sessions and redirecting in opera

On Fri, 10 Aug 2007 20:32:45 +0200, Michael Fesser <netizen@gmx.de> wrote:

> .oO(amygdala)
>
>> Exactly. To top it off, I implemented this because I assumed that by not
>> doing so, Opera's session might not be commited before the redirect.
>
> Are you sure you really understood how sessions work? The browser's
> only task is to keep the session ID, that's it. The handling of the
> session itself - open, read, write, close - is done on the server.
> Sessions are browser-independent, there's nothing to commit.

Are you sure you understood how redirecting and sessions works? A script
that has sent a header redirect _can_ continue on and one, doing heavy
work that lasts for an x amount of time. The session will only be closed
automatically when the script ends. If the user is allready requesting the
following page it might slow him down considerably, as the session data
isn't made available untill the end of that renegade script...

So, if a session is no longer needed, it's a wise idea to close is, just
not very necessary in your normal garden variety of PHP scripts.

--
Rik Wasmus

"Rik" <luiheidsgoeroe@hotmail.com> schreef in bericht
news:op.twuwcnszqnv3q9@metallium...
On Fri, 10 Aug 2007 20:07:03 +0200, amygdala <noreply@noreply.com> wrote:

> First off: sorry about the empty posts people. I pushed accidentally
> pushed
> the send button (twice :-S ).
>
> "amygdala" <noreply@noreply.com> schreef in bericht
> news:46bc9d79$0$25487$9a622dc7@news.kpnplanet.nl.. .
>>
>
> <snip (very useful info nonetheless :-) >
>
>> $target = 'http://www.example.com';
>> header("Location: $target");
>> echo 'You're be redirected to '.$target.'. Click <a
>> href="'.$target.'">here</a> if it doesn't work';
>> exit; //<-----IMPORTANT!
>>
>
> Well whatta you know!! As soon as I put this suggestion of yours after
> the
> header("Location: $target"); it works! And mind you, not necessarily the
> exit() part, but the echo part!! How strange is that? I'm loosing all
> sense
> of logic on this one.
>
> Could it be that Opera needs some kind of body content after a
> redirection
> header? Or could it perhaps be that Opera indeed thinks that it should
> redirect back to the login page again, since it is redirected to a page,
> that redirected to the login page in the first place. lol

Somehow, your posts don't get quoted properly by my newsreader (yes, its OE
:-S ), so I'll resort to my own:

<Rik>
Possiblity 1:
Opera -> Tools -> preferences -> Advanced -> Network -> Enable Automatic
Redirection.

It's enabled by default, but can be disabled for whatever purpose. All the
more reason why a header redirect should be accompanied by some
information one is redirected, and a script should die()/exit() after that.
</Rik>

I know, but it's not an issue.

<Rik>
Possibility 2:
Opera get's the redirect, but still has the page with the same URL in
cache, so decides to use that one. Set some header and/or html information
these pages should not be cached.
</Rik>

Yes, that's a reasonable assumption, I will look into that a little more.

<Rik>
Possibility 3:
The script isn't terminated after the first header-redirect, continues to
run, and effectively changes the redirect by a second header() call.
Putting an echo directly after it will force the headers to be sent, so
they cannot be replaced anymore, resulting in the first one being the only
one, and thus the one obeyed by the browser. Another example why one
should die()/exit() after a redirect.

<?php
//this will offcourse end in /second.html
header('Location: /first.html');
header('Location: /second.html');
?>

<?php
//this will end in /first.html
header('Location: /first.html');
flush();
header('Location: /second.html');
?>
</Rik>

Yes, that makes sense. Although my application should not behave this way,
since it only calls for one function in one controller class per page, I
will look into this a little more. I could very well be overlooking flaws in
my application logics.

Thanks for the great suggestions Rik. You've been very helpful.

