SitePoint Sponsor

User Tag List

Results 1 to 4 of 4
  1. #1
    SitePoint Member
    Join Date
    Sep 2002
    Location
    Earth
    Posts
    9
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Gracefully handling exiting visitors with sessions

    Here is the situation:
    Site my.example.com is a secured website used for communication between Company Example and its Sales Representatives. The only way to gain access to my.example.com is via username/password authentication. The users, permissions and PHP sessions all work well, however there is a problem.
    Consider this example: Sales Rep Aliana logs in, browses the site a while and downloads documents she needs. Next, instead of clicking the logout button, she visits some external site (let's make it news.google.com). After she reads her news, she suddenly remembers something she needed to do at my.example.com. Clicking her bookmark for the site, she is whisked back only to be greeted by a nebulous PHP error (which she doesn't understand) and the site does not display. In fact, nothing she does makes the site display.
    If you are following along, perhaps you already understand what is happening. It appears that once a user leaves me.example.com, without first clicking logout, the session is left in a half-open state (the best term I can think for it). Now the above description with Aliana only occurs after some time passes (figuring the session likely expired), however the following also invokes the error:
    • Closing the browser without logging out
    • Visiting external sites, letting time pass and using the back button to return to my.example.com

    Currently I am doing the following to alleviate the error:
    PHP Code:
    if(!isset($_SERVER['HTTP_REFERER']) && isset($_SESSION['UserProfile'])){
        
    //Visitor is not coming from within the Site
        
    session_destroy();
        
    sleep(1);
        
    header("Location: http://my.example.com");
      } 
    This check solves the error, but doesn't seem to be the most graceful. My question then, what is everyone else doing under like circumstances?

    For the curious, my PHP setup:
    • Server side sessions (no browser cookies by CIO edict)
    • Transparent SID used
    • Apache on LInux (if that makes a difference)
    • Default PHP session handler

  2. #2
    pie??? PIE!!!! rsdl's Avatar
    Join Date
    May 2001
    Location
    Vancouver, BC Canada
    Posts
    502
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    use cookies instead of sessions.

  3. #3
    Put your best practices away. The New Guy's Avatar
    Join Date
    Sep 2002
    Location
    Canada
    Posts
    2,087
    Mentioned
    1 Post(s)
    Tagged
    1 Thread(s)
    To rsdl: "no browser cookies by CIO edict" - Tzicha

    Thats an odd problem. I would suggest creating a very basic session script just to see how they react to the same conditions.
    "A nerd who gets contacts
    and a trendy hair cut is still a nerd"

    - Stephen Colbert on Apple Users

  4. #4
    SitePoint Member
    Join Date
    Sep 2002
    Location
    Earth
    Posts
    9
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Isn't this the way it is. After typing me message and submitting, the possible reason for this oddity came to me. The bulk of the site uses object-oriented code. The PHP error message that is produced by the above comditions essentially says 'Hey bum developer! You forgot to include the file with the class definition before using an instance of it.' That typical problem that occurs with Session stored object instances.... I will investigate that and see what I did/forgot. Thanks for reading. If that is what happened, I'll post it here for those who may search this subject in the future.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •