Search Results

Search found 3284 results on 132 pages for 'sessions'.

Page 19/132 | < Previous Page | 15 16 17 18 19 20 21 22 23 24 25 26  | Next Page >

  • RackSpace Cloud Strips $_SESSION if URL Has Certain File Extensions

    - by macinjosh
    The Situation I am creating a video training site for a client on the RackSpace Cloud using the traditional LAMP stack (RackSpace's cloud has both Windows and LAMP stacks). The videos and other media files I'm serving on this site need to be protected as my client charges money for access to them. There is no DRM or funny business like that, essentially we store the files outside of the web root and use PHP to authenticate user's before they are able to access the files by using mod_rewrite to run the request through PHP. So let's say the user requests a file at this URL: http://www.example.com/uploads/preview_image/29.jpg I am using mod_rewrite to rewrite that url to: http://www.example.com/files.php?path=%2Fuploads%2Fpreview_image%2F29.jpg Here is a simplified version of the files.php script: <?php // Setups the environment and sets $logged_in // This part requires $_SESSION require_once('../../includes/user_config.php'); if (!$logged_in) { // Redirect non-authenticated users header('Location: login.php'); } // This user is authenticated, continue $content_type = "image/jpeg"; // getAbsolutePathForRequestedResource() takes // a Query Parameter called path and uses DB // lookups and some string manipulation to get // an absolute path. This part doesn't have // any bearing on the problem at hand $file_path = getAbsolutePathForRequestedResource($_GET['path']); // At this point $file_path looks something like // this: "/path/to/a/place/outside/the/webroot" if (file_exists($file_path) && !is_dir($file_path)) { header("Content-Type: $content_type"); header('Content-Length: ' . filesize($file_path)); echo file_get_contents($file_path); } else { header('HTTP/1.0 404 Not Found'); header('Status: 404 Not Found'); echo '404 Not Found'; } exit(); ?> The Problem Let me start by saying this works perfectly for me. On local test machines it works like a charm. However once deployed to the cloud it stops working. After some debugging it turns out that if a request to the cloud has certain file extensions like .JPG, .PNG, or .SWF (i.e. extensions of typically static media files.) the request is routed to a cache system called Varnish. The end result of this routing is that by the time this whole process makes it to my PHP script the session is not present. If I change the extension in the URL to .PHP or if I even add a query parameter Varnish is bypassed and the PHP script can get the session. No problem right? I'll just add a meaningless query parameter to my requests! Here is the rub: The media files I am serving through this system are being requested through compiled SWF files that I have zero control over. They are generated by third-party software and I have no hope of adding or changing the URLs that they request. Are there any other options I have on this? Update: I should note that I have verified this behavior with RackSpace support and they have said there is nothing they can do about it.

    Read the article

  • Help a Beginner with a PHP based Login System

    - by Brian Lang
    I'm a bit embarrassed to say, but I've run into issue with creating a PHP based login system. I'm using a site template to handle the looks of the the login process, so I will spare you the code. Here is my thought process on how to handle the login: Create a simple login.php file. On there will be a form whose action is set to itself. It will check to see if the submit has been clicked, and if so validate to make sure the user entered a valid password / username. If they do, set a session variable save some login info (username, NOT password), and redirect them to a restricted area. If the login info isn't valid, save an error message in a session variable, display error message giving further instruction, and wait for the user to resubmit. Here is a chunk of what I have - hopefully one of you experts can see where I've gone wrong, and give me some insight: if(isset($_POST['submit'])) { if(!empty($_POST['username']) AND !empty(!$_POST['password'])) { header("Location: http://www.google.com"); } else { $err = 'All the fields must be filled in!'; } } if($err) { $_SESSION['msg']['login-err'] = $err; } ? Now the above is just an example - the intent of the above code is to process user input, with the script validating simply that the user has given input for username and password. If they have, I would like them, in this case, to be redirected to google.com (for the sake of this example). If not, save an error message. Given my current code, the error message will display perfectly, however if the user submits and has something entered for the username and password, the page simply doesn't redirect. I'm sure this is a silly question, but I am a beginner, and well, to be honest, a bit buzzed right now. Thanks so much!

    Read the article

  • PHP - stop calling on refresh

    - by Ross
    I need my class to create a new blank record when the page opens up the problem I am having is when the page refreshes it keeps incrementing by 1, if I write a session to keep the variable the next time I go back it does not increment. Any ideas? if(!isset($_POST['record_no'])) { echo $_POST['record_no'] = $projects->insert__blank_project(); } else { print "already Set"; }

    Read the article

  • Is session destory not enough to clean the session

    - by Kamo
    When the user clicks a logout button, I connect to a script that simply does this session_destroy(); session_start(); I thought this would be enough to reset all $_SESSION variables such as $_SESSION['logged'] and $_SESSION['username'] but when I load the page again, it automatically logs me in as if the session is still active.