Cheers!

amygdala wrote:
> Somehow, your posts don't get quoted properly by my newsreader (yes,
> its OE :-S ), so I'll resort to my own:

OE Quotefix, a must-have for MSOE users :)

..oO(Rik)

>On Fri, 10 Aug 2007 20:32:45 +0200, Michael Fesser <netizen@gmx.de> wrote:
>
>> Are you sure you really understood how sessions work? The browser's
>> only task is to keep the session ID, that's it. The handling of the
>> session itself - open, read, write, close - is done on the server.
>> Sessions are browser-independent, there's nothing to commit.
>
>Are you sure you understood how redirecting and sessions works?

Yes.

>[...]
>
>So, if a session is no longer needed, it's a wise idea to close is, just
>not very necessary in your normal garden variety of PHP scripts.

That's all correct - I was just picking on the "Opera's session might
not be commited before the redirect". Maybe it was just written in a
misleading way, but some problems simply cannot be related to a
particular browser.

And since I'm an Opera fan as well (since v3.60) ... ;-)

Micha

Rik wrote:
> amygdala wrote:
>> Somehow, your posts don't get quoted properly by my newsreader (yes,
>> its OE :-S ), so I'll resort to my own:
>
> OE Quotefix, a must-have for MSOE users :)

Thanks for the tip Rik! Installed it. Seems to work like a charm.

Rik wrote:
> On Fri, 10 Aug 2007 20:07:03 +0200, amygdala <noreply@noreply.com>
> wrote:
>>
>> Could it be that Opera needs some kind of body content after a
>> redirection
>> header? Or could it perhaps be that Opera indeed thinks that it
>> should redirect back to the login page again, since it is redirected
>> to a page, that redirected to the login page in the first place. lol
>
> Possiblity 1:
> Opera -> Tools -> preferences -> Advanced -> Network -> Enable
> Automatic Redirection.
>
> It's enabled by default, but can be disabled for whatever purpose.
> All the more reason why a header redirect should be accompanied by
> some information one is redirected, and a script should die()/exit()
> after that.
> Possibility 2:
> Opera get's the redirect, but still has the page with the same URL in
> cache, so decides to use that one. Set some header and/or html
> information these pages should not be cached.
>
> Possibility 3:
> The script isn't terminated after the first header-redirect,
> continues to run, and effectively changes the redirect by a second
> header() call. Putting an echo directly after it will force the
> headers to be sent, so they cannot be replaced anymore, resulting in
> the first one being the only one, and thus the one obeyed by the
> browser. Another example why one should die()/exit() after a redirect.
>
> <?php
> //this will offcourse end in /second.html
> header('Location: /first.html');
> header('Location: /second.html');
>>
>
> <?php
> //this will end in /first.html
> header('Location: /first.html');
> flush();
> header('Location: /second.html');

This thing still has me puzzled. What I did is the following:

My SessionHandler class has the following method:

public function redirect( $url )
{
session_write_close();
header( 'Expires: Mon, 26 Jul 1997 05:00:00 GMT' );
header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
header( 'Cache-Control: no-store, no-cache, must-revalidate' );
header( 'Cache-Control: post-check=0, pre-check=0', false );
header( 'Pragma: no-cache' );
header( 'HTTP/1.0 302 Moved Temporarily' );
header( 'Location: ' . $url );
// this part between the comments is important
echo 'You\'re being redirected to ' . $url . ' .
Click <a href="' . $url. '">here</a> if it doesn\'t work';
// end important part
exit(); // exit doesn't really make a difference for Opera
}

Since I have now included the exit() statement I am sure that this is the
last thing done by the application when redirecting. Also, I have added
cache control headers and the likes. But still in Opera the problem persists
if I leave out the echo part you see above between the comments.

So, from my experience it seems as if Opera wants some body content for the
redirect to work and revalidate the url I landed on before I had to log in.

Does anyone have any other clue as to what might be going on here?

