|
|
Posted by Rik on 08/10/07 16:14
On Fri, 10 Aug 2007 17:39:55 +0200, amygdala <noreply@noreply.com> wrote=
:
> Hello all,
>
> I have posted a similar question in comp.lang.php in the past, but =
> haven't
> had any response to it then. I kinda swept the problem under the rug =
> since
> then. But I would really like to resolve this issue once and for all n=
ow.
>
> The problem might be PHP related but since I only develop applications=
=
> using
> PHP, I'm not a hundred percent sure. Therefor I've taken the liberty t=
o
> crosspost to comp.lang.php and alt.www.webmaster. I assume the majorit=
y =
> of
> frequent contributors of these groups have dealt with developing sessi=
on
> management also, so I'm kind of hoping your experience in this field =
> might
> resolve this issue.
>
> The problem is the following:
>
> User profiles on the site I'm developing will be publically available
> through:
>
> http://www.example.com/profile/view/<username>
>
> A users own profile (when logged in) will be available through:
>
> http://www.example.com/profile/view/ or
> http://www.example.com/profile/ (which will redirect to last url)
>
> So when an anonymous user visits one of these last two pages, the =
> requested
> page is stored as a referer in a session and the user is redirected to=
>
> http://www.example.com/user/login/
>
> where the user is prompted to login.
>
> On succes it gets redirected to the stored referer url again. A pretty=
> common procedure I would assume.
>
> This works fine on either IE or Firefox (windows). But in Opera I get
> multiple sessions created in the database of which one *does* contains=
a
> userId but Opera redirects back to the login page again.
>
> Only when I manually enter the target url I do get to see the logged i=
n
> users profile page.
>
> My application examins $_SERVER[ 'REQUEST_URI' ] to determine which pa=
ge =
> to
> serve. So, after much testing, I thought it might have something to do=
=
> with
> Opera's favicon requests.
Hmm, FF & MSIE equally request that damn thing, shouldn't matter I think=
....
> I understand that this might be difficult to interpret without seeing =
any
> code. But since the code is pretty extensive, and I haven't really =
> narrowed
> it down to a particular few lines, I thought I describe the problem =
> without
> code first. Maybe somebody has had similar experiences and knows what =
the
> problem could be.
It's very hard to say. Are you sure you're not actually using the HTTP =
REFERER header instead of the one stored in a session? It's pretty =
unreliable, and very easy to disabled in Opera, i.e. the server never ge=
ts =
this header. (Don't know wether it's a standard settings, it's a setting=
I =
use nonetheless, and stored under'quick preferences', so easily accessab=
le =
for normal users). Another easily accessed Opera feature is to disable =
redirecting. If you're relying on it to transfer the user to another pag=
e, =
but don't exit your script after the redirect, chances are that in Opera=
=
it might come across as 'the same page again'. So on a redirect, always =
do =
something like:
$target =3D 'http://www.example.com';
header("Location: $target");
echo 'You're be redirected to '.$target.'. Click <a =
href=3D"'.$target.'">here</a> if it doesn't work';
exit; //<-----IMPORTANT!
A very easy mistake to make is also differnce in domain (for instance wi=
th =
or without 'www.' in front of it, cookies that are sent vie https aren't=
=
set by http and vice versa).
If that doesn't work, I'd set up a testpage instead of the normal redire=
ct =
to /user/login/, and instead of redirecting, dump the session-id & the =
$_SESSION array, and exit. That might give you some insight in what =
happens.
It could be a path issue for the cookie also though (as /profile & =
/user/login are different, maybe the cookie is set carelessly, and there=
=
are 2 different cookies for the differents paths)... If you use =
LiveHTTPHeaders in FF or Fiddler in MSIE, what do you see as Set-Cookie =
=
statements?
If all fails, I'd appreciate a live example, as I'm quite an Opera-fan, =
=
and I can't let this slide :P
f'upped to comp.lang.php BTW.
-- =
Rik Wasmus
[Back to original message]
|