Asked  7 Months ago    Answers:  5   Viewed   29 times

I first configure my script to run even after the HTTP request is over

 ignore_user_abort(true);

then flush out some text.

 echo "Thats all folks!";
 flush();

Now how can I trick the browser into thinking the HTTP request is over? so I can continue doing my own work without the browser showing "page loading".

 header(??) // something like this?

 Answers

57

Here's how to do it. You tell the browser to read in the first N characters of output and then close the connection, while your script keeps running until it's done.

<?php
ob_end_clean();
header("Connection: close");
ignore_user_abort(true); // optional
ob_start();
echo ('Text the user will see');
$size = ob_get_length();
header("Content-Length: $size");
ob_end_flush();     // Will not work
flush();            // Unless both are called !

// At this point, the browser has closed connection to the web server

// Do processing here
echo('Text user will never see');
?>
Wednesday, March 31, 2021
 
osondoar
answered 7 Months ago
96

Answered to help people who might stumble across this

As the the answer at Session lost when switching from HTTP to HTTPS in PHP has concluded, since you are using session.cookie_secure = 1 the cookie that contains the session ID is not transferred when the connection switches from HTTPS to HTTP. At HTTP connection, when you session_start(), PHP creates a new session id, which replaces the previous session id.

The answer also suggests a solution, pass the session id using query string, which is then picked up by the page. This smells of bad of security flaw. Don't forget the reason why we used HTTPS in the first place!

So the solution I suggest to you is that you redirect all http request to https counterparts. Use HTTPS for everything in your site, from css, images, to mundane static html pages. This is actually something that every application that is serious about security does. For example, visiting github page using HTTP will return:

HTTP/1.1 301 Moved Permanently
Server: nginx/0.7.67
Date: Sun, 08 May 2011 15:43:01 GMT
Content-Type: text/html
Content-Length: 185
Connection: close
Location: https://github.com/

<html>
<head><title>301 Moved Permanently</title></head>
<body bgcolor="white">
<center><h1>301 Moved Permanently</h1></center>
<hr><center>nginx/0.7.67</center>
</body>
</html>

Remember why you used HTTPS in the first place, if you want to be totally secure, use HTTPS for everything.

Detect if the request is HTTPS or not (See this question) at bootstrap.

If the request is HTTP, either redirect all requests to HTTPS home page, or you can try parsing $_SERVER['REQUEST_URI'] and redirecting HTTP request to their HTTPS counterpart using parse_url and http_build_url.


Second Alternative Solution

If you really really don't want to use HTTPS for everything, then don't session_start() on pages that are accessed with HTTP. Secure cookies will be retained when you do this.


Third Alternative Solution

The other solution is to try and detect the user by IP addresses and user agent. This is not guaranteed to be accurate, so what I suggest is just use HTTPS for everything. Paypal, for example, always use HTTPS even for mundane static pages.

Wednesday, March 31, 2021
 
hakre
answered 7 Months ago
81

Here's how to do it. You tell the browser to read in the first N characters of output and then close the connection, while your script keeps running until it's done.

<?php
ob_end_clean();
header("Connection: close");
ignore_user_abort(); // optional
ob_start();
echo ('Text the user will see');
$size = ob_get_length();
header("Content-Length: $size");
ob_end_flush();     // Will not work
flush();            // Unless both are called !

// At this point, the browser has closed connection to the web server

// Do processing here
include('other_script.php');

echo('Text user will never see');
?>
Saturday, May 29, 2021
 
Pwner
answered 5 Months ago
19

You can do it with a PHP script, managed via a cron job.

Wednesday, August 18, 2021
 
charliegriefer
answered 2 Months ago
97

solved! the boundary was wrong - it is needed to add 2 dashes more for post data than the value in the header has. what was needed to do in above code was:

string boundary = "---------------------------317205771417341028";
request.ContentType = "multipart/form-data; boundary=" + boundary;

[...]

using (Stream s = request.GetRequestStream())
{
    boundary = "--" + boundary "n";

[...] so easy... and yet so annoying...

Sunday, August 29, 2021
 
Teno
answered 2 Months ago
Only authorized users can answer the question. Please sign in first, or register a free account.
Not the answer you're looking for? Browse other questions tagged :
 
Share