Thanks.

amygdala wrote:
> Rik wrote:
>> On Fri, 10 Aug 2007 20:07:03 +0200, amygdala <noreply@noreply.com>
>> wrote:
>>> Could it be that Opera needs some kind of body content after a
>>> redirection
>>> header? Or could it perhaps be that Opera indeed thinks that it
>>> should redirect back to the login page again, since it is redirected
>>> to a page, that redirected to the login page in the first place. lol
>> Possiblity 1:
>> Opera -> Tools -> preferences -> Advanced -> Network -> Enable
>> Automatic Redirection.
>>
>> It's enabled by default, but can be disabled for whatever purpose.
>> All the more reason why a header redirect should be accompanied by
>> some information one is redirected, and a script should die()/exit()
>> after that.
>> Possibility 2:
>> Opera get's the redirect, but still has the page with the same URL in
>> cache, so decides to use that one. Set some header and/or html
>> information these pages should not be cached.
>>
>> Possibility 3:
>> The script isn't terminated after the first header-redirect,
>> continues to run, and effectively changes the redirect by a second
>> header() call. Putting an echo directly after it will force the
>> headers to be sent, so they cannot be replaced anymore, resulting in
>> the first one being the only one, and thus the one obeyed by the
>> browser. Another example why one should die()/exit() after a redirect.
>>
>> <?php
>> //this will offcourse end in /second.html
>> header('Location: /first.html');
>> header('Location: /second.html');
>> <?php
>> //this will end in /first.html
>> header('Location: /first.html');
>> flush();
>> header('Location: /second.html');
>
> This thing still has me puzzled. What I did is the following:
>
> My SessionHandler class has the following method:
>
> public function redirect( $url )
> {
> session_write_close();
> header( 'Expires: Mon, 26 Jul 1997 05:00:00 GMT' );
> header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
> header( 'Cache-Control: no-store, no-cache, must-revalidate' );
> header( 'Cache-Control: post-check=0, pre-check=0', false );
> header( 'Pragma: no-cache' );
> header( 'HTTP/1.0 302 Moved Temporarily' );
> header( 'Location: ' . $url );
> // this part between the comments is important
> echo 'You\'re being redirected to ' . $url . ' .
> Click <a href="' . $url. '">here</a> if it doesn\'t work';
> // end important part
> exit(); // exit doesn't really make a difference for Opera
> }
>
> Since I have now included the exit() statement I am sure that this is the
> last thing done by the application when redirecting. Also, I have added
> cache control headers and the likes. But still in Opera the problem persists
> if I leave out the echo part you see above between the comments.
>
> So, from my experience it seems as if Opera wants some body content for the
> redirect to work and revalidate the url I landed on before I had to log in.
>
> Does anyone have any other clue as to what might be going on here?
>
> Thanks.
>
>

Why are you sending a message they will never see, anyway? Normally a
redirect header has NO text associated with it.

If you have your header set up appropriately, they will be redirected.
All the message might do is screw things up for the browser.


--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

"Jerry Stuckle" <jstucklex@attglobal.net> schreef in bericht
news:xqKdnb9U2fBnMyLbnZ2dnUVZ_uLinZ2d@comcast.com. ..
> amygdala wrote:
>>
>> This thing still has me puzzled. What I did is the following:
>>
>> My SessionHandler class has the following method:
>>
>> public function redirect( $url )
>> {
>> session_write_close();
>> header( 'Expires: Mon, 26 Jul 1997 05:00:00 GMT' );
>> header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
>> header( 'Cache-Control: no-store, no-cache, must-revalidate' );
>> header( 'Cache-Control: post-check=0, pre-check=0', false );
>> header( 'Pragma: no-cache' );
>> header( 'HTTP/1.0 302 Moved Temporarily' );
>> header( 'Location: ' . $url );
>> // this part between the comments is important
>> echo 'You\'re being redirected to ' . $url . ' .
>> Click <a href="' . $url. '">here</a> if it doesn\'t work';
>> // end important part
>> exit(); // exit doesn't really make a difference for Opera
>> }
>>
>> Since I have now included the exit() statement I am sure that this is the
>> last thing done by the application when redirecting. Also, I have added
>> cache control headers and the likes. But still in Opera the problem
>> persists if I leave out the echo part you see above between the comments.
>>
>> So, from my experience it seems as if Opera wants some body content for
>> the redirect to work and revalidate the url I landed on before I had to
>> log in.
>>
>> Does anyone have any other clue as to what might be going on here?
>>
>> Thanks.
>
> Why are you sending a message they will never see, anyway? Normally a
> redirect header has NO text associated with it.
>
> If you have your header set up appropriately, they will be redirected. All
> the message might do is screw things up for the browser.

