Firefox 26 on Windows 7 SP1 doesn't reset codeigniter session cookies - windows

When a user logs into our site, a cookie gets set like so:
$this->input->set_cookie(self::AUTH_COOKIE, 'v1='.$var1.'&v2='.$var2, '1814400', ".oursite.com", "/", "", FALSE);
When they log out, the cookie is 'unset' like so:
----- UPDATED -----
$carray = array(
'name' => self::AUTH_COOKIE,
'value' => null,
'expire' => time() - 86500,
'domain' => '.oursite.com',
'path' => '/',
'prefix' => '',
'secure' => FALSE
);
$this->input->set_cookie($carray);
delete_cookie(self::AUTH_COOKIE, ".oursite.com", "/", "");
----- END UPDATE -----
This works fine on most browser/platform combinations, but in Firefox 26 on Windows 7 SP1, the cookie never gets updated. It retains the data that was set when it was created. Any idea why this approach would not work in Firefox on Windows?
*----- Additional update - this no longer works on Firefox on my Mac and also fails on Internet Explorer. Haven't tested Safari or Chrome.

cfr. http://ellislab.com/codeigniter/user-guide/libraries/input.html:
To delete a cookie set it with the expiration blank.
For site-wide cookies regardless of how your site is requested, add your URL to the domain starting with a period, like this: .your-domain.com
the dot "." is missing in front of oursite.com:
.oursite.com
I think this last thing might be causing it.
If all else fails try with native PHP cookies to see whether that works.

I finally solved this with a potentially 3-part solution. Honestly I do not know whether steps 1 & 2 are necessary as they did not work on their own, but I do not wish to mess with my code now that it seems to be working.
I changed the expire value of the cookie array to null.
I unset a second cookie called sap_r that was set if the user had clicked 'Remember Me' when logging in.
My original code contained an ajax call immediately after setting the cookie values to null. I switched the order so that the ajax is called first and then the cookies are 'unset'.
I tested after each of these and it was after this final step that the cookies were successfully removed. So - I do not know if some combination of the three solved it or only the last one. If I get a chance to test further, I will comment here.

Related

How to increase CakePHP Debugger maximum depth

I'm trying to debug my program by logging information from an ajax call. This is something that doesn't render a view, just runs asynchronously. The log will only display arrays to a depth of 3, and the documentation doesn't seem to have any notion that someone might want more information than that.
Please, how do I increase this depth so I can have access to this information without finding weird ways to render my ajax call? Or, if doing this isn't the "Cake" way, is there a better way to output info to a log or console for debugging?
I think this is not the case of CakePHP but an issue with XDebug or PHP configuration itself. You can try to add this line to your php.ini
xdebug.var_display_max_depth = 5
It works if you debug with var_dump(). You should write how do you try to debug, bacause different methods depends on different mechanisms.
If it doesn't work you can try to make the Cake to display original PHP error messages instead of its own error handler messages. In your core.php find code like this:
Configure::write('Error', array(
'handler' => 'displayErrorWithoutCrap',
'level' => E_ALL & ~E_DEPRECATED,
'trace' => true
));
And change it into this:
Configure::write('Error', array(
//'handler' => 'ErrorHandler::handleError',
'handler' => 'displayErrorWithoutCrap',
'level' => E_ALL & ~E_DEPRECATED,
'trace' => true
));
and add this line at the end of bootstrap.php :
function displayErrorWithoutCrap() {
return false;
}
I ended up submitting a ticket to the Git project for CakePHP and it was confirmed that the debug depth for arrays is hard-coded for log files. The response indicated that it would be considered for a change in the next version.
I ended up finding the number in the Debug class and changed it to a larger number which gave me more depth. Not the best fix, but it works for now until support is added to the next version.

Meteor: unreliable session variable?

