sessions not carried over in firefox new tabs...

Discussions of secure PHP coding. Security in software is important, so don't be afraid to ask. And when answering: be anal. Nitpick. No security vulnerability is too small.

Moderator: General Moderators

Post Reply
User avatar
pavanpuligandla
Forum Contributor
Posts: 130
Joined: Thu Feb 07, 2008 8:25 am
Location: Hyderabad, India

sessions not carried over in firefox new tabs...

Post by pavanpuligandla »

hii..
herez a small problem with session handling,
when i login to my application sessions are being registered, that is okay, and after getting logged in i can see the members page well, but when i'm opening the the loginpage.htm again in the new tab of firefox browser, i'm able to see the login page itself and not the members page.
the sessions are not being synchronized, why is this happening?

i tried to include session.php in the login page itself, so if the user is already logged in even though when i open a login page it shld be redirected to members page instead itz showing me server configuration error on the browser.
i'm here with attaching my code..kindly help me with ur ideas and suggestions..
logincheck.php

Code: Select all

<?php
 session_start();
 require_once 'securesession.class.php';
 //Connect to mysql server
    $link=mysql_connect("localhost","root","");
    if(!$link) {
        die('Failed to connect to server: ' . mysql_error());
    }
    //Select database
    $db=mysql_select_db("tge");
    if(!$db) {
        die("Unable to select database");
    }
 
$username = strip_tags($_POST['username']);
$password = strip_tags($_POST['password']);
$encrypt = sha1($password);
 
$query="SELECT * FROM login WHERE username='" . mysql_real_escape_string($username) . "' AND password='".   mysql_real_escape_string ($encrypt). "'";
    
    //require_once('attempt.log.class.php'); 
    $result=mysql_query($query);
    $rows2=mysql_fetch_array($result);
    if($rows2["password"] == $encrypt && $rows2["username"] == $username )
        {
        if(mysql_num_rows($result)>0) 
            {
            //Login Successful
            
            $start=time();
            $_SESSION['time_start']=$start; 
            $_SESSION['username']=$username;
            $_SESSION['password']=$encrypt;
            $_SESSION['ip'] = $_SERVER['REMOTE_ADDR'];
            
            $ss = new SecureSession();
      $ss->check_browser = true;
      $ss->check_ip_blocks = 2;
      $ss->secure_word = 'SALT_';
      $ss->regenerate_id = true;
      $ss->Open();
      $_SESSION['logged_in'] = true;
      
            //include "ip_bann.php";
            include "authn.php";
            include "scsession.php";
            header("Location: redirect.php");
            exit(); 
            }
            
      else {
            //Login failed
            require_once('attempt.log.class.php');
            session_destroy();
            header("location: loginfail.htm");
            exit();
            }
        }
      else{
           require_once('attempt.log.class.php');
           session_destroy();
           header("location: loginfail.htm");
          }
 
?>
authn.php code goes here:

Code: Select all

<?php
 require_once 'securesession.class.php';
    //Start session
    session_start();
    //Check whether the session variable
    //SESS_username is present or not
    $ss = new SecureSession();
  $ss->check_browser = true;
  $ss->check_ip_blocks = 2;
  $ss->secure_word = 'SALT_';
  $ss->regenerate_id = true;
  if (!$ss->Check() || !isset($_SESSION['logged_in']) || !$_SESSION['logged_in'])
  {
      header("location: login.htm");
        exit();
  }
?>
can anyone help me out,how to overcome this..
if user logs in to gmail.com and tries to open gmail.com/login in the same browser's new tab, then the mailbox of tht particular user's loads not the login page of gmail. rite..
but in my applicationn, the login page is being opened instead of members page.
hope u understand my problem..
Many thnx,
pavan
User avatar
Christopher
Site Administrator
Posts: 13596
Joined: Wed Aug 25, 2004 7:54 pm
Location: New York, NY, US

Re: sessions not carried over in firefox new tabs...

Post by Christopher »

Tabs are all within the same session. You will probably need to session_write_close() (?) and possibly refresh frames or do other tricks to guarantee display order. Using a layout rather than frames is one solution.
(#10850)
Post Reply