I have a huge problem with session_vars and mobile 3g connections.
We have a virtual campus that is accessed with username and password. On every page verifies that the user is logged with the following code:
<?PHP session_start();
//Avoid not logged users
if ($_SESSION['auth']!=true)
{
session_unset();
header('Location:index.php'); // login page
exit;
}
When a user tries to download a file and uses a 3G connection, sometimes loses its session variable that identifies who is logged in, and send the user to the login page.
We have tried and fail to reproduce the error. We assume that may depend on the conditions of the 3G connection.
All users who use a dongle 3g fails with a laptop.
Bellow the html download link code:
<a onclick="window.location.href='download_file.php?id=48558&id_aula=A1188788&p=5'" title="download 21115400_cat.pdf" class="Arial11BlueBold ManoSola">Download</a>
And the download_file.php:
<?PHP session_start();
//Avoid not logged users
if ($_SESSION['auth']!=true)
{
session_unset();
header('Location:index.php');
exit;
}
...
Thanks!
Suhosin encrypts the session and it seems that something does change the cookie and the session. We have disabled encryption in php.ini.
[suhosin] suhosin.session.encrypt=Off
[suhosin] suhosin.cookie.encrypt=Off
We also use the Ajax Agent library, this library reloads the page and some session variables are lost. We replaced the Ajax Agent for Ajax call.