2

Certain visitors are losing sessions when getting redirect to pages.

pages have session_start(); on them, I am using window.location.href to

redirect users after success from ajax response. while this is not

happening to me using Chrome or Android. but its happening to other devices

which I cant replicate but received complaints. is there a remedy for this? we are on HTTPS. we remove the .php using nginx.

JS Code:

$(function (){
    $(".my_button").click(function(e){
        $.post("/post", {id: 1,blah:1},
        function(data){
            if(data.success){
                window.location.href = data.next_page;
                //Example
                //window.location.href = "thankyou";
            }
        }, "json");

        return false;
    });
});

Next Pages:

<?php 
session_start();

$echo = "test";
?>

/post

<?php 
session_start();
$blah = $_POST['blah'];
if($blah == 1){
    $next_page = "thankyou";
}else if($blah == 2){
    $next_page = "back";
}

$response = array('success' => true,'next_page' => $next_page);
print json_encode($response);die();
?>

checker.php

<?php 
session_start();

if(!isset($_SESSION['my_id'])){
    header("Location: index.php");
    exit;
}
?>
Boy
  • 582
  • 1
  • 5
  • 22
  • https://stackoverflow.com/a/17242347/4925008 check this answer it might help you – Dinosan0908 Aug 24 '18 at 11:54
  • There is no way to know from your question without any examples. Double check and make 100% sure that everywhere sessions should be used that you do infact declare `session_start();` and that the relevant session variables are declared and in use. – Martin Aug 24 '18 at 11:55
  • Why would you ever redirect anyone after ajax (unless the ajax is to determine where to redirect to)` – mplungjan Aug 24 '18 at 11:55
  • @Dinosan0908 thats a php redirect issue, im using window.location.href to redirect. – Boy Aug 24 '18 at 11:55
  • @mplungjan because when user clicks a button, sends the selection through ajax post. gets what page to go to next. – Boy Aug 24 '18 at 11:56
  • Are you sure it's only after window.location.href? I doubt that'd have an influence. Sounds like a possible cookie issue. – Devon Bessemer Aug 24 '18 at 11:56
  • people are going back to index page, since the session is dead. I placed a checker if session is alive if not go to index. – Boy Aug 24 '18 at 11:57
  • Follow the steps that the thread mentions in @Dinosan0908's link. You are 100% making some sort of error in that regard. – Martin Aug 24 '18 at 11:59
  • @Martin those are php redirects. I updated my post with basic sample. – Boy Aug 24 '18 at 12:06
  • What does `/post` look like? Any session manipulating/killing happening in there? Also, please show us the `checker if session is alive if not go to index` code. – waterloomatt Aug 24 '18 at 12:09
  • It doesn't matter what kind of redirect it is @Boy (PHP or JS) the same issues could apply considering the main root of the issue is the session, which is addressed in both cases. – Martin Aug 24 '18 at 12:13
  • Updated the display code – Boy Aug 24 '18 at 12:15
  • You need to clarify "Certain visitors" (browser,OS etc.) , and what the value of "data.next_page" contains. Please specify if you're using HTTP or HTTPS . – Jamie_D Aug 24 '18 at 12:25
  • @Boy are you sure if the domain is not changed? www and non-www may be easily overlooked or as *Jamie_D* suggested if the protocol was not changed? – Tunker Aug 24 '18 at 12:25
  • @Tunker is correct. Flip flopping between protocols is a very common way to lose session varables – Jamie_D Aug 24 '18 at 12:27
  • One _possible_ logic flaw in `/post`. What happens if `$blah` is neither _1_ nor _2_? Try setting a default value and then change it based on the user's selection. – waterloomatt Aug 24 '18 at 12:37
  • just redirecting via https, our domain is only https. – Boy Aug 24 '18 at 12:37
  • Please show us _all the relevant_ code. We can't help you until we see eveything. For example, what is `id` and why are you passing it through to `/post`? Is it being used to set the session key `my_id`? You're hardcoding here in your example but I doubt your live application looks like that. Is it possible the user can submit a partially completed form? – waterloomatt Aug 24 '18 at 12:50
  • my code is very long. but thats the very gist of it. thats what related to the redirect and the sessions. and how i redirect. – Boy Aug 24 '18 at 12:59
  • I still very strongly suggest you do NOT use AJAX if all it does is tell you where to go next. Submit the form and the /post can di a header redirect – mplungjan Aug 27 '18 at 05:50

0 Answers0