homepage Welcome to WebmasterWorld Guest from 54.161.166.171
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Pubcon Platinum Sponsor 2014
Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
Internet Explorer 8 Session Problem
Sp4rkyM4rk




msg:4287716
 4:16 am on Mar 26, 2011 (gmt 0)

EDIT: Found the issue... seems there wasn't enough space in the database field.

To monitor active users on my website, I've created a session class which uses cookies to store session data as it gives more flexibility than the default PHP session handler. To prevent session hijacking (and changing of cookie data), I've recently added a simple condition which checks the current browser and IP address against the value stored in the database.

if ($_SERVER['REMOTE_ADDR'] == $this->session['session_ip_address'] && $_SERVER['HTTP_USER_AGENT'] == $this->session['session_browser_agent'])
{
// Code if true
}
else
{
// Code if false
}


Unfortunately, Internet Explorer 8 does not seem to like the addition and I have no idea why since this is server side scripting. For some reason, a new session is created (new cookie and new data inserted into the database) on every click. I'd expect this if cookies were disabled, but they aren't. Everything works fine in Google Chrome and Mozilla Firefox, and it was working fine in Internet Explorer before I added this code. I've discovered that the issue only occurs when I validate the browser agent (IP is fine, and Internet Explorer 8 is receiving the session cookie), but when I compared the values of the created sessions I found out they are the same:

Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center


I'm not sure how, but it seems this can be fixed in some way since it is working fine in other browsers. I'd rather not just validate the IP address because validating them both adds a bit of extra security.

Any help will be greatly appreciated. :)

 

chrisranjana




msg:4287717
 4:34 am on Mar 26, 2011 (gmt 0)

are you encoding the string and then setting the cookie ?

Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center
Matthew1980




msg:4287803
 10:02 am on Mar 26, 2011 (gmt 0)

>>Found the issue...

That's good to know, that can catch people out, I used to forget that md5() and sha1() hash values were set lengths, and when creating the fields I used to specify varchar(30) forgetting that 40 would be better as the returned string from those functions was 32 chars long! Better to have plenty than not enough :)

Out of curiosity, what length did you have to set the field to in the end so that this handy little checker would work?

Cheers,
MRb

Sp4rkyM4rk




msg:4288019
 1:40 am on Mar 27, 2011 (gmt 0)

The original data type was a 150 character VARCHAR field. Having created a test script:

<?php

echo $_SERVER['HTTP_USER_AGENT'];

?>


It seems I had information about InfoPath and other Microsoft Office software in the string. In the end a 255 character VARCHAR wasn't enough so I went for MEDIUMTEXT.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved