Lost session variables using 3G dongle

Question

I have a huge problem with session_vars and mobile 3g connections.

We have a virtual campus that is accessed with username and password. On every page verifies that the user is logged with the following code:

<?PHP session_start();

//Avoid not logged users
if ($_SESSION['auth']!=true)
{
    session_unset();
    header('Location:index.php'); // login page
    exit;
}

When a user tries to download a file and uses a 3G connection, sometimes loses its session variable that identifies who is logged in, and send the user to the login page.

We have tried and fail to reproduce the error. We assume that may depend on the conditions of the 3G connection.

All users who use a dongle 3g fails with a laptop.

Bellow the html download link code:

<a onclick="window.location.href='download_file.php?id=48558&amp;id_aula=A1188788&amp;p=5'" title="download 21115400_cat.pdf" class="Arial11BlueBold ManoSola">Download</a>

And the download_file.php:

<?PHP session_start();

//Avoid not logged users
if ($_SESSION['auth']!=true)
{
    session_unset();
    header('Location:index.php');
    exit;
}

...

Thanks!

score 0 · Answer 1 · answered Jun 13 '12 at 09:01

0

Is your application checking the IP address or any other variable besides simple sessions? I can't say for certain but it's very possible the users IP address is changing as they browse, mobile internet providers make heavy use of proxies and other such technology..

answered Jun 13 '12 at 09:01

Dan Smith

5,685
32
33

My IP on my iPhone changes every request on 3G. – Sherlock Jun 13 '12 at 09:21
Thank you! Yes, it probably will be some problem with 3g network. – Julio Romero Jun 13 '12 at 10:15

score 0 · Answer 2 · edited May 23 '17 at 11:55

0

My guess is that your probmel is not the download procedure, but the way your users are identified by your sessions, that is cookies. You need to investigate why are your users loosing their session cookies, which results in automatic disconnection. Maybe your 3g provider caches connections or has a proxy in front of the users? Another possibility is that your session somehow is bound to the client's IP address, which could change during an unstable 3g connection.

Look at this: iPhone cookie/caching issue on 3G, fine over wifi

edited May 23 '17 at 11:55

Community

1
1

answered Jun 13 '12 at 09:01

Palantir

23,820
10
76
86

Thank you! Some weeks ago we installed [suhosin](http://www.hardened-php.net/suhosin/), maybe there is a IP binding problem. We read something about scripting cookies using suhosin. – Julio Romero Jun 13 '12 at 10:18

score 0 · Accepted Answer · answered Jan 22 '14 at 09:11

Suhosin encrypts the session and it seems that something does change the cookie and the session. We have disabled encryption in php.ini.

[suhosin] suhosin.session.encrypt=Off
[suhosin] suhosin.cookie.encrypt=Off

We also use the Ajax Agent library, this library reloads the page and some session variables are lost. We replaced the Ajax Agent for Ajax call.

Lost session variables using 3G dongle

3 Answers3