[SOLVED] sessions not carried over in firefox new tabs...

[pavanpuligandla]

hii..

herez a small problem with session handling,

when i login to my application sessions are being registered, that is okay, and after getting logged in i can see the members page well, but when i'm opening the the loginpage.htm again in the new tab of firefox browser, i'm able to see the login page itself and not the members page.

the sessions are not being synchronized, why is this happening?

 

i tried to include session.php in the login page itself, so if the user is already logged in even though when i open a login page it shld be redirected to members page instead itz showing me server configuration error on the browser.

i'm here with attaching my code..kindly help me with ur ideas and suggestions..

logincheck.php

<?php
session_start();
require_once 'securesession.class.php';
//Connect to mysql server
$link=mysql_connect("localhost","root","");
if(!$link) {
	die('Failed to connect to server: ' . mysql_error());
}
//Select database
$db=mysql_select_db("tge");
if(!$db) {
	die("Unable to select database");
}

$username = strip_tags($_POST['username']);
$password = strip_tags($_POST['password']);
$encrypt = sha1($password);

$query="SELECT * FROM login WHERE username='" . mysql_real_escape_string($username) . "' AND password='".   mysql_real_escape_string ($encrypt). "'";

//require_once('attempt.log.class.php'); 
$result=mysql_query($query);
$rows2=mysql_fetch_array($result);
if($rows2["password"] == $encrypt && $rows2["username"] == $username )
	{
	if(mysql_num_rows($result)>0) 
		{
		//Login Successful
	    
	    $start=time();
            $_SESSION['time_start']=$start; 
		$_SESSION['username']=$username;
		$_SESSION['password']=$encrypt;
		$_SESSION['ip'] = $_SERVER['REMOTE_ADDR'];

		$ss = new SecureSession();
      $ss->check_browser = true;
      $ss->check_ip_blocks = 2;
      $ss->secure_word = 'SALT_';
      $ss->regenerate_id = true;
      $ss->Open();
      $_SESSION['logged_in'] = true;
  
		//include "ip_bann.php";
		include "authn.php";
		include "scsession.php";
	    header("Location: redirect.php");
		exit(); 
		}

  else {
		//Login failed
		require_once('attempt.log.class.php');
		session_destroy();
	    header("location: loginfail.htm");
		exit();
		}
	}
      else{
           require_once('attempt.log.class.php');
           session_destroy();
           header("location: loginfail.htm");
          }

?>

 

authn.php code goes here:

<?php
require_once 'securesession.class.php';
//Start session
session_start();
//Check whether the session variable
//SESS_username is present or not
$ss = new SecureSession();
  $ss->check_browser = true;
  $ss->check_ip_blocks = 2;
  $ss->secure_word = 'SALT_';
  $ss->regenerate_id = true;
  if (!$ss->Check() || !isset($_SESSION['logged_in']) || !$_SESSION['logged_in'])
  {
  header("location: login.htm");
	exit();
  }
?>

 

can anyone help me out,how to overcome this..

if user logs in to gmail.com and tries to open gmail.com/login in the same browser's new tab, then the mailbox of tht particular user's loads not the login page of gmail. rite..

but in my applicationn, the login page is being opened instead of members page.

hope u understand my problem..

Many thnx,

pavan

[Adam]

Get what you mean, what's the code in "loginpage.htm" ?

 

 

Adam

[pavanpuligandla]

login.htm

 

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Strict//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-strict.dtd">

<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
  <meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
  <meta http-equiv="Page-Enter" content="Alpha(opacity=100)">

  <title>Admin Services</title>
  <link rel="shortcut icon" href="http://localhost/Project/images/trrlogo1.ico"/>

  <link rel="stylesheet" rev="stylesheet" href="http://localhost/Project/css/csuc.css" type="text/css" media="all" />
<!--  <style type="text/css">
.invalid { border-color: #CC0000; background-color: #fff; }
</style>  -->
  <script type="text/javascript" charset="utf-8" src="http://localhost/Project/scripts/cas.js"></script>


<script>

form_submitted=false

function ValidationError(form, Invalid, error_message, focus)
{



alert(error_message)
if(form[focus].focus)
	form[focus].focus()
}

function ValidateForm(theform)
{
var e='', i={}, f='', r, s
r=theform['username']
r.className=''
r=theform['password']
r.className=''
r=theform['txt_captcha']
r.className=''
if(!i['username']
&& (theform['username'].value==''))
{
	r=theform['username']
	r.className='invalid'
	if(e=='')
		f='username'
	else
		e+='\n'
	e+=(i['username']='==> Please enter your username.')
}
if(!i['username']
&& ((theform['username'].value.search
&& theform['username'].value.search(new RegExp('^[a-zA-Z]','g'))==-1)))
{
	r=theform['username']
	r.className='invalid'
	if(e=='')
		f='username'
	else
		e+='\n'
	e+=(i['username']='==> The Username must start with a letter.')
}
if(!i['username']
&& ((theform['username'].value.search
&& theform['username'].value.search(new RegExp('^[a-zA-Z0-9]+$','g'))==-1)))
{
	r=theform['username']
	r.className='invalid'
	if(e=='')
		f='username'
	else
		e+='\n'
	e+=(i['username']='==> The username may only contain letters and digits.')
}
 if(!i['password']
&& (theform['password'].value==''))
{
	r=theform['password']
	r.className='invalid'
	if(e=='')
		f='password'
	else
		e+='\n'
	e+=(i['password']='==> Please enter your password.')
}
if(!i['txt_captcha']
&& (theform['txt_captcha'].value==''))
{
	r=theform['txt_captcha']
	r.className='invalid'
	if(e=='')
		f='txt_captcha'
	else
		e+='\n'
	e+=(i['txt_captcha']='==> Please enter the security code.')
}
if(e!='')
{
	ValidationError(theform, i, e, f)
	form_submitted=false
	return false
}
return true
}
</script>


