close ad
Databridge V2 with MySQLi support IS Now Available!
open ad
View Menu

Technical Support Forums

Free, outstanding support from WebAssist and your colleagues

rating

Having problems with sessions and security

Thread began 11/09/2009 10:29 am by David CHnet.com | Last modified 11/10/2009 6:58 pm by David CHnet.com | 2963 views | 6 replies |

David CHnet.com

Having problems with sessions and security

My site seems to be having a crisis with sessions -

Test PC 1

IE 8 - WA search not working unless Tools / Options / Privacy / Advanced is all switched ON to allow sessions.

Chrome - all working at all times

Firefox - is set to allow all cookies and never works

Test PC 2

IE 8 - WA search not working unless Tools / Options / Privacy / Advanced is all switched ON to allow sessions.

Chrome - never working and all options are set the same as PC 1.

Firefox - is set to allow all cookies and never works

----------------
Bizzare, and I can't get to the bottom of it.

Any thoughts anyone?
Thanks

Sign in to reply to this post

Eric Mittman

Based on the mixed results from different browsers using similar settings I'm wondering if you have some security software in place that may be preventing the session cookies from being written. Do you have any tools installed that may be dealing with browser security?

In FireFox you can view cookies that have been set from options > privacy > delete individual cookies. In here you should be able to find the host and take a look for the cookie, there should be a PHPSESSID cookie that has a value. Other than this identifier the other session values should be stored server side.

Sign in to reply to this post

David CHnet.com

More digging

Thanks Eric.

Well, I have made some progress. The problem seems to be associated with Firefox and how it handles session, and especially serverside includes. I will post the solution here when I find it ...

I've spent 3 days chasing this so far.

David :rolleyes:

Sign in to reply to this post

David CHnet.com

Firefox

What I've discovered on my walkabout around the net about Firefox is that it's quite fussy in the way that it handles sessions, and especially so when handling inlcudes ...

My setup is like this ...

Homepage

  • index.php
  • includes inner1.php
  • has link to Search page
  • no session is set

Search page

  • index3.php
  • includes inner303.php
  • has a form
  • no session is set

Results page

  • index3.php
  • includes inner70.php
  • POST vars read into homemade search toolbar at top of inner70.php
  • uses WA Data Assist Search to return the data in the results window
  • session is set if not exist (in WA code) and left open

Detail page

  • index3.php
  • includes inner71.php
  • POST vars read into homemade search toolbar at top of inner71.php
  • WA Search code duplicated into this page
  • session remains open

Everything works beautifully in IE / Chrome / Safari, but not in Firefox.

Q1. Where should I open the session? Frontpage? Index3? Inner70?
Q2. Should I close the session and recreate at every press of the Search button? What is best practice?
Q3. Part of the site is behind a member login, so I need to keep the session open for that, don't I?
Q4. Has anyone else experienced any problems with Firefox?

I'd love to post the code or invite someone in, but can't do that publicly, sorry :(

Thanks a squillion for taking the to help me out :-)

David

Sign in to reply to this post

David CHnet.com

double password request

Oops, one final detail ...

The site (in development) is hosted so is protected at root (only) using htaccess.

On IE, Chrome, Safari, I am only asked once for the password.

In Firefox I am asked twice.

And then my screen smirked at me and said "go figure" and I responded by smashing it with a sledgehammer. Ok, it didn't, and I didn't, but WTH is going on here I don't know ... :eek: :cool:

Sign in to reply to this post

David CHnet.com

Double Doh!

Unbeliveable ...

Firefox problem .. I wasn't using the full www.domain.com URL only "domain.com" as I habitually do, and Firefox doesn't like that.

latest-firefox-update-changes-how-php-sessions-are-handled/

And this was compounded by the fact that I ionly just discovered that the WA file HelperPHP.php has these lines at the top ...

if(!session_id()){
session_start();
}

Nice of this file to create the session for me! No wonder I didn't feel in control of my sessions :-)

I just wonder why the code created by the WA Data Assist Search Wizard ALSO includes this, which (quite rightly?) led me to believe that was where it was controlled from ...

Doh, 3 days down the drain for a quirky browser and some tim spend digging in code that should be transparent to me. And the lesson is ... employ someone else to do this for me next time LOL

Sign in to reply to this post

David CHnet.com

Curing Firefox

Whacking this in the htaccess file cures the problem with the incomplete URL, and now my site is working in all browsers.

# mod_rewrite in use
Options +FollowSymlinks
RewriteEngine On
RewriteCond %{http_host} ^domain.com [NC]
RewriteRule ^(.*)$ http://www.domain.com/$1 [R=301,L]

Yes, I know you can find this all over the net already, but until now I didn't need to use it and perhaps the same will be true for someone else.

Over and out ;)

Sign in to reply to this post

Build websites with a little help from your friends

Your friends over here at WebAssist! These Dreamweaver extensions will assist you in building unlimited, custom websites.

Build websites from already-built web applications

These out-of-the-box solutions provide you proven, tested applications that can be up and running now.  Build a store, a gallery, or a web-based email solution.

Want your website pre-built and hosted?

Close Windowclose

Rate your experience or provide feedback on this page

Account or customer service questions?
Please user our contact form.

Need technical support?
Please visit support to ask a question

Content

rating

Layout

rating

Ease of use

rating

security code refresh image

We do not respond to comments submitted from this page directly, but we do read and analyze any feedback and will use it to help make your experience better in the future.

Close Windowclose

We were unable to retrieve the attached file

Close Windowclose

Attach and remove files

add attachmentAdd attachment
Close Windowclose

Enter the URL you would like to link to in your post

Close Windowclose

This is how you use right click RTF editing

Enable right click RTF editing option allows you to add html markup into your tutorial such as images, bulleted lists, files and more...

-- click to close --

Uploading file...