Because as Rik has pointed out earlier: some browsers might not obey the
request for a redirect. I predominantly browse using Opera, and in Opera,
you can also *choose* not to be redirected automatically. So having said
that, it makes sense to add an extra option for visitors, when they are not
redirected automatically.

"Jerry Stuckle" <jstucklex@attglobal.net> schreef in bericht
news:xqKdnb9U2fBnMyLbnZ2dnUVZ_uLinZ2d@comcast.com. ..
> amygdala wrote:
>> Rik wrote:
>>> On Fri, 10 Aug 2007 20:07:03 +0200, amygdala <noreply@noreply.com>
>>> wrote:
>>>> Could it be that Opera needs some kind of body content after a
>>>> redirection
>>>> header? Or could it perhaps be that Opera indeed thinks that it
>>>> should redirect back to the login page again, since it is redirected
>>>> to a page, that redirected to the login page in the first place. lol
>>> Possiblity 1:
>>> Opera -> Tools -> preferences -> Advanced -> Network -> Enable
>>> Automatic Redirection.
>>>
>>> It's enabled by default, but can be disabled for whatever purpose.
>>> All the more reason why a header redirect should be accompanied by
>>> some information one is redirected, and a script should die()/exit()
>>> after that.
>>> Possibility 2:
>>> Opera get's the redirect, but still has the page with the same URL in
>>> cache, so decides to use that one. Set some header and/or html
>>> information these pages should not be cached.
>>>
>>> Possibility 3:
>>> The script isn't terminated after the first header-redirect,
>>> continues to run, and effectively changes the redirect by a second
>>> header() call. Putting an echo directly after it will force the
>>> headers to be sent, so they cannot be replaced anymore, resulting in
>>> the first one being the only one, and thus the one obeyed by the
>>> browser. Another example why one should die()/exit() after a redirect.
>>>
>>> <?php
>>> //this will offcourse end in /second.html
>>> header('Location: /first.html');
>>> header('Location: /second.html');
>>> <?php
>>> //this will end in /first.html
>>> header('Location: /first.html');
>>> flush();
>>> header('Location: /second.html');
>>
>> This thing still has me puzzled. What I did is the following:
>>
>> My SessionHandler class has the following method:
>>
>> public function redirect( $url )
>> {
>> session_write_close();
>> header( 'Expires: Mon, 26 Jul 1997 05:00:00 GMT' );
>> header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
>> header( 'Cache-Control: no-store, no-cache, must-revalidate' );
>> header( 'Cache-Control: post-check=0, pre-check=0', false );
>> header( 'Pragma: no-cache' );
>> header( 'HTTP/1.0 302 Moved Temporarily' );
>> header( 'Location: ' . $url );
>> // this part between the comments is important
>> echo 'You\'re being redirected to ' . $url . ' .
>> Click <a href="' . $url. '">here</a> if it doesn\'t work';
>> // end important part
>> exit(); // exit doesn't really make a difference for Opera
>> }
>>
>> Since I have now included the exit() statement I am sure that this is the
>> last thing done by the application when redirecting. Also, I have added
>> cache control headers and the likes. But still in Opera the problem
>> persists if I leave out the echo part you see above between the comments.
>>
>> So, from my experience it seems as if Opera wants some body content for
>> the redirect to work and revalidate the url I landed on before I had to
>> log in.
>>
>> Does anyone have any other clue as to what might be going on here?
>>
>> Thanks.
>
> Why are you sending a message they will never see, anyway? Normally a
> redirect header has NO text associated with it.
>
> If you have your header set up appropriately, they will be redirected. All
> the message might do is screw things up for the browser.
>

PS.: Correct me if I'm wrong, but are my headers not set up properly?

