me, and it's a much better way to redirect users for many reasons[1] (like not breaking the back button). [1] http://www.w3.org/QA/Tips/reback Because if you just re-direct to a new location then the cookie that you have also set in the headers will not reach the client. Mikey -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session cookies
Philip Hallstrom wrote: Then use an HTML meta refresh (or javascript, just not Header("Location...) to redirect them to another page. Why not header("Location...")? Just out of interest -- it's always worked for me, and it's a much better way to redirect users for many reasons[1] (like not breaking the back button). [1] http://www.w3.org/QA/Tips/reback -- Jasper Bryant-Greene Freelance web developer http://jasper.bryant-greene.name/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session cookies
Is there a way, using PHP, to determine if session cookies are enabled (or disabled) in the user's browser privacy settings? Set a cookie using setcookie(). Then use an HTML meta refresh (or javascript, just not Header("Location...) to redirect them to another page. On that page, see if the cookie value is set. If it is, they have cookies enabled. If it's not, they don't. -philip -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] session cookies
Hi, Is there a way, using PHP, to determine if session cookies are enabled (or disabled) in the user's browser privacy settings? Thanks, Don
Re: [PHP] Session cookies in firefox
On Wednesday 11 May 2005 13:26, Richard Lynch wrote: > On Tue, May 10, 2005 7:04 pm, Kirsten said: > > I'm using php sessions with cookies. > > I realized that Firefox shared cookies between different instances > > (unlike IE that when someone open a new bank window a new session is > > created). > > That's because IE stupidly creates a whole new program/process on each. That behaviour is (or maybe was, don't have IE around to test) user configurable. So if the OP is relying on that "feature" then their website is bound to break for some users. -- Jason Wong -> Gremlins Associates -> www.gremlins.biz Open Source Software Systems Integrators * Web Design & Hosting * Internet & Intranet Applications Development * -- Search the list archives before you post http://marc.theaimsgroup.com/?l=php-general -- New Year Resolution: Ignore top posted posts -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session cookies in firefox
> Here's a solution: It's not a problem. It's the way it's SUPPOSED to be. > :-) > > It's actually a BETTER browser because of that. I found dozens of firefox related sites that say that this is one of the good things IE has (like showModalDialog). > Maybe it's just me, but it sounds to me like you just want all your users > to use IE as if that's the only way a browser can/should work... That's > not a Good Idea, imho. Exactly the opposite. My site actually is designed for IE only because 99% of the users that access it use IE 5.5+ (according to apache's statistics). Because I DO like Firefox I'm redesigning it, solving any incompatibilities like session handling. Why to have multiple sessions cookies? For example when an user wants to check multiple webmail accounts in the same moment. Kirsten -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session cookies in firefox
On Wednesday 11 May 2005 05:04, Kirsten wrote: > I'm using php sessions with cookies. > I realized that Firefox shared cookies between different instances (unlike > IE that when someone open a new bank window a new session is created). > > Has anyone found a solution to this problem? Maybe detecting the new > instance and generating a new session id. Solution 1: Check the referer to your page and consider a "new window" all requests whose referer is from your domain (or your site, or your site + URI, etc. - it's up to you to figure out the exact criteria). Solution 2: Patch the Firefox browser since it's OSS :-) > > Thanks! -- Cyberly yours, Petar Nedyalkov Devoted Orbitel Fan :-) PGP ID: 7AE45436 PGP Public Key: http://bu.orbitel.bg/pgp/bu.asc PGP Fingerprint: 7923 8D52 B145 02E8 6F63 8BDA 2D3F 7C0B 7AE4 5436 pgpmE1f9KIK8T.pgp Description: PGP signature
Re: [PHP] Session cookies in firefox
On Tue, May 10, 2005 7:04 pm, Kirsten said: > I'm using php sessions with cookies. > I realized that Firefox shared cookies between different instances (unlike > IE that when someone open a new bank window a new session is created). That's because IE stupidly creates a whole new program/process on each. > Has anyone found a solution to this problem? Maybe detecting the new > instance and generating a new session id. Here's a solution: It's not a problem. It's the way it's SUPPOSED to be. :-) It's actually a BETTER browser because of that. That said, if you REALLY want to be certain that I don't run two windows accessing your site (why you care, I dunno) you could try sending out a token with each HTTP response, embed that token in each URL/FORM/etc and then check what comes back against what you expected. Maybe it's just me, but it sounds to me like you just want all your users to use IE as if that's the only way a browser can/should work... That's not a Good Idea, imho. -- Like Music? http://l-i-e.com/artists.htm -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Session cookies in firefox
I'm using php sessions with cookies. I realized that Firefox shared cookies between different instances (unlike IE that when someone open a new bank window a new session is created). Has anyone found a solution to this problem? Maybe detecting the new instance and generating a new session id. Thanks! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Session cookies in firefox
