Weird behaviour of Zend_Session_Namespace - zend-framework

Follow up to this:
Why can't I pass user sessions between subdomains?
I followed the advice there and used :
ini_set('session.cookie_domain','mydomain');
(with and without a dot before mydomain) as the first line of index.php in the public folder as advised there and in other links around the web.
The problem is that it completely "ruined" Zend_Session_Namespace inside my application.
While it persisted among calls (as it should) of the page, now every time it is being called it is behaving as a new session is being instantiated, without holding all variables.
Any ideas on how to fix this?

Have you tried setting the cookie domain via Zend_Session?
$config['cookie_domain'] = 'mydomain';
Zend_Session::setOptions($config);

Related

Using iron-router with angular-meteor makes controllers being loaded twice

I have a Meteor application using angular-meteor. I need now to load different angular modules depending on url. I added iron-router to my application to do so and I continue to handle routes for each module using ngRoute and anchor nav but it behaves strangely if url contains params. I made a small test case which is available here:
https://github.com/clouchtibat/iron-router-ng-route
If you click on 'truc' link and then on 'test', next routes changes will make controller be instantiated two times. It works if urls have no params.
I also tested with ui-router (in the with-ui-router branch) and the problem is the same but in addition view is duplicated.
Is this a bug in one of the two routers or is there something wrong with my implementation?
Take a look at this conversations in the angular-meteor Github issues:
https://github.com/Urigo/angular-meteor/issues/154
https://github.com/Urigo/angular-meteor/issues/493
I think it can help you with some directions.
I am also having some hard time with mixin angular-meteor and iron:router.

Scala Lift - Robust method to protect files from hotlinking

I'm attempting to implement a way to stop hotlinking and/or un-authorised access to resources within my app.
The method I'm trying to add is something I've used before in PHP apps. Basically a session is set when the page is first called. The images are added to the page via the image tag with the session value as a parameter:
<img src="/files/image/image1.jpg?session=12345" />
When the image is requested the script checks to see if the session is set and matches the provided value. If the condition is not met the serving page returns null. Right at the end to the code I unset the session so further requests from outside the scope of the page will return null.
What would be the best implementation of this method within the lift framework?
Thanks in advance for any help, much appreciated :)
You could use a SessionVar for this purpose. In the SessionVar you’d store a Map[SessionImageId, RealImageId] and upon initialising the Session (i.e. when the page is first loaded) you’d generate some random SessionImageIds which you would map to the real image id. In your html you only expose the shadowed SessionImageId so no-one could trace back the image from the id. When the image is requested, you’d simply look up the real id in the Map.
Info: Exploring Lift, Lift wiki
Of course, if shadowing the ids is not important, you could simply use a SessionVar[Boolean].

Zend Sessions not stored for step3

I have used zend session as bellow..
$test = new Zend_Session_Namespace('test');
$test->test = "test text";
But when i move from one step to another step its working fine and echoes value Not on step3. even i tried using $_SESSION direct (because am desperate this to work ). But i have same problem that session not stored. Site seems almost broken when i use mozilla and IE. Not only in my PC But i have tested in multiple systems.
Tried clearing cookies, used cookie enabled browser only.
SO please suggest me what could be the posible problem in doing above. even i have inserted zend_session::start();
Thanks in advance,
Sanjeevk,
You haven't provided any useful code for what you are trying to accomplish, so I'm going to guess.
I have encountered a problem similar to this as well. My issue was simply trying to persist a page number from the paginator so I could perform an operation on a record and then return to the same page in the previous action.
The problem I was having was that the controller would overwrite the session data every time I called the action (page refresh), so while the page number would persist to other actions as soon as I called the original action the session would be over written and the page would reset to 1.
My solution was to get the page number from the view script and then feed it back to the controller later.
//the view script
<?php $session = new Zend_Session_Namespace('page'); $page = $this->paginator->getCurrentPageNumber(); ?>
so now when call $session->page anywhere in my controller/actions the data is still there and doesn't overwrite until the view is actually rendered, which is exactly what I needed.
You may be encountering something similar. Because of the way PHP and Zend Framework operate you may be inadvertently over writing your session data.
If this doesn't help, please provide more information and maybe an answer can be found.
Hope this provides some help or at least hints.

Similar path in Jersey with empty parameters

I'm having an issue with Jersey, I have two path, let's say
user/comments/{username}
and
user/{username}
The first gives you the comments from an user, the second one shows you the profile of the user.
If someone use an empty parameter in the first url as user/comments/ obviously the second method is called and you get the profile of the user "comments".
There's a way where you can "reserve" to jersey some parameter or it's more a design problem and I should refactor the paths?
I'd use the following paths, which correctly represent the user -> comment hierarchy and also avoid the name collision issue:
user/{username}/comments
and
user/{username}
You can check in the second method if the user is "comments" and call the first one instead of the behavior. I never heard of jersey with an defined procedure to check this.
Of course, everything will work till the user that registered with the appropriate "comments" login sends you a mail complaining about your site not working; so yes, I think the best option would be to refactor it...

User Authorization in KohanaPHP App vs Endless Loop

Wondering how to name this question. Think this is the best situation possible.
Situation:
I got small app written in KohanaPHP framework. However there's one small bug that makes my crazy.
I got my own Core_Controller that is extended by every controller in this app. In constructor of this controller, I'm checking user profile status. So far so good. Although I'm facing a logical issue. It's called endless redirect loop. If I try to redirect (in Core_Controller constructor) user to Member_Controller it cannot be workig due to endless lopp. I understand why it happen.
Solution:
I'm looking for a solution how to make it flexible. I tried to move this verification to a helper and call it in Core_Controller constructor. However, it can be working correctly.
Question:
Do I have to put verification in constructor of every single controller? IS there any universal method to do it?
Waiting for your thoughts.
M.A.
Just check if user is verified and the current request's action isn't something like member/verification, do the redirect.
And parent::__construct(); will call the parent constructor, so I don't see the problem in that either..
You need a condition where it doesn't redirect (on the page you have redirected to). You'll want some code similar to this.
if not member_controller then
redirect to member_controller
else
do nothing
endif
The else isn't needed, but just added so it's more clear to you.