Notify: Now running on PHP sessions instead of cookies

Switched session model to use PHP sessions instead of browser cookies. This is faster, less data transfer back and forth every transaction, more secure, and allows for more storage in the session.

For instance, we can now keep a dictionary of logged into groups in the session for single identity browsing. That would have gotten too big for the cookie and would have been transferred both directions in the cookie for every request to the server, even for images.

This way only a session hash key is stored in the cookie.

You may have noticed a blip, maybe even had to log back in. Or maybe not. All should be good now.

Comments


Si says
name 2015-12-31 14:18:43 [item 19463#40173]
Can't sign in from guest to mark@mark
nathan 2015-12-31 14:19:47 [item 19463#40174]
I have been signing in and out everywhere with no trouble. Humm….
In what way can you not sign in? Could it just be that you are not using your root password? That is a root author.

Si says
name 2015-12-31 14:20:39 [item 19463#40175]
got errors clearing 30+ news thingies
Warning: date() expects parameter 2 to be long, string given in /home/fastblog/public_html/common-functions.php on line 75

Warning: array_merge() [function.array-merge]: Argument #1 is not an array in /home/fastblog/public_html/common-functions.php on line 82

Warning: array_merge() [function.array-merge]: Argument #2 is not an array in /home/fastblog/public_html/common-functions.php on line 82

Warning: Cannot modify header information - headers already sent by (output started at /home/fastblog/public_html/common-functions.php:75) in /home/fastblog/public_html/common-functions.php on line 89

Warning: Cannot modify header information - headers already sent by (output started at /home/fastblog/public_html/common-functions.php:75) in /home/fastblog/public_html/common-functions.php on line 87
Okay. Good cllues there.  
 

Si says
name 2015-12-31 14:25:19 [item 19463#40178]
the dialogue box waited forever almost then I hit the home button & i was in. Then I hit the news or some other one as mark@mark & it knocked me right back into guest.
Okay. So far I can’t repo in chrome or FF logging in or out or anything and all the data looks good my side.
Try clearing your browser cookies. Shouldn’t matter, but worth a try.

Seth says
I got many of these errors too. then somhow my firefox browser got corrupted by some link gremlin.

Si says
Okay. I can’t find any problems in any browser but obviously there is something so I set it back until I can figure it out.

Seth says
i got this error on denise’s PC …

Si says
That does seem to be the problem area. I removed that line for now until it makes sense.

Seth says
starting shipping day … will check back later

Seth says
seth 2015-12-31 15:09:52 [item 19463#40184]
now why all the browsers on my desktop computer got suddenly corrupted is another matter.  happened somehow when you switched over.    my laptop is not corrupted.
nathan@fbi 2015-12-31 15:11:28 [item 19463#40185]
What do you mean by corrupted? All I did was not send the cookie and instead used PHP sessions to track the identity info. I am sending the cookie again now.
some gremlin puts hyperlinks on lucrative text and if you click it,  then some  site opens in another tab.  i’ve had this infection before but never on all browsers at the same time.   never did figure out how to eradicate it.  any suggestions welcome … my desktop is useless untill i can get it off.   this happened once when i was using floodleland … may or may not be even related to anything comming from our server.

Si says
I was just reading up on it. Apparently there are a few types of browser malware that can hijack a PHP session if the browser is infected. Looking for solutions. Both you and Mark must be infected.

Si says
I am working on a Mac that was installed fresh with El Capitan 4 days ago and all new browser installs … so I guess it’s no wonder I am seeing nothing unusual of any kind.  

Si says
seth@fbi 2015-12-31 15:41:34 [item 19463#40189]
i am on denise’s pc in firefox … so far so good.  

incidentally it happened at speaktomecatalog.com also … and even at robustai.net which does not use php at all.
nathan@fbi 2015-12-31 15:43:42 [item 19463#40190]
Yea. Something really odd. But it looks like your browsers had to have had the virus code already if that’s it. The session just gave them a path to follow. Still working on it. Trying to see if there much be server side code that cooperates with the virus that snuck into your PHP code somewhere a long time ago.
seth@fbi 2015-12-31 15:51:59 [item 19463#40192]
may be … i think my chrome and my safari were infected a long time ago when we were working at floodleland … but i could still use firefox with no problem.  so i just avoided chrome and safari … then somehow just this afternoon about the time you switched to sessions … i got the php warning errorss and then started noticing websites opening up in other tabs and that some text was hyprlinked on our pages that should not have been.   somehow my laptop is clean … always has been.
Yea. Makes sense. Viruses can’t just jump onto browsers. They have to have been in code that was run externally at some point and were just waiting for an opportunity. Laptop is probably just clean, like my laptop here which is a brand new install. 

Si says
mark 2015-12-31 16:26:14 [item 19463#40194]
Seems to be working.  Lets see if this posts.thumbs up
mark 2015-12-31 16:26:26 [item 19463#40195]
like
mark@fbi 2015-12-31 16:28:08 [item 19463#40196]
Question is it now running with cookies or ??? 
Yes. You guys are back on cookies for now. I am running on a session to see if I can figure it out.

Si says
mark 2015-12-31 16:26:14 [item 19463#40194]
Seems to be working.  Lets see if this posts.thumbs up
mark 2015-12-31 16:26:26 [item 19463#40195]
like
mark@fbi 2015-12-31 16:28:08 [item 19463#40196]
Question is it now running with cookies or ??? 
choy 2015-12-31 16:42:15 [item 19463#40198]
I have it running on 3 browsers IE, FF, CHrome. thumbs up
nathan@fbi 2015-12-31 16:44:27 [item 19463#40199]
Did you see anything except the errors and not able to log in?
Seth seems to have activated an old browser hijack virus … but the leads on that are dyeing out.
choy 2015-12-31 16:46:30 [item 19463#40200]
… nothing – no clues to a virus .  I use Webroot & M$ Windows 10 firewall etc.
like