Re: sessions and redirecting in opera

---

• From: "amygdala" <noreply@xxxxxxxxxxx>
• Date: Fri, 10 Aug 2007 19:14:44 +0200

---

"Rik" <luiheidsgoeroe@xxxxxxxxxxx> schreef in bericht
news:op.twup20qfqnv3q9@xxxxxxxxxxxx
On Fri, 10 Aug 2007 17:39:55 +0200, amygdala <noreply@xxxxxxxxxxx> wrote:

Hello all,

I have posted a similar question in comp.lang.php in the past, but
haven't
had any response to it then. I kinda swept the problem under the rug
since
then. But I would really like to resolve this issue once and for all now.

The problem might be PHP related but since I only develop applications
using
PHP, I'm not a hundred percent sure. Therefor I've taken the liberty to
crosspost to comp.lang.php and alt.www.webmaster. I assume the majority
of
frequent contributors of these groups have dealt with developing session
management also, so I'm kind of hoping your experience in this field
might
resolve this issue.

The problem is the following:

User profiles on the site I'm developing will be publically available
through:

http://www.example.com/profile/view/<username>

A users own profile (when logged in) will be available through:

http://www.example.com/profile/view/ or
http://www.example.com/profile/ (which will redirect to last url)

So when an anonymous user visits one of these last two pages, the
requested
page is stored as a referer in a session and the user is redirected to

http://www.example.com/user/login/

where the user is prompted to login.

On succes it gets redirected to the stored referer url again. A pretty
common procedure I would assume.

This works fine on either IE or Firefox (windows). But in Opera I get
multiple sessions created in the database of which one *does* contains a
userId but Opera redirects back to the login page again.

Only when I manually enter the target url I do get to see the logged in
users profile page.

My application examins $_SERVER[ 'REQUEST_URI' ] to determine which page
to
serve. So, after much testing, I thought it might have something to do
with
Opera's favicon requests.

Hmm, FF & MSIE equally request that damn thing, shouldn't matter I think...

I understand that this might be difficult to interpret without seeing any
code. But since the code is pretty extensive, and I haven't really
narrowed
it down to a particular few lines, I thought I describe the problem
without
code first. Maybe somebody has had similar experiences and knows what the
problem could be.

It's very hard to say. Are you sure you're not actually using the HTTP
REFERER header instead of the one stored in a session? It's pretty
unreliable, and very easy to disabled in Opera, i.e. the server never gets
this header. (Don't know wether it's a standard settings, it's a setting I
use nonetheless, and stored under'quick preferences', so easily accessable
for normal users). Another easily accessed Opera feature is to disable
redirecting. If you're relying on it to transfer the user to another page,
but don't exit your script after the redirect, chances are that in Opera
it might come across as 'the same page again'. So on a redirect, always do
something like:

$target = 'http://www.example.com';
header("Location: $target");
echo 'You're be redirected to '.$target.'. Click <a
href="'.$target.'">here</a> if it doesn't work';
exit; //<-----IMPORTANT!

A very easy mistake to make is also differnce in domain (for instance with
or without 'www.' in front of it, cookies that are sent vie https aren't
set by http and vice versa).

If that doesn't work, I'd set up a testpage instead of the normal redirect
to /user/login/, and instead of redirecting, dump the session-id & the
$_SESSION array, and exit. That might give you some insight in what
happens.

It could be a path issue for the cookie also though (as /profile &
/user/login are different, maybe the cookie is set carelessly, and there
are 2 different cookies for the differents paths)... If you use
LiveHTTPHeaders in FF or Fiddler in MSIE, what do you see as Set-Cookie
statements?

If all fails, I'd appreciate a live example, as I'm quite an Opera-fan,
and I can't let this slide :P

f'upped to comp.lang.php BTW.
--
Rik Wasmus


.

---

• Follow-Ups:
  • Re: sessions and redirecting in opera
    • From: amygdala
  • Re: sessions and redirecting in opera
    • From: Rik

• Prev by Date: Re: Continuous Form
• Next by Date: Re: Continuous Form
• Previous by thread: Re: sessions and redirecting in opera
• Next by thread: Re: sessions and redirecting in opera
• Index(es):
  • Date
  • Thread

---

Relevant Pages Help Needed: Cant Successfully Perform Server-side Redirection ... The only problem that I really have is session timeouts. ... situations and redirect the user to the Logon page. ... If Not IsLogonPage And Not IsLogOffPage Then ... Dim ExpirationInterval As Integer = Settings.TimeoutMinutes ... (microsoft.public.dotnet.framework.aspnet) Re: Cookies:Sites which always work ... cookieless session work but encoding the session in the url (or postdata). ... if you use redirect, you need to include the session id in the redirect url. ... > disabled cookies, etc ... (microsoft.public.dotnet.framework.aspnet) SESSION timeout using time() ... and don't want to rely on cookies, so I'm wondering if this a reliable way ... redirect to url ... echo "Your session has timed out." ... (comp.lang.php) Re: session value lost ... >into as sessionvariable (username). ... So I redirect to my search.aspx. ... >I save the recordid to the session and redirect to work.aspx. ... >new sqlstring I fetch the data from the sqlserver. ... (microsoft.public.dotnet.framework.aspnet) Re: NoAccessAllowed.aspx ... Set a low cache time in your page to ensure it does not cache for long on ... > the user clicks the BACK browser button after the session has expired? ... How do you know to redirect them? ... (microsoft.public.dotnet.framework.aspnet)

---

We are proud to have Web Hosting and Rack Housing from 9 Net Avenue Deutschland.
(14)