I'm using php sessions with cookies. I realized that Firefox shared cookies between different instances (unlike IE that when someone open a new bank window a new session is created). Has anyone found a solution to this problem? Maybe detecting the new instance and generating a new session id. Thanks! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Session cookies
Hi, When the user logs in , i create a session with session varialbles, the session cookie is saved on clients computer. When i log off i say session_unset(); session_destroy(); setcookie(session_name()); The session in the tmp is deleted , but the cookie is still there , i know this because when i login , the same session id is used ! Why is that ? The session id changes when you close the browser , as the default is 0. Thanks Shaun -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session & cookies
> Jeff Bluemel wrote: > > >I want to force it to use a cookie that points to a transparent SID on > >my system. > > > > Can you elaborate on this? I have no idea what you mean. for some reason when I was reading the documentation on sessions on php.net I thought it stated that it was possible to have a cookie point at a transaprent ID. I guess one of my biggest concerns is security. I don't want somebody to be able to open a session with an ID, and I want them to login everytime. this all happens behind ssl too. I check my browser cookies, and I never see a cookieis, and my pages always pass a session ID number with them. what is the best, secure way, to have sessions ID's that the browser never see's? > >I've got the following options in my php.ini, but the system doesn't seem to > >ever use a cookie, and the sessions don't die. (that's my biggest concern > >is that the user has to login to the system EVERY time he visits the site.) > > > >session.use_cookies = 1 > >session.use_only_cookies = 1 > >session.use_trans_sid = 1 > > > > With use_trans_sid set, PHP is going to append the session ID to the URL > of links, etc., on: > > 1) The client's first visit, determined by the fact that the client sent > no session ID > 2) Any other visit where the client sent a session ID on the URL but not > in a cookie I set session.use_trans_sid = 0, but I still see the SID in the URL passing from session to session. > It sounds to me like either you're only noticing the first case there, > or your browser is not supplying the cookie on subsequent requests. > Maybe this bit of information will help you. > > Happy hacking. > > Chris > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session & cookies
I also just noticed that you have session.use_only_cookies = 1, so unless you get the session ID back in a cookie, the session will restart. Chris Shiflett wrote: >> I've got the following options in my php.ini, but the system doesn't >> seem to >> ever use a cookie, and the sessions don't die. (that's my biggest >> concern >> is that the user has to login to the system EVERY time he visits the >> site.) >> >> session.use_cookies = 1 >> session.use_only_cookies = 1 >> session.use_trans_sid = 1 > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session & cookies
Jeff Bluemel wrote: >I want to force it to use a cookie that points to a transparent SID on >my system. > Can you elaborate on this? I have no idea what you mean. >I've got the following options in my php.ini, but the system doesn't seem to >ever use a cookie, and the sessions don't die. (that's my biggest concern >is that the user has to login to the system EVERY time he visits the site.) > >session.use_cookies = 1 >session.use_only_cookies = 1 >session.use_trans_sid = 1 > With use_trans_sid set, PHP is going to append the session ID to the URL of links, etc., on: 1) The client's first visit, determined by the fact that the client sent no session ID 2) Any other visit where the client sent a session ID on the URL but not in a cookie It sounds to me like either you're only noticing the first case there, or your browser is not supplying the cookie on subsequent requests. Maybe this bit of information will help you. Happy hacking. Chris -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] session & cookies
OK guys... here's my question - I'm using 4.2.3 and apache 1.3.26, and I've got sessions setup. however, it seems to be using an SID attached to the URL, and I want to force it to use a cookie that points to a transparent SID on my system. I've got the following options in my php.ini, but the system doesn't seem to ever use a cookie, and the sessions don't die. (that's my biggest concern is that the user has to login to the system EVERY time he visits the site.) session.use_cookies = 1 session.use_only_cookies = 1 session.use_trans_sid = 1 -- Thanks, Jeff Bluemel -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] session/cookies
Start by adding a "session_start()" to the 2nd file, then see what happens. Kirk > Hi again, I am doing a simple example of cookies and my > server seems to > get frozen. > > Basically, what I do is: > > file01.php: > session_start(); > seession_register("sess_var"); > sess_var = "Hello"; > ?> > > file02.php > echo $sess_var; > session_unregister("sess_var"); > ?> > > What ends up happening when I go to the second file is the server just > opens the file forever never showing the content, and ends up > giving me > an error message. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] session/cookies
Hi again, I am doing a simple example of cookies and my server seems to get frozen. Basically, what I do is: file01.php: file02.php What ends up happening when I go to the second file is the server just opens the file forever never showing the content, and ends up giving me an error message. Can anyone suggest what I do wrong? Thanks, Vlad -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] session cookies not destroyed
