Logo Questions Linux Laravel Mysql Ubuntu Git Menu
 

Chrome Toggle different devices view destroys the session

I am working on a website admin cp with PHP as a back end technology and in the same time I am fixing some responsive issues.

So I am logged in to the admin panel But when i toggle different devices such as Galaxy, Nexus Iphone or even responsive mode to test the responsive look or fixes that i have done i find myself logged out and redirected to login page and also i see things that shouldn't appear before login such as admin menu but it is not accessible in other words it's half logged in and half not.

cashing is not disabled.

session id is the same i can see it.

I really can't get my head around it!

Is that something normal in the browser which means every device is independent from the whole browser?

Or i'm doing something wrong?

like image 879
lotfio Avatar asked Aug 06 '17 13:08

lotfio


People also ask

What is session Storage Chrome?

Represents the session storage area. Items in session storage are stored in memory and are not persisted to disk. The browser may restrict the amount of data that an extension can store in the session storage area. For example, in Chrome, an extension is limited to storing 1MB of data in this storage area.

Can we see the session storage?

# View sessionStorage keys and valuesClick the Application tab to open the Application panel. Expand the Session Storage menu. Click a domain to view its key-value pairs. Click a row of the table to view the value in the viewer below the table.


1 Answers

Finally and after several hours of reviewing my code and debugging every single thing I came up with a solution to my problem :

  • my hypothesis in the question that the devices are independent from each other is quite correct because every device has a different HTTP_USER_AGENT

You can try it like this :

echo $_SERVER['HTTP_USER_AGENT'];

Toggle different devices on the browser and see the result .

So as for sessions best practice based on stack overflow and many other resources it is a good practice to save $_SERVER['HTTP_USER_AGENT'] in a session and later on check the session after login which means the logged in user is exactly the user coming from that browser

And that's what i was doing i was checking for the user login session and the user agent session

And that's what was causing the problem so when i toggle different devices the HTTP_USER_AGENT gets changed so the session doesn't match and therefore i get logged out automatically.

like image 128
lotfio Avatar answered Oct 21 '22 10:10

lotfio