RE: [PHP] Authentification related to browser window
Hi Cristi, I think you must know and understand how the session works in PHP. Please Read. http://in2.php.net/session Some things to note on that page session.use_cookies session.use_trans_sid Zareef Ahmed -Original Message- From: Cristi Barladeanu [mailto:[EMAIL PROTECTED] Sent: Thursday, November 04, 2004 3:56 AM To: [EMAIL PROTECTED] Subject: Re: [PHP] Authentification related to browser window Thank you all for the answers. As I thought, Skippy is right. It is the only solution for independent windows, but still no idea about opening new tabs in same browser. It is at least a good starting point. I'll search the docs and the web for this. Your help (useful links maybe?) is welcome. Cheers, Cristi On Wed, 3 Nov 2004 12:09:32 +0200, Skippy <[EMAIL PROTECTED]> wrote: > Quoting Cristi Barladeanu <[EMAIL PROTECTED]>: > > My problem is pretty simple. User enters the site, logins, and after > > that he hits ctrl+n or something, to open a new window from same > > browser. Can I make him to login again in the new window but to keep > > him logged in the old one? Now i'm using sessions, but i realise > > that the cookies set by them are related to browser, so every window > > use them. > > You'll need to use URL session id's. I seem to recall that PHP > sessions can be configured to use only them and never cookies. This > way, the session id is passed as a GET parameter to every page you go > to on your site. A new browser window won't have the id by default (if > you go to the homepage) but it will if you do "open this link in a new > tab" or "new window". > > Session id's in the URL have a lot of downsides to them. First of all, > you have to propagate them by hand. ALL links on your site must be > careful to include them as GET parameters, and all POST forms must > include them too. It's gets tedious very fast, and is error prone. > > Plus, it doesn't solve your problem 100%, as you can see above. If the > new window is derived from an existing link they'll still seem already > logged on. > > Finally, there are horrible security issues with URL sid's. The user > may chose to save an URL containing a sid to his bookmarks, where they > can be seen by someone else. They may send the URL (with the sid > included) to a friend who may pass it on to others. The URL also gets > passed to other sites in the Referer HTTP header. Finally, as long as > they have JavaScript active in the browser, any site can check their > recent browsing history and pick up the sid from there. > > -- > Romanian Web Developers - http://ROWD.ORG > -- Zareef Ahmed :: A PHP develoepr in Delhi ( India ) Homepage :: http://www.zasaifi.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Authentification related to browser window
Thank you all for the answers. As I thought, Skippy is right. It is the only solution for independent windows, but still no idea about opening new tabs in same browser. It is at least a good starting point. I'll search the docs and the web for this. Your help (useful links maybe?) is welcome. Cheers, Cristi On Wed, 3 Nov 2004 12:09:32 +0200, Skippy <[EMAIL PROTECTED]> wrote: > Quoting Cristi Barladeanu <[EMAIL PROTECTED]>: > > My problem is pretty simple. User enters the site, logins, and after > > that he hits ctrl+n or something, to open a new window from same > > browser. Can I make him to login again in the new window but to keep > > him logged in the old one? > > Now i'm using sessions, but i realise that the cookies set by them are > > related to browser, so every window use them. > > You'll need to use URL session id's. I seem to recall that PHP sessions > can be configured to use only them and never cookies. This way, the session > id is passed as a GET parameter to every page you go to on your site. A > new browser window won't have the id by default (if you go to the homepage) > but it will if you do "open this link in a new tab" or "new window". > > Session id's in the URL have a lot of downsides to them. First of all, > you have to propagate them by hand. ALL links on your site must be careful > to include them as GET parameters, and all POST forms must include them > too. It's gets tedious very fast, and is error prone. > > Plus, it doesn't solve your problem 100%, as you can see above. If the > new window is derived from an existing link they'll still seem already > logged on. > > Finally, there are horrible security issues with URL sid's. The user > may chose to save an URL containing a sid to his bookmarks, where they > can be seen by someone else. They may send the URL (with the sid included) > to a friend who may pass it on to others. The URL also gets passed to > other sites in the Referer HTTP header. Finally, as long as they have > JavaScript active in the browser, any site can check their recent > browsing history and pick up the sid from there. > > -- > Romanian Web Developers - http://ROWD.ORG > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Authentification related to browser window
Quoting Cristi Barladeanu <[EMAIL PROTECTED]>: > My problem is pretty simple. User enters the site, logins, and after > that he hits ctrl+n or something, to open a new window from same > browser. Can I make him to login again in the new window but to keep > him logged in the old one? > Now i'm using sessions, but i realise that the cookies set by them are > related to browser, so every window use them. You'll need to use URL session id's. I seem to recall that PHP sessions can be configured to use only them and never cookies. This way, the session id is passed as a GET parameter to every page you go to on your site. A new browser window won't have the id by default (if you go to the homepage) but it will if you do "open this link in a new tab" or "new window". Session id's in the URL have a lot of downsides to them. First of all, you have to propagate them by hand. ALL links on your site must be careful to include them as GET parameters, and all POST forms must include them too. It's gets tedious very fast, and is error prone. Plus, it doesn't solve your problem 100%, as you can see above. If the new window is derived from an existing link they'll still seem already logged on. Finally, there are horrible security issues with URL sid's. The user may chose to save an URL containing a sid to his bookmarks, where they can be seen by someone else. They may send the URL (with the sid included) to a friend who may pass it on to others. The URL also gets passed to other sites in the Referer HTTP header. Finally, as long as they have JavaScript active in the browser, any site can check their recent browsing history and pick up the sid from there. -- Romanian Web Developers - http://ROWD.ORG -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Authentification related to browser window