Hi all, I was wondering if anyone has had any problems with sessions and IE 5.0 (mac). As I (limitedly) understand it, the session cookie (kept by IE) should be destroyed when I quit IE. It should, therefor, not be there when I restart IE. HOWEVER.. I seem to get very unpredictable behaviour in that sometimes the cookie is destroyed and sometimes it isn't. The only constant seems to be that if I close IE, then restart the computer, the cookie is always gone. But if i don't restart the computer, the cookie is sometimes destroyed and sometimes not. Has anyone experienced this problem. even better, does anyone know how to solve this problem. :) Thanks in advanced, Brad -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Session, cookies not allowed, ssl
Hello everybody, I am fairly new to php and have the following problem: I wrote an application that uses sessionhandling. I will enclose parts of the code below. It runs fine under Netscape 4.74, or Explorer 5 and also under other Browsers. Problems arise under Netscape 4.6 when cookies are not allowed. When I ask for the startpage, only one of three parts of a frame appears, and disappears again, and another part of the frame is briefly displayed and disappears again. It keeps flickering and doesnt stop. I have also seen a browser where it was flickering a few seconds but then finally the page was properly displayed. I thought that was because PHP seems to set cookies, but if that doesnt work it uses its own sessionmanagement. Something seems to go wrong in our case. My boss thinks our problem has something to do with cookies, as it runs fine as long as cookies are enabled. It also runs fine if we order it via https (SSL). Do you have any clue what could go wrong and how I could try to fix it??? Why does it work with SSL? I hope I have been precisely enough in describing my problem. I tried as hard as I could ;-) If not please ask for more information. Thank you very much for your help! Here is part of the code: The following function is called on top of every page that I wrote by -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
Re: [PHP] Session cookies appearing where there is no session
(responding to myself) In article <93uoh9$613$[EMAIL PROTECTED]>, [EMAIL PROTECTED] (CC Zona) wrote: > This must sound pretty far-fetched, but as far as I can tell, my site is > attempting to set a session cookie from any and all PHP pages, even when > the page has no calls to session_* functions and where there were also no > previous visits to pages with such calls. Where is the setting that is > initializing these unneccessary sessions and sending the cookies? I looked > for something in php.ini or phpinfo() to explain it, but came up empty. It looks like I've finally figured out the answer to this part of my question (it's always five minutes after you finally break down and ask for help, isn't it? ). Apparently session.auto_start=1 was the culprit. I'm still hoping someone can help me with the other question, though: > I wondered about that "session.use_trans_sid", but there's no reference to > it in my php.ini file (yes, I checked that phpinfo says I'm looking at the > correct one) and I also cannot find anything about it in the PHP.net online > docs. What does that setting do, and where is it configured? > session.use_trans_sid 1 1 Thanks again. -- CC -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]
[PHP] Session cookies appearing where there is no session
This must sound pretty far-fetched, but as far as I can tell, my site is attempting to set a session cookie from any and all PHP pages, even when the page has no calls to session_* functions and where there were also no previous visits to pages with such calls. Where is the setting that is initializing these unneccessary sessions and sending the cookies? I looked for something in php.ini or phpinfo() to explain it, but came up empty. Below are excerpts from a phpinfo() dump. I wondered about that "session.use_trans_sid", but there's no reference to it in my php.ini file (yes, I checked that phpinfo says I'm looking at the correct one) and I also cannot find anything about it in the PHP.net online docs. What does that setting do, and where is it configured? TIA begin excerpts from phpinfo() Directive Local Value Master Value assert.active 1 1 assert.bail 0 0 assert.callback no value no value assert.quiet_eval 0 0 assert.warning 1 1 safe_mode_allowed_env_vars PHP_ PHP_ safe_mode_protected_env_vars LD_LIBRARY_PATH LD_LIBRARY_PATH session.use_trans_sid 1 1 session Session Support enabled Directive Local Value Master Value session.auto_start On On session.cache_expire 60 60 session.cache_limiter nocache nocache session.cookie_domain no value no value session.cookie_lifetime 0 0 session.cookie_path / / session.entropy_file no value no value session.entropy_length 0 0 session.gc_maxlifetime 1800 1800 session.gc_probability 1 1 session.name SID SID session.referer_check no value no value session.save_handler files files session.save_path /tmp /tmp session.serialize_handler php php session.use_cookies On On HTTP Response Headers Set-Cookie SID=0c6a1e4a46c8d9d840ac865d4a9d8e6f; path=/ Expires Thu, 19 Nov 1981 08:52:00 GMT Cache-Control no-store, no-cache, must-revalidate, post-check=0, pre-check=0 Pragma no-cache -- CC -- PHP General Mailing List (http://www.php.net/) To unsubscribe, e-mail: [EMAIL PROTECTED] For additional commands, e-mail: [EMAIL PROTECTED] To contact the list administrators, e-mail: [EMAIL PROTECTED]