Re: session loss

LucasGT wrote:


Hi Lucas,

>>> <META HTTP-EQUIV=Refresh
>>> CONTENT="0;url=http:/my.url.com/?params=zdazdazda">
>
>> That is a strange URL, but if it works, fine. :-)
>
> Actually, the true URL is more bizarre than this one, but if it works,
> fine :-D
>
>> If you go to the side, does the same popup also make the session
> disappear?
>
> I'm afreaid I don't understant what you mean by " If you go to the side
> " ?

You don't understand because I make a typo.
Sorry. :-)
I ment SITE as in website.

My question to you was: If you visit the http:/my.url.com/?params=zdazdazda
straight without the redirection, and the popup comes up, is your session
lost too?
Because if that is the case: The popup alone is responsible for the
sessionloss.

>
> in fact, I don't own the code but have access to it, and I'm able to do
> a lot of change in it
> I'll try to see if / how the pop-up can delete the session (cookie) on
> the client side. I'm quite sure it ain't a javascript thing, but what I
> didn't tell you is that the popup is a pdf.
>
> Another thing : if I copy/paste the _strange_ URL directly in a browser
> window, no problemo. The session's never lost.

excactly. That is what I wanted you to test. :-)
Hmm...

Honestly I am baffled.
This must be something very obscure.

>
> Thank you for your advices. I'll inform you of my progress.

Please do: I am very curious what it turns out to be.

Regards,
Erwin Moller

PS: A tip.
I had a lot of help using a developerplugin for firefox to solve
session/cookie related problems.
Look for: Web Developer 0.9.3 "Adds a menu and a toolbar with various web
developer tools"

for example: Maybe you are using session_start(), but you do not use it on
every page. With this tool you can easily compare what changes in the
cookies and what is send. Look for PHPSESSIONID, or whatever you called it
in you php.ini.


.

Relevant Pages

  • Re: [PHP] help create community newbie guide to security
    ... is necessary for state (and therefore session) management. ... be leveraged by a careful developer. ... defend against all XSS vulnerabilities, I would bet that most XSS ... vulnerabilities are due to a complete lack of filtering logic. ...
    (php.general)
  • Re: [kde] KDE4 desktop - problems on one laptop only
    ... Maybe the session manager saved a bad state, ... You could try explicitly saving a session. ... Kevin Krammer, KDE developer, xdg-utils developer ...
    (KDE)
  • Re: Do you store diluted D-72 (Dektol) ?
    ... > to treat the remaining working solution, ... that's because most people make many prints in a session, ... would find a one-shot developer to be too much effort. ... I believe replenishment is a more common solution. ...
    (rec.photo.darkroom)
  • Seeking to understand something about the HttpSessionState class
    ... Developer A codes First.aspx web form. ... Session state and by chance both of them give the session state ...
    (microsoft.public.dotnet.framework.aspnet)
  • Re: Future of IntraWeb with release of Delphi for .net
    ... > IW shields the web developer, not the component developer from web tech. ... > recreation time which can both be a limiting factor to scalability. ... > more about the session and state of the application. ... What is PageMode? ...
    (borland.public.delphi.non-technical)