Menu
▾
▴
#614 PHP session handling issues with HTTP/1.1
I was having problems with users getting the
"You must be logged in
to access this page." when cookies were properly enabled and the
server settings were correct. This occasionally happens in IE 5.0,
and always happens in Opera 6.01.
Cause: Race condition in
redirect.php. The cookies are being sent, and a Location: header is
being sent, but no html. The cookies may or may not be set before the
page from the Location: header is loaded. IE: 50/50, Opera: 95/5
fail/success. Therefore, the PHPSESSID cookie is missed, and the
resulting "not logged in" page is given.
Fix:
src/redirect.php
< header("Location: $redirect_url");
>
echo "<html><head><META HTTP-EQUIV=\&quot;Refresh\&quot; CONTENT=\&quot;0;
URL=$redirect_url\&quot;></head><body><a
href=$redirect_url>Enter</a></body></html>";
Why: Since
html is sent in this case, all header information has to be received
and processed before the html can be processed. The cookies are
registered before the jump to the new page. An attempt at a shortcut
with the Location: is what causes the race condition.
Logged In: YES
user_id=147248
OK, I see your point. Upping priority to be included in 1.2.6.
Logged In: YES
user_id=147248
How about if we send both? I have this faint recollection
that this used to fix things. E.g. we don't remove the
header("Location: $redirect_url"), but keep it and add the
HTML. Can you try it -- does opera still ignore the cookies
in this case?
Logged In: YES
user_id=506203
Tried sending both. Fails. I assume the Location: is processed, and the
rest ignored. As a warning, don't try to get fancy with HTTP_USER_AGENT
processing and looking for Opera. Opera can be configured to reply IE,
Netscape, or Opera which would defeat the purpose.
Logged In: YES
user_id=147248
I can't reproduce this. At all. Any browser -- Opera 6.01,
IE 5.5, IE 6.0. Any php version. Marking as "can't
reproduce". For s&g -- try turning off the plugins and see
if this makes any difference.
Logged In: YES
user_id=506203
Turning off all plugins and sending both fails.
Turning off all plugins
and sending Location: fails.
This is the same bug referenced in
417373, 466636, and 539168, so I know others can reproduce it.
Logged In: YES
user_id=537041
I just upgraded to 1.2.6 and am NOW getting this error with Opera when I
didn't in 1.2.5! It happens every time I try to send mail... mostly just
then. I implemented the "fix" and it isn't "fixed".
Logged In: NO
I wonder if this is related to what I see in
http://sourceforge.net/tracker/index.php?func=detail&aid=558721&group_id=311&atid=100311
(HTTP 1.1 causes log in failure)...
Logged In: YES
user_id=147248
It seems that this is in fact related to PHP issues with
HTTP-1.1. We are only reliant on PHP to provide us this
data, so we are quite helpless in this situation.
Logged In: YES
user_id=88377
I had the exact same symptons on Apache/1.3.24 &
PHP/4.2.1 but almost all the time with most browsers.
Adding the following to the Apache conf file for the webmail
entry solved my problem:
php_admin_flag session.auto_start on
Even without the patch suggested in the bugdescription it
seems to work.
Good luck,
Frederik.
Logged In: NO
I was having problems with PHP :
Warning: Failed opening '/mail1/functions/page_header.php'
for inclusion (include_path='.:/usr/local/lib/php') in
/var/www/htdocs/mail1/functions/display_messages.php on line 99
Good luck
iliyan
Logged In: NO
I have solved the problem for me.
I'm running an apache 2.0.39 PHP 4.2.2_dev and had this
problem with all HTTP 1.1 Browsers.
My fix looks as this:
--- src/login.php.orig Fri Jul 19 19:24:10 2002
+++ src/login.php Fri Jul 19 19:24:31 2002
@@ -83,6 +83,7 @@
$cookie_params['domain']);
setcookie('username', '', 0, $base_uri);
setcookie('key', '', 0, $base_uri);
+session_start();
header('Pragma: no-cache');
do_hook('login_cookie');
Don't ask why, but it works. At least for me. :))))
windseeker@gmx.net
Logged In: NO
The echo meta refresh solved my "must be logged in"
problem.
PHP 4.1.2 engine on IIS 5 (W2K)
Client - IE 6
Mail server - Exchange 5.5
Interestingly enough, I did not seem to have the problem
when my PHP engine resided on IIS in XP.
-Dave
Logged In: NO
The echo meta refresh solved my "must be logged in"
problem.
PHP 4.1.2 engine on IIS 5 (W2K)
Client - IE 6
Mail server - Exchange 5.5
Interestingly enough, I did not seem to have the problem
when my PHP engine resided on IIS in XP.
-Dave
Logged In: NO
Could someone post an updated redirect.php file
somewhere? I tried adding it in, but it's still not
working. Thank you!
Logged In: NO
@windseeker@gmx.net
thanx alot for your solution! it worked for me as well! :-)
i'm running apache 2.0.39 with php 4.2.2.
all the other fixes diden't worked for me (and i've tested them
all :-o) windseeker you did my day...!
but can anyone tell me the technical background of this fix...?
greetz
dts@gmx.ch
Logged In: NO
THANK YOU!!! This finally fixed my IIS5/W2K/IE6
problem!
-- Rodney Sizemore
RESA Academy
Logged In: NO
I've tried changing my redirect.php file to read just as
above but the problem persists on a Mac using Netscape under
OS9. I can log in to squirrel mail but as soon as I delete
and email I get the "you aren't logged in" error. Hitting the
back button will work to get me back to my mail info. BUT...
I have other users that may not be savvy enough to hit the
back button.
PHP and Squirrel mail are running under OSX 10.1.5
Do I have to recompile php or anything to get the change to
stick? I have rebooted already.
Jerry
jj@tgd.com
Logged In: NO
Did you try the change in login.php such as "Windseeker"
described ? It worked for me, but I'm not sure if it affects
anything else (such as safety).
/Magnus
Logged In: NO
Just a tad too fast....
It still doesn't work, regardless of different patches.
I still have to login twice.
/Magnus