All geek questions in one place

PHP session_regenerate_id and Blackberry browser

Hello,

I work on a login system and linger on authenticating Blackberry browsers. It seems they have a problem with PHP session_regenerate_id (), can anyone suggest an alternative? Here are the login and login scripts:

UPDATE It seems that sessions do not work at all. Selected session_regenerate_id () to see if it will work, and it just redirects me every time, as if $_SESSION['MD_SESS_ID'] were empty. In fact, all ideas would be appreciated. Cookies on the device are enabled using the Blackberry Bold 9650. It works on my iPod Touch and in every browser on my PC.

To come in

 <?php session_start(); include $_SERVER['DOCUMENT_ROOT'] . '/includes/pdo_conn.inc.php'; //Function to sanitize values received from the form. Prevents SQL injection function clean($str) { $str = @trim($str); if(get_magic_quotes_gpc()) { $str = stripslashes($str); } return $str; } $username = clean($_POST['username']); $password = clean($_POST['password']); if ($username != "" && $password != "") { $getUser = $db->prepare("SELECT id, username, password, salt FROM uc_dev WHERE username = ? LIMIT 1"); $getUser->execute(array($username)); $userDetails = $getUser->fetch(); $dbPW = $userDetails['password']; $dbSalt = $userDetails['salt']; $hashedPassword = hash('sha512', $dbSalt . $password); if ($hashedPassword == $dbPW) { //Login Successful session_regenerate_id(); $_SESSION['MD_SESS_ID'] = $userDetails['id']; header('Location: http://somewhere.com'); session_write_close(); } else { header('Location: http://www.somewhere.com'); exit(); } } else { header('Location: http://somewhere.com'); exit(); } ?>

Auth

 <?php //Start the session session_start(); //Verify that MEMBER ID session is present if(!isset($_SESSION['MD_SESS_ID']) || (trim($_SESSION['MD_SESS_ID']) == '')) { $_SESSION = array(); // Note: This will destroy the session, and not just the session data! if (ini_get("session.use_cookies")) { $params = session_get_cookie_params(); setcookie(session_name(), '', time() - 42000, $params["path"], $params["domain"], $params["secure"], $params["httponly"] ); } // Finally, destroy the session. session_destroy(); header("Location: http://somewhere.com"); exit(); } ?>
+4
source share
1 answer

Some time ago I was developing Blackberry and found out that the browser cannot handle multiple cookies with the same name. Not sure if they fixed it.

So, if you send the Set-Cookie header more than once (using setcookie , session_start or session_regenerate_id ) using the same name every time, this can cause problems.

You might want to track the cookies you need to print in an object or array and send them only to the browser at the very end of the request. That way, if you need to change your values ​​in the middle of the request, you can just overwrite the value of the array and not send another cookie header.

This page can also help - someone linked to it from the PHP session_regenerate_id page.

+2
source

Source: https://habr.com/ru/post/1334268/

More articles:


All Articles