0

I am having a weird issue where for some unknown reason my $_SESSION['last_uri'] variable is being modified on a js redirect.

This is where we define the SESSION variable, currently it displays as '/training_management':

echo 'SESSION: ' . $_SESSION['last_uri'];

if ( !(preg_match('/login/', $_SERVER['SCRIPT_NAME'])) && !(preg_match('/denied/',       $_SERVER['SCRIPT_NAME'])) ) {
    $_SESSION['last_uri'] = $_SERVER['REQUEST_URI'];

This is where we redirect to a new page:

$("#login_button").click(function() {
    var name = $("input[name$=name]").val();
    var pw = encodeURIComponent($("input[name$=password]").val());
    var query = "func=login&name=" + name + "&password=" + pw;
    ajaxRequest(query, function(data) {
        console.log(data);
        data = data.replace(/(\r\n|\n|\r|\s)/gm, "");
        if (!data || data == 0) {
            failureMsg(_("Incorrect login data."));
        } else {
            window.location.replace("redirect");
        }
    });
});

This then redirects to redirect.php which shows the following as the value '/tpl/css/images/ui-icons_222222_256x240.png':

if ( $_SESSION['last_uri'] ) {
    echo $_SESSION['last_uri'];

    //header("Location: " . $_SESSION['last_uri']);
}

Where / How is the SESSSION variable changed?

HERE are my rewrite rules:

# No www
RewriteEngine On
RewriteBase /
RewriteCond %{HTTP_HOST} ^www\.(.*)$ [NC]
RewriteRule ^(.*)$ https://%1/$1 [R=301,L]

# No likey .php
RewriteEngine on
RewriteCond %{REQUEST_FILENAME} !-d
RewriteCond %{REQUEST_FILENAME}\.php -f
RewriteRule ^(.*)$ $1.php

# Some more Security
RewriteEngine On
RewriteCond %{QUERY_STRING} proc/self/environ [OR]
RewriteCond %{QUERY_STRING} mosConfig_[a-zA-Z_]{1,21}(=|\%3D) [OR]
RewriteCond %{QUERY_STRING} base64_encode.*(.*) [OR]
RewriteCond %{QUERY_STRING} (<|%3C).*script.*(>|%3E) [NC,OR]
RewriteCond %{QUERY_STRING} GLOBALS(=|[|\%[0-9A-Z]{0,2}) [OR]
RewriteCond %{QUERY_STRING} _REQUEST(=|[|\%[0-9A-Z]{0,2})
RewriteRule ^(.*)$ /security [R=301,L]
Improve this question
3
  • Are you using url rewriting? It looks like you are rewriting a bit too much. Commented Oct 30, 2014 at 16:58
  • 1
    if you've got mod_rewrite rewriting all of your requests to a PHP script, then hitting a particular page may well trigger a whole bunch of re-writes: one for the actual page, and extras for every external resource on that page (e.g. images, css, js). Commented Oct 30, 2014 at 16:59
  • Added rewrite rules to post Commented Oct 30, 2014 at 17:01

1 Answer 1

Reset to default
1

This is probably what happend (see comments):

echo 'SESSION: ' . $_SESSION['last_uri']; // display /training_management

if ( !(preg_match('/login/', $_SERVER['SCRIPT_NAME'])) && !(preg_match('/denied/',       $_SERVER['SCRIPT_NAME'])) ) {
    $_SESSION['last_uri'] = $_SERVER['REQUEST_URI'];
    echo 'NEW SESSION: ' . $_SESSION['last_uri']; // display /tpl/css/images/ui-icons_222222_256x240.png
}

Other possibilities:

  • /tpl/css/images/ui-icons_222222_256x240.png not found redirect to a PHP page that modify the session.
  • session_start() is missing.
Improve this answer
Sign up to request clarification or add additional context in comments.

3 Comments

redirect.php does not load header.php which includes the definition of $_SESSION['last_uri']
Yes but you test your variable with echo before the variable is setted so your test can be wrong.
tail session_log last_uri|s:53:"/tpl/css/images/ui-bg_inset-hard_100_fcfdfd_1x100.png"; last_uri|s:43:"/tpl/css/images/ui-icons_222222_256x240.png"; last_uri|s:20:"/training_management"; last_uri|s:20:"/training_management"; last_uri|s:53:"/tpl/css/images/ui-bg_inset-hard_100_fcfdfd_1x100.png"; last_uri|s:43:"/tpl/css/images/ui-icons_222222_256x240.png"; last_uri|s:43:"/tpl/css/images/ui-icons_222222_256x240.png";username|s:13:"matthewharris";logged_in|i:1;auditor_id|s:4:"3042";access_level|s:1:"6";

Your Answer

By clicking “Post Your Answer”, you agree to our terms of service and acknowledge you have read our privacy policy.

Start asking to get answers

Find the answer to your question by asking.

Ask question

Explore related questions

See similar questions with these tags.