tags:

views:

56

answers:

1
+1  Q: 

PHP switching tabs in browsers causes session not work and must relogin

Hello,

I have a password protected area of a site that I use Sessions to allow the user to move from page to page of the protected area. However if I open new tab YET keep the other tab open (the one in the protected area) and then do somethings in the new tab and switch back then to the old tab I am forced to re login. I have tried setting the expiration date to twenty minutes between sessions but I am having no luck. Any ideas?

// set expiration time of 20 mins
session_cache_expire (20);
$cache_expire = session_cache_expire();
+1  A: 

Is the protected area a subdirectory of the url you're loading in the other tab? This can cause cookies to get screwed up, because the first cookie can be set for a more specific path than the url of the second page, so a new session is started.

This guy does a better job of explaining it:

http://www.php.net/manual/en/function.session-start.php#91298

If two different files don't access the same session, it can only mean one thing: they aren't on the same directory level. Examples: a) One is under https, and one is under http. (very common and annoying error) b) One is under /, another is under /dir1, and /dir1 was first to run. The cookie created by the session is for /dir1 and deeper only, so the other script can't read it; it sees no session so it starts a new one.

Solutions:

1) Session start should always happen at root dir. If one of your scripts discovers user is not logged in, for example, use session_destroy() and send him to the login in the root dir. Scripts that use session without requiring login needs more creative solutions, like redirecting to the root dir, setting the session, and redirecting back.

2) Use SID from page to page, instead of cookies. The upside is that this also works with http/https. The downside is very ugly URL codes and more difficult maintainability ('which pages links to gallery.php without using SID?!').

no  2010-07-06 18:06:40
The session is set in a subfolder. I will try and redirect to the root and then back to see if that fixes it?
digitalbart  2010-07-06 18:18:25
So if a user loads example.com/subdir first, a call to session_start() will set the session for ONLY that subdir? That seems like a bad default. Is there a way to turn that off?
dimo414  2010-07-06 20:58:01

related questions

Make Browser Window Blink in Task Bar
Large File Download
Browser's Default CSS
Disable browser 'Save Password' functionality
What's the simplest way to decremement a date in Javascript by 1 day?
Browser scrollbar
Limitations of screen readers.
Version detection with Silverlight
Best way to fix CSS/JS drop-down problem in IE7 when page includes Google Map
Recommendations for browser add-on tools to help with development
Hyperlinks displaced on IE7
Building Standalone Applications in JavaScript
HTML differences between browsers
Browser Sync accross many machines
Getting selected text in a browser, cross-platform.
How to get PNG transparency working in browsers that don't natively support it?
Best WYSIWYG CSS editor?
Javascript events
Preferred way to use favicons?
IE6: To support or not to support.
Getting the text from a drop-down box
Other browsers
Drag and Drop to a hosted Browser control
How can I tell if a web client is blocking ads?
How can I determine a web user's time zone?