    Read the article

  • PHP Beginner: How to pass PHP variable from one PHP code segment to another ?

    - by Misha Moroshko
    I have index.php which uploads a file to server and sets several PHP variables (like $target_folder_and_file_name). index.php also has the following line (it was originally index.html): <script language="JavaScript" src="main.js.php"></script> After index.php returned to the browser, the browsers asks for main.js.php from the server (right?). Can I access somehow $target_folder_and_file_name from the PHP code in main.js.php ?

    Read the article

  • Custom User Management for Google App Engine Java

    - by Gopi
    I am using GAE Java for a multi-user application. There are multiple users with different roles. Each user can login, do some operations and logout. The business restricts me from using Google User Service and I need to implement my own for authentication and session management. Can anyone please share with me how should I go about implementing my own user management? I have read its very tricky to implement own user management. Any pointers in terms of best approaches/ design / existing frameworks if any ? I could see some similar posts but they are for python.

    Read the article

  • Session variables not getting set but only in Internet Explorer and not on all machines

    - by gaoshan88
    Logging into a site I'm working on functions as expected on my local machine but fails on the remote server but ONLY in Internet Explorer. The kicker is that it works in IE locally, just not on the remote machine. What in the world could cause this? I have stepped through the code on the remote machine and can see the entered login values being checked in the database, they are found and then a login function is called. This sets two $_SESSION variables and redirects to the main admin page. However, in IE only (and not when run on local machine... this is key) the $_SESSION variables are not present by the time you get to the main admin page. var_dump($_SESSION) gives me what I expect on every browser when I am running this in my local environment and in every browser except IE 6, 7 and 8 when run on the remote server (where I get a null value as if nothing has been set for $_SESSION). This really has me stumped so any advice is appreciated. For an example... in IE, run locally, var_dump gives me: array 'Username' => string 'theusername' length=11 'UserID' => string 'somevalue' length=9 Run on the remote server (IE only... works fine in other browsers) var_dump gives me: array(0){} Code: $User = GetUser($Username, $Password); if ($User->UserID <> "") { // this works so we call Login()... Login($User); // this also works and gives expected results. on to redirect... header("Location: index.php"); // a var_dump at index.php shows that there is no session data at all in IE, remotely. } else { header("Location: login.php"); } function Login($data) { $_SESSION['Username'] = $data->Username; $_SESSION['UserID'] = $data->UserID; // a var dump here gives the expected data in every browser }

    Read the article

  • How to create a session in PHP when there is a session on the same domain in Rails?

    - by Tony
    I have a Rails app on a subdomain - xyz.domain.com, and a PHP app on another subdomain - abc.domain.com When a user is logged into the Rails app, I would like to give them a session so that I can log certain events about that user in the PHP app but in the same database of the Rails app. I would essentially just expose an API that requires authentication. What is the best way to go about this? I am not storing the session in a database

    Read the article

  • Securing an ajax request

    - by asdasdsa
    i have a website that uses session cookies for security. it works fine and all, but any ajax requests right now are not secure. example being lets say a user is on a page. they can only get to this page if they are logged in with a session - so far so good. but now the ajax request they ask for is ajaxpages/somepage.php?somevar=something&anothervar=something if any other user decides to just go to that link themselves (without a session) they still get the same ajax output that was meant for logged in people. so obviously im going to have to pass session data across when i send an ajax request. anyone have any tips for the best way of doing this? ive never done this before and would rather use trusted methods than make up my own.

    Read the article

  • how to pass session variable to model in RoR?

    - by siulamvictor
    I used a global variable in my app for passing information before. But I got a problem and thanks everyone here suggested me to store those data in session with database. I tried, but I found that I can't access the session variable in Model. I googled and knew this is the Model normal behavior, RoR won't pass the session variable to Model. So how to pass the value of the session variable into Models? or is there any other method for my use case? I need a variable storing a value, which is required in all MVCs, and should be independent between different concurrent users. Thanks everyone. :)

    Read the article

  • Troubles with a PHP session variable after form submission

    - by Psyche
    Hello, I'm setting a PHP session variable with a success message for a HTML form that I'm submitting. If there are no form errors, I redirect to the same page (using header()) and display the message from the session variable. Everything is fine until here, but if I access that page again after submission, the message is still there. Is it possible to make it appear only when I redirect after a successful submit? Thank you.

    Read the article

  • In Rails, what could cause a user to have another user's session?

    - by DavidNorth
    I have a Rails application using with an authentication system using Restful Authentication without any modification. Users have reported finding themselves logged in as the wrong user. In at least one case it was on their very first page view, never having logged in before. Is it possible their session ids are getting mixed up? Would switching to CookieStore make it impossible for this to happen since no session data is stored on the server this way? I suspect the problem is related to Passenger but I don't know where to start debugging this. Its only happened about 4 times in several months of being live so its virtually impossible to reproduce. Environment: ActiveRecord session storage Rails 2.2.2 Passenger 2.0.1 Apache 2 Ruby 1.8.6 Many thanks

    Read the article

  • Authentication and Security in my website - need advice please.

    - by Ichirichi
    Hi, I am using database with a list of username/passwords, and a simple web form that allows for users to enter their username/password. When they submit the page, I simply do a stored procedure check to authenticate. If they are authorised, then their user details (e.g. username, dob, address, company address, other important info) are stored in a custom User object and then in a session. This custom User object that I created is used throughout the web application, and also in a sub-site (session sharing). My question/problems are: Is my method of authentication the correct way to do things? I find users complaining that their session have expired although they "were not idle", possibly due the app pool recycling? They type large amounts of text and find that their session had expired and thus lose all the text typed in. I am uncertain whether the session does really reset sporadically but will Forms Authentication using cookies/cookiless resolve the issue? Alternatively should I build and store the User Object in a session, cookie or something else instead in order to be more "correct" and avoid cases like in point #2. If I go down the Forms Authentication route, I believe I cannot store my custom User object in a Forms Authentication cookie so does it mean I would store the UserID and then recreate the user object on every page? Would this not be a huge increase on the server load? Advice and answers much appreciated. L

    Read the article

  • Is Storing Cookies in a Database Safe?

    - by viatropos
    If I use mechanize, I can, for instance, create a new google analytics profile for a website. I do this by programmatically filling out the login form and storing the cookies in the database. Then, for at least until the cookie expires, I can access my analytics admin panel without having to enter my username and password again. Assuming you can't create a new analytics profile any other way (with OpenAuth or any of that, I don't think it works for actually creating a new Google Analytics profile, the Analytics API is for viewing the data, but I need to create an new analytics profile), is storing the cookie in the database a bad thing? If I do store the cookie in the database, it makes it super easy to programatically login to Google Analytics without the user ever having to go to the browser (maybe the app has functionality that says "user, you can schedule a hook that creates a new anaytics profile for each new domain you create, just enter your credentials once and we'll keep you logged in and safe"). Otherwise I have to keep transferring around emails and passwords which seems worse. So is storing cookies in the database safe?

    Read the article

  • Reuse Hibernate session in thread

    - by Marco
    Hello, I've read somewhere that when a session is flushed or a transaction is committed, the session itself is closed by Hibernate. So, how can i reuse an Hibernate Session, in the same thread, that has been previously closed? Thanks

    Read the article

  • PHP session corrupt

    - by Baversjo
    Using symfony framework 1.4 I have created a website. I'm using sfguard for authentication. Now, this is working great on WAMP (windows). I can login to several accounts on different browsers and use the website. I have ubuntu server 9.10 running apache (everything up to date and default configuration). On my server, when I login to the website in one browser it works great. When I on my other computer login with another user account on the public website, the login is successful. But when I refresh/go to another page the first user is shown as logged in instead! Also, when I press logout, It's not showing that I'm logged out after page load. When I press f5 again I'm logged out. As mentioned, all this works as expected on my local installation. I'm thinking there something wrong with my PHP session configuration on my ubuntu server, but I've never touched it.. Please help me. This is a school project and I'm presenting it today :(

    Read the article

  • HELP!!! session variables survives after logout!!!

    - by Alejandra
    Hi guys! I have a problem, will explain how to reproduce the problem: 1- login into my page (sesion variables set as $_SESSION['logged'] = true and $_SESSION['id'] = 123 2-then inside the main menu I click logout option, code like this function logout() { session_start(); $_SESSION['id'] = null; $_SESSION['logged'] = null; unset($_SESSION); session_destroy(); require_once('Views/SessionExpiredView.php'); } 3- In the session expired view I display a link the login page, there session is null 4- I click back on the browser and click ok to resend information 5- session becomes again $_SESSION['logged'] = true and $_SESSION['id'] = 123 and I'm loggued again and able to see all the information related to the id 123 This is a security issue and I don't know what is happening!!! any suggestion will be deeply appreciated. Alejandra

    Read the article

< Previous Page | 15 16 17 18 19 20 21 22 23 24 25 26  | Next Page >