Quoting Cristi Barladeanu <[EMAIL PROTECTED]>: > Greetings > > My problem is pretty simple. User enters the site, logins, and after > that he hits ctrl+n or something, to open a new window from same PHP can not track the events at the client side. I think it is not possible , But you may try the combination of javascript and php to do so Following function may be usefull session_regenerate_id(); See the manual for it. Zareef ahmed > browser. Can I make him to login again in the new window but to keep > him logged in the old one? > > Now i'm using sessions, but i realise that the cookies set by them are > related to browser, so every window use them. > > I hope you will understand what i mean. > > Cheers, > Cristi > > -- > PHP General Mailing List (http://www.php.net/) > To unsubscribe, visit: http://www.php.net/unsub.php > > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Zareef Ahmed :: A PHP develoepr in Delhi ( India ) Homepage :: http://www.zasaifi.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Authentification related to browser window
To answer the original question - no it's not possible. It would need support in the browser. Sorry, I thought you were talking about HTTP authentification. With session you can pass session identifier in URL only, and disable the use of cookies. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Authentification related to browser window
Vail, Warren wrote: I'm not sure which session parameter controls it, but my sites are setup so that opening a new browser window will start a new session, and if your pages require something in the session saying the user is logged on, he will be forced to logon in the new session, since the variable will not be there. I believe the parameter is the same one that tells it to terminate a session when closing the browser. To make this work, EVERY single page looks for this special session variable, and if not found in the session array it redirects the visitor to the signon page. This means that if his session times out, he will also be sent to the signon page, next time he tries to change pages. With two separate session id's, one for each browser instance, the two browsers operate pretty much independently, each using their own session data. Can you post some code? To the best of my knowledge it is not possible to differentiate between browser windows. If new window is opened, it is still the same browser for the server, the original session is restored and your special session variable will be there. To answer the original question - no it's not possible. It would need support in the browser. Marek -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Authentification related to browser window
See from my point of view,
You made one file as first.php as alogin page and then in second.php check that
the user is authorised or not. and set the value as $_session['user']
And one more file as check.php in which you check that session is set or not.
like (isset($_SESSION['user]) if it not true then redirect the page to first.php
as header("firs.php").
And now add this check.php in all the page as a include file at the starting of
your page. So it will check the session first of all then it will go to next page.
Thnx..
Ankur Dave
PHP Developer,INDIA
Quoting Cristi Barladeanu <[EMAIL PROTECTED]>:
> Greetings
>
> My problem is pretty simple. User enters the site, logins, and after
> that he hits ctrl+n or something, to open a new window from same
> browser. Can I make him to login again in the new window but to keep
> him logged in the old one?
>
> Now i'm using sessions, but i realise that the cookies set by them are
> related to browser, so every window use them.
>
> I hope you will understand what i mean.
>
> Cheers,
> Cristi
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Authentification related to browser window
I'm not sure which session parameter controls it, but my sites are setup so that opening a new browser window will start a new session, and if your pages require something in the session saying the user is logged on, he will be forced to logon in the new session, since the variable will not be there. I believe the parameter is the same one that tells it to terminate a session when closing the browser. To make this work, EVERY single page looks for this special session variable, and if not found in the session array it redirects the visitor to the signon page. This means that if his session times out, he will also be sent to the signon page, next time he tries to change pages. With two separate session id's, one for each browser instance, the two browsers operate pretty much independently, each using their own session data. Warren Vail -Original Message- From: Cristi Barladeanu [mailto:[EMAIL PROTECTED] Sent: Tuesday, November 02, 2004 2:08 PM To: [EMAIL PROTECTED] Subject: [PHP] Authentification related to browser window Greetings My problem is pretty simple. User enters the site, logins, and after that he hits ctrl+n or something, to open a new window from same browser. Can I make him to login again in the new window but to keep him logged in the old one? Now i'm using sessions, but i realise that the cookies set by them are related to browser, so every window use them. I hope you will understand what i mean. Cheers, Cristi -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
