session loss

Re: session loss

LucasGT wrote:

Hi Lucas,
[color=blue]
> Hi,
>
> I've been searching for a long time, but couldn't come up with a
> solution or a clue, so I submit my case to your attention :
>
> 1. On a Windows client, an application creates a temporary htm file and
> opens it with IE 6. This file only contains a redirection instruction
> to an outside URL :
>
> <META HTTP-EQUIV=Refresh
> CONTENT="0;url= http:/my.url.com/?params=zdazdaz da">[/color]

That is a strange URL, but if it works, fine. :-)
[color=blue]
>
> 2. once I navigate at this adress, everything is fine until the site
> opens a pop-up window, I close it _and_ try to follow another link
> (still inside the site) : the client loses the session reference[/color]

Oops?
The popup makes the session go away?
My first guess would be to investigate that popup thing.
Your redirection html file has nothing to do with it (I expect).

If you go to the side, does the same popup also make the session disappear?

Another thing: How can the popup delete the session? Are you the one who
owns this code and can you hunt down the problem from there?

The only thing I can think of is that the code that resides in the pop-up
code (or associated with) is responsible for ending the session.

Another more farfetched senario would be that javascript deletes the cookie
that contains the sessionid.
But then again: If it is your code, you would know...


Regards,
Erwin Moller
[color=blue]
>
> On the server side, PHP based, the file containing the session data
> still exists in /tmp.
>
> What I can do :
> - update the temporary htm file
> - modify the php files
> What I can't do :
> - skip the Windows app.
> - use another browser
>
> My config :
> client : WinXP SP2 + IE 6.0.2800
> server : L.A.M.P.
>
> I'd be very willing to discuss with you any solution.
>
> Regards.[/color]

Re: session loss

>><META HTTP-EQUIV=Refresh[color=blue][color=green]
>>CONTENT="0;ur l=http:/my.url.com/?params=zdazdaz da">[/color][/color]

When sending a redirect the session isn't always sent with it. You most
likely will need to attach the session id if it is not contained within
a cookie (sometimes they are sometimes not).

Mike

Re: session loss

>> <META HTTP-EQUIV=Refresh[color=blue][color=green]
>> CONTENT="0;url= http:/my.url.com/?params=zdazdaz da">[/color][/color]
[color=blue]
> That is a strange URL, but if it works, fine. :-)[/color]

Actually, the true URL is more bizarre than this one, but if it works,
fine :-D
[color=blue]
> If you go to the side, does the same popup also make the session[/color]
disappear?

I'm afreaid I don't understant what you mean by " If you go to the side
" ?

in fact, I don't own the code but have access to it, and I'm able to do
a lot of change in it
I'll try to see if / how the pop-up can delete the session (cookie) on
the client side. I'm quite sure it ain't a javascript thing, but what I
didn't tell you is that the popup is a pdf.

Another thing : if I copy/paste the _strange_ URL directly in a browser
window, no problemo. The session's never lost.

Thank you for your advices. I'll inform you of my progress.

Re: session loss

Hi Mike,

This file, created on the client side, doesn't set any session. The
session is set once on the server side via the 'session_start' php
instruction.
My guess is that the session cookie is then sent back to the client.

Thanks anyway, this may be a solution : force the session id before
reaching the server.

But if I could avoid this (and it worked), I'd be glad :)

Re: session loss

LucasGT wrote:


Hi Lucas,
[color=blue][color=green][color=darkred]
>>> <META HTTP-EQUIV=Refresh
>>> CONTENT="0;url= http:/my.url.com/?params=zdazdaz da">[/color][/color]
>[color=green]
>> That is a strange URL, but if it works, fine. :-)[/color]
>
> Actually, the true URL is more bizarre than this one, but if it works,
> fine :-D
>[color=green]
>> If you go to the side, does the same popup also make the session[/color]
> disappear?
>
> I'm afreaid I don't understant what you mean by " If you go to the side
> " ?[/color]

You don't understand because I make a typo.
Sorry. :-)
I ment SITE as in website.

My question to you was: If you visit the http:/my.url.com/?params=zdazdaz da
straight without the redirection, and the popup comes up, is your session
lost too?
Because if that is the case: The popup alone is responsible for the
sessionloss.
[color=blue]
>
> in fact, I don't own the code but have access to it, and I'm able to do
> a lot of change in it
> I'll try to see if / how the pop-up can delete the session (cookie) on
> the client side. I'm quite sure it ain't a javascript thing, but what I
> didn't tell you is that the popup is a pdf.
>
> Another thing : if I copy/paste the _strange_ URL directly in a browser
> window, no problemo. The session's never lost.[/color]

excactly. That is what I wanted you to test. :-)
Hmm...

Honestly I am baffled.
This must be something very obscure.
[color=blue]
>
> Thank you for your advices. I'll inform you of my progress.[/color]

Please do: I am very curious what it turns out to be.

Regards,
Erwin Moller

PS: A tip.
I had a lot of help using a developerplugin for firefox to solve
session/cookie related problems.
Look for: Web Developer 0.9.3 "Adds a menu and a toolbar with various web
developer tools"

for example: Maybe you are using session_start() , but you do not use it on
every page. With this tool you can easily compare what changes in the
cookies and what is send. Look for PHPSESSIONID, or whatever you called it
in you php.ini.