I'm making a service where there are no user accounts, and I want to restrict by what page I'm visiting.
So each page is a "box", and on each "box" I have a bunch of "files".
I've published the relevant info in server/publications.coffee
Meteor.publish 'files', (boxId)->
console.log boxId
return Files.find({boxId:boxId})
My file for 'box' has a subscription handle:
#filesHandle = Meteor.subscribe 'files', Session.get('currentBoxId')
And the currentBoxId is stored in the session variable.
Here's the crazy part: I expect this to work, and it does on the first time I start the server. The console.log in the first bit of code prints the proper ID. Then, all of a sudden the console log suddenly starts returning "null", even when I console.log the session var in the browser console, it returns correctly.
I feel like there's some kind of loading asynchrony issue here, but I have no idea what's going on.
Any clues?
Ah, figured it out. The template can be rendered before the session variable is set, apparently. Usually you put your collection handles in the main.js file in the application scope, but this doesn't work if the subscription depends on session variables.
I did the following:
Template.boxPage.created = ()->
#filesHandle = Meteor.subscribe 'files', Session.get('currentBoxId')

Facebook ajax losing session

I'm trying to develop a Facebook app but am hitting a problem with session variables.
I call a script via ajax which sets a session variable.
Later, I call a script via ajax which retrieves the previously set session variable, but the variable is empty.
The first script called when the app loads in index.php.
I have the following at the top
<?php
session_start();
//Get PHP SDK
require_once 'facebook-php-sdk/src/facebook.php';
// Create our Application instance.
$facebook = new Facebook( array('appId' => 'xxxxxxxxxxxxxxx',
'secret' => 'xxxxxxxxxxxxxxxxxxxxxxxxxxxxxxxx', 'cookie' => true, ));
$signed_request = $facebook -> getSignedRequest();
$like_status = $signed_request["page"]["liked"];
?>
The first script called via ajax sets the session variable like this:
$numbers = range(1, 52);
shuffle($numbers);
$_SESSION['cards'] = serialize($numbers);
The second script (which is called about 10 seconds later,so I don't think it will be a race problem) looks like this:
$numbers = unserialize($_SESSION['cards']);
The variable $numbers is empty even though no other script has emptied $_SESSION['cards'].
Should this work or am I doing it wrong? I'm very new to ajax.
I've read there can be problems with ajax calls in an iframe which is the way the facebook app is set up but I haven't managed to find a resolution.
Anyone know how to fix this?
you must call session_start() on both index.php and ajax script to share same session

How to extend express.js session

How can I make sure a session for a client on my express.js app lasts longer than a few hours? I don't want them to log in anew every time they visit my site.
I tried to fiddle with the expires option on the express.session method, but that doesn't seem to have any effect.
You can use req.session.cookie.expires = aSpecificDateAndTime; or req.session.cookie.maxAge = aNumberOfMilliseconds;. Both are equivalent, according to the docs.
Forgot to mention, you can also set these options when setting the middleware (i.e. express.session({secret: "whatever", cookie: {maxAge: 60000}});
cookie: {
path: '/'
,expires: false
,httpOnly: true
,domain:'.example.com'
}
Above setting gives you to have session alive until browser closes.
Available among all pages ( path set to root ).

Set Rack session cookie expiration programmatically

I'm using Rack to try to implement "Remember Me" functionality in my Sinatra app.
I'm able to set the session cookie to expire when the session ends or in X seconds time but I'd like to do both.
For example, if a user has clicked "remember me" then I wish for their session to end after X seconds. Eg, my app.rb has a line that looks like this:
use Rack::Session::Cookie, :expire_after => 2592000, #30 days in seconds
:secret => MY_SECRET
I've tried to do the following when the user logs in:
if (!remember_me)
env['rack.session.options'][:expire_after] = nil
end
However, this does not set the cookie value.
How to set this?
I was trying to do the exact same thing and I figured out what the problem for me was. The session cookie gets set on every request if you have an expire_after time set. So when you say if (!remember_me), for that request the cookie's expire time gets set to nil. However, on the very next request, the session cookie is reinitialized with an expire time of 2592000. It seems the fix is to not set a default expire_after time and instead say:
# don't set default expire time
use Rack::Session::Cookie, :secret => MY_SECRET
if(remember_me)
env['rack.session.options'][:expire_after] = 2592000
end
I have unfortunately not figured out how to have a default expire_after time and to permanently extend that time programatically.
This probably has to be done before the session is loaded.
See Rack::Session::Cookie#load_session and Rack::Session::Cookie#commit_session
Chris' answer actually didn't work for me. I found that I had to make sure that I included the original session 'options' with the new 'expire_after' value, so instead of:
env['rack.session.options'][:expire_after] = 2592000
I would use:
env['rack.session.options'].merge! expire_after: 2592000
and be sure to put the use Rack::Session::Cookie statement (without an expire_after setting) in you configure block, if you are using Sinatra.
This did the trick.

Resources