homepage Welcome to WebmasterWorld Guest from 54.166.255.168
register, free tools, login, search, pro membership, help, library, announcements, recent posts, open posts,
Become a Pro Member
Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
Forum Library, Charter, Moderators: coopster & jatar k

PHP Server Side Scripting Forum

    
Internet Explorer 8 Session Problem
Sp4rkyM4rk



 
Msg#: 4287714 posted 4:16 am on Mar 26, 2011 (gmt 0)

EDIT: Found the issue... seems there wasn't enough space in the database field.

To monitor active users on my website, I've created a session class which uses cookies to store session data as it gives more flexibility than the default PHP session handler. To prevent session hijacking (and changing of cookie data), I've recently added a simple condition which checks the current browser and IP address against the value stored in the database.

if ($_SERVER['REMOTE_ADDR'] == $this->session['session_ip_address'] && $_SERVER['HTTP_USER_AGENT'] == $this->session['session_browser_agent'])
{
// Code if true
}
else
{
// Code if false
}


Unfortunately, Internet Explorer 8 does not seem to like the addition and I have no idea why since this is server side scripting. For some reason, a new session is created (new cookie and new data inserted into the database) on every click. I'd expect this if cookies were disabled, but they aren't. Everything works fine in Google Chrome and Mozilla Firefox, and it was working fine in Internet Explorer before I added this code. I've discovered that the issue only occurs when I validate the browser agent (IP is fine, and Internet Explorer 8 is receiving the session cookie), but when I compared the values of the created sessions I found out they are the same:

Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center
Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center


I'm not sure how, but it seems this can be fixed in some way since it is working fine in other browsers. I'd rather not just validate the IP address because validating them both adds a bit of extra security.

Any help will be greatly appreciated. :)

 

chrisranjana

10+ Year Member



 
Msg#: 4287714 posted 4:34 am on Mar 26, 2011 (gmt 0)

are you encoding the string and then setting the cookie ?

Mozilla/4.0 (compatible; MSIE 8.0; Windows NT 6.1; WOW64; Trident/4.0; SLCC2; .NET CLR 2.0.50727; .NET CLR 3.5.30729; .NET CLR 3.0.30729; Media Center
Matthew1980

WebmasterWorld Senior Member 5+ Year Member



 
Msg#: 4287714 posted 10:02 am on Mar 26, 2011 (gmt 0)

>>Found the issue...

That's good to know, that can catch people out, I used to forget that md5() and sha1() hash values were set lengths, and when creating the fields I used to specify varchar(30) forgetting that 40 would be better as the returned string from those functions was 32 chars long! Better to have plenty than not enough :)

Out of curiosity, what length did you have to set the field to in the end so that this handy little checker would work?

Cheers,
MRb

Sp4rkyM4rk



 
Msg#: 4287714 posted 1:40 am on Mar 27, 2011 (gmt 0)

The original data type was a 150 character VARCHAR field. Having created a test script:

<?php

echo $_SERVER['HTTP_USER_AGENT'];

?>


It seems I had information about InfoPath and other Microsoft Office software in the string. In the end a 255 character VARCHAR wasn't enough so I went for MEDIUMTEXT.

Global Options:
 top home search open messages active posts  
 

Home / Forums Index / Code, Content, and Presentation / PHP Server Side Scripting
rss feed

All trademarks and copyrights held by respective owners. Member comments are owned by the poster.
Home ¦ Free Tools ¦ Terms of Service ¦ Privacy Policy ¦ Report Problem ¦ About ¦ Library ¦ Newsletter
WebmasterWorld is a Developer Shed Community owned by Jim Boykin.
© Webmaster World 1996-2014 all rights reserved