Hi have nearly completed building an intranet site and everything was working okay until i tested on a Mac!
I have a login system, the script that has been used can be found here http://www.phpsecurepages.com/
On the PC, when the user closes the broswer window and goes back to the site, they are asked to login again, but on a Mac, the user is still logged in.
Why would this happen? I don't know which part of the code in the script i mentioned to post for you to check out.
So some ideas of what the problem is might help me determine where the problem is arising from.
Cheerz
Mark
Sessions on a MAC
Moderator: General Moderators
Do you use IE/Mac? If so, there are should be an option to enable cookie confirmation... then you can see if cookie is set right, i.e. if it is session cookie or not...
I suppose it's IE/Mac bug. Just found this links:
http://www.faqts.com/knowledge_base/vie ... 1457/fid/4
http://66.102.11.104/search?q=cache:VIK ... n&ie=UTF-8
check this also:
I googled it alot, but not found the answer yet.
I see two ways:
1. set session.cookie_lifetime in php.ini to some meaningful non-zero value (It will make sess_id cookies permanent, so they will expire properly).
2. write js window.onclose event handler which will clear the sess_id.
I suppose it's IE/Mac bug. Just found this links:
http://www.faqts.com/knowledge_base/vie ... 1457/fid/4
http://66.102.11.104/search?q=cache:VIK ... n&ie=UTF-8
check this also:
....you are not aloneEnabling per-session cookies:
Internet Explorer (v5.0 and up):
From your browser's tool bar, click on "Tools" and select Internet Options.
Select the Security tab and click on the button "Custom Level".
Scroll down until you see "cookies" and click on "next" to "enable per-session cookies".
Click on "OK".
Click on "Apply".
Now close and reopen your browser for the new setting to be saved.
I googled it alot, but not found the answer yet.
I see two ways:
1. set session.cookie_lifetime in php.ini to some meaningful non-zero value (It will make sess_id cookies permanent, so they will expire properly).
2. write js window.onclose event handler which will clear the sess_id.
Thanks for the info mate.
Yes, it is IE on the MAC.
The session.cookie_lifetime is already set to 0 in the php.ini.
I can't expect people to change there IE settings.
window.onClose isn't in the Javascript specification and is only implemented by Some versions of Netscape.
So...
Solution i have come up with uses onUnload.
The problem with onUnload is that the functions is executed when the user navigates from page to WITHIN the site...which is obviously no good.
To get around this...
Load the site using frames, one which is like 1 pixel in height and the other fills the rest of the screen. In the 1 pixel frame, load a html/php file that has onUnload in the body tag. When the user closes the broser window, the a pop-up window appears executing a "hard" log-out.
When the user is navigating the site as normal, the html/php file in the 1 pixel frame never changes, therefor not calling the onUnload event.
Cant think of a better solution!?!
Mark
Yes, it is IE on the MAC.
The session.cookie_lifetime is already set to 0 in the php.ini.
I can't expect people to change there IE settings.
window.onClose isn't in the Javascript specification and is only implemented by Some versions of Netscape.
So...
Solution i have come up with uses onUnload.
The problem with onUnload is that the functions is executed when the user navigates from page to WITHIN the site...which is obviously no good.
To get around this...
Load the site using frames, one which is like 1 pixel in height and the other fills the rest of the screen. In the 1 pixel frame, load a html/php file that has onUnload in the body tag. When the user closes the broser window, the a pop-up window appears executing a "hard" log-out.
When the user is navigating the site as normal, the html/php file in the 1 pixel frame never changes, therefor not calling the onUnload event.
Cant think of a better solution!?!
Mark
Hi,
I do all my work on a mac and have never come across this problem. This is due to no cookies. Instead I keep track of the session with a GET variable and this has never caused any problems. With session_destory() people never stay logged in on macs / pcs or other unixbased systems for that matter.
There are a couple of people out there that doesn't have cookies enabled and not using cookies to manage your sessions will also enable them to use your site.
I do all my work on a mac and have never come across this problem. This is due to no cookies. Instead I keep track of the session with a GET variable and this has never caused any problems. With session_destory() people never stay logged in on macs / pcs or other unixbased systems for that matter.
There are a couple of people out there that doesn't have cookies enabled and not using cookies to manage your sessions will also enable them to use your site.
Imagine the situation: you're running forum like this one, and someone posts a message with the link to, say, http://www.evilhacker.com/steal_sess_id.php.mlitton wrote:Instead I keep track of the session with a GET variable and this has never caused any problems.
steal_sess_id.php:
Code: Select all
if(isset($_SERVER['HTTP_REFERER'])){
preg_match("/PHPSESSID=([^&]*)/",$_SERVER['HTTP_REFERER'], $subpatters);
if(!empty($subpatterns[1]))
echo "Hey man! I've got your session id ({$subpatterns[1]}) and now I can use that forum {$_SERVER['HTTP_REFERER']} as if I was you! HA-HA-HA!\n";
}PHP internal session handling use `url session id passing` as fallback if cookies are not enabled.mlitton wrote: There are a couple of people out there that doesn't have cookies enabled and not using cookies to manage your sessions will also enable them to use your site.