amygdala wrote:
> "Jerry Stuckle" <jstucklex@attglobal.net> schreef in bericht
> news:xqKdnb9U2fBnMyLbnZ2dnUVZ_uLinZ2d@comcast.com. ..
>> amygdala wrote:
>>> Rik wrote:
>>>> On Fri, 10 Aug 2007 20:07:03 +0200, amygdala <noreply@noreply.com>
>>>> wrote:
>>>>> Could it be that Opera needs some kind of body content after a
>>>>> redirection
>>>>> header? Or could it perhaps be that Opera indeed thinks that it
>>>>> should redirect back to the login page again, since it is redirected
>>>>> to a page, that redirected to the login page in the first place. lol
>>>> Possiblity 1:
>>>> Opera -> Tools -> preferences -> Advanced -> Network -> Enable
>>>> Automatic Redirection.
>>>>
>>>> It's enabled by default, but can be disabled for whatever purpose.
>>>> All the more reason why a header redirect should be accompanied by
>>>> some information one is redirected, and a script should die()/exit()
>>>> after that.
>>>> Possibility 2:
>>>> Opera get's the redirect, but still has the page with the same URL in
>>>> cache, so decides to use that one. Set some header and/or html
>>>> information these pages should not be cached.
>>>>
>>>> Possibility 3:
>>>> The script isn't terminated after the first header-redirect,
>>>> continues to run, and effectively changes the redirect by a second
>>>> header() call. Putting an echo directly after it will force the
>>>> headers to be sent, so they cannot be replaced anymore, resulting in
>>>> the first one being the only one, and thus the one obeyed by the
>>>> browser. Another example why one should die()/exit() after a redirect.
>>>>
>>>> <?php
>>>> //this will offcourse end in /second.html
>>>> header('Location: /first.html');
>>>> header('Location: /second.html');
>>>> <?php
>>>> //this will end in /first.html
>>>> header('Location: /first.html');
>>>> flush();
>>>> header('Location: /second.html');
>>> This thing still has me puzzled. What I did is the following:
>>>
>>> My SessionHandler class has the following method:
>>>
>>> public function redirect( $url )
>>> {
>>> session_write_close();
>>> header( 'Expires: Mon, 26 Jul 1997 05:00:00 GMT' );
>>> header( 'Last-Modified: ' . gmdate( 'D, d M Y H:i:s' ) . ' GMT' );
>>> header( 'Cache-Control: no-store, no-cache, must-revalidate' );
>>> header( 'Cache-Control: post-check=0, pre-check=0', false );
>>> header( 'Pragma: no-cache' );
>>> header( 'HTTP/1.0 302 Moved Temporarily' );
>>> header( 'Location: ' . $url );
>>> // this part between the comments is important
>>> echo 'You\'re being redirected to ' . $url . ' .
>>> Click <a href="' . $url. '">here</a> if it doesn\'t work';
>>> // end important part
>>> exit(); // exit doesn't really make a difference for Opera
>>> }
>>>
>>> Since I have now included the exit() statement I am sure that this is the
>>> last thing done by the application when redirecting. Also, I have added
>>> cache control headers and the likes. But still in Opera the problem
>>> persists if I leave out the echo part you see above between the comments.
>>>
>>> So, from my experience it seems as if Opera wants some body content for
>>> the redirect to work and revalidate the url I landed on before I had to
>>> log in.
>>>
>>> Does anyone have any other clue as to what might be going on here?
>>>
>>> Thanks.
>> Why are you sending a message they will never see, anyway? Normally a
>> redirect header has NO text associated with it.
>>
>> If you have your header set up appropriately, they will be redirected. All
>> the message might do is screw things up for the browser.
>>
>
> PS.: Correct me if I'm wrong, but are my headers not set up properly?
>
>

Well, I don't see why you have the session_write_close() - the session
will be closed during exit() processing, anyway.

I also don't see why you have all of the cache control stuff. It's
completely unnecessary in this case.

Keep it simple - the 302 moved and location should be all you need.

And quite frankly, I wouldn't worry about opera users who disable the
redirects. After all - if you did the redirect in the normal way
(.htaccess or httpd.conf file), they wouldn't get a message. So they
must be used to getting blank screens.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================