</head>
<body >

  <div id="custom-doc" class="yui-7">

    <div id="bd">
      <div id="yui-main">



<div class="yui-g">
  <div class="yui-u first">
    <h1><abbr title="welcome Admin Services">Login</abbr></h1>

<form method="post" id="loginform" action="cap.php" onsubmit="return ValidateForm(this)">
      <fieldset>
        <legend accesskey="l">Login</legend>

        <div class="formField">
          <label for="username">Username:</label><input type="password" name="username" size="20" maxlength="12" accesskey="u" />
          <p><a href="#" onclick="toggle('UsernameInfo');return false;" class="elementToggle" title="What is my username?">What is this?</a></p>
          <div id="UsernameInfo" style="display:none;">
            <strong>Username - What is this?</strong>
            <ul>
              <li>This is the <em>username</em> that you use to <strong>login.</strong></li>

              <!-- <li>For faculty and staff, it is the same as the <em>username</em> you use to <strong>access your Exchange mail.</strong></li> -->
            </ul>
            <p id="CloseUsernameInfo"><a href="#" onclick="toggle('UsernameInfo');return false;" class="elementToggle" title="Close Username help">Close [x]</a></p>
          </div><!-- End #UsernameInfo-->
        </div>
        <div class="formField">

          <label for="password">Password:</label><input type="password" name="password" size="20" maxlength="12" accesskey="p" />
          <p><a href="forgotpassword.php" title="Forgot your password?">Forgot Password?</a></p>
        </div>
         <div class="formField"> 
	<img src="http://localhost/Project/captcha.php" alt="" name="captcha" width="188" height="33" id="captcha" />
<p><label for="txt_captcha"> Enter the security code shown above :</label> <input name="txt_captcha" type="text" id="txt_captcha" maxlength="9" title="Enter 9 digit security code."/></p>
</div>
<!-- <a href="http://localhost/Project/securimage_play.php" style="font-size: 13px">(Audio)</a><br /><br /> -->

          <div class="formField"> 
          <input id="submit" value="Login" tabindex="3" type="submit">
        </div>


      </fieldset>
    </form>
  </div><!--yui-u first-->
  <br>
  <br>
  <div class="yui-u" id="Sidebar">
   

    <div id="SecurityNotice">
      <h2>Security Notice:</h2>
      <ul>
        <li>Remember to <strong>close</strong> your browser window when you are done.</li>
        <li>Do Not <strong>Share</strong> your password with anyone.</li>
      </ul>

    </div><!-- End #SecurityNotice-->
    <div id="Help">
      <h2>Need Help?</h2>
     
      <p>Contact admin</p>
    </div><!-- End #Help-->
  </div><!--yui-u-->

</div><!--yui-g-->
      </div><!--yui-main-->
    </div>
  </div><!--doc-->
</body>
</html>

[Adam]

Okay that's just static HTML, why would the session carry over to this page?

[pavanpuligandla]

will i've to write any php code?

have u understood my problem?

if u login to gmail.com and open a new tab if u type gmail.com in the adreess bar, then u'll not see the login page instead redirected to ur mailbox.

 

so, if once i logs into my application, and when opening the login page in new firefox tab, then here i'm not being redirected to members page.

 

pls suggest me wht to do?

[Adam]

Ah right gotchya, thought you was asking why it weren't working... could check for the time_start session you're setting, ie:

 

<?php

session_start();

if ($_SESSION['time_start']) {
    header("Location: memberspage.php");
}

?>

 

put that at the top of loginpage.html (except it'll need to be .php now) and it should work fine...

 

Adam

[pavanpuligandla]

<?php

session_start();

if ($_SESSION['time_start'] && $_SESSION['username'])
		{
    header("Location: redirect.php");
}

?>

thnx man.. got it.. a smal doubt here, i'm using CAPTCHA in the login page, i've registered the captcha text session,

in the above line, will' i've to include that also?

like below

<?php

session_start();

if ($_SESSION['time_start'] && $_SESSION['username'] && $_SESSION['captchatxt'])
		{
    header("Location: redirect.php");
}

?>

[Adam]

No no.. thats for if they enter the login form. that codes just basically testing if they're already loggin in and redirecting them if so. And you only really need to test one session value. People tend to use something that actually means something, like..

 

$_SESSION['loggedIn'];

 

so when you see:

 

if ($_SESSION['loggedIn']) {

 

makes sense... adding more $_SESSION values to the if can i guess be added safety but if your system works right then you shouldn't need to really..

 

Adam

[pavanpuligandla]

yep, i did the same,

<?php

session_start();

if ($_SESSION['logged_in'])
		{
    header("Location: redirect.php");
}

?>

one more thing, is my login.php secured script?

i've implemented another class securesession.php; which will md5's the session id taking 1 character from IP address and a secure word, fingerprint.