www.webdeveloper.com
Results 1 to 11 of 11

Thread: Session being cleared?

  1. #1
    Join Date
    Jun 2010
    Posts
    92

    Session being cleared?

    Hey all, I am having a really strange issue.

    Recently we just moved our server across to a new platform, which has PHP 5.2.13 (While I have been using 5.2.11 previously)

    Anyhow, for some reason on the search page (and the search page alone) the session is cleared after the first viewing, the session_id() isn't being changed, session_start() is returning true. I have tried it on other pages, and the session data remains true (I added a print_r($_SESSION); and data was shown on ALL THE PAGES, even the first run of search.php but after that the session was wiped out)

    There is NO session clearing code ANYWHERE, the only session_destroy() is in logout.php, on the development server - the search.php DOES NOT wipe out the session, I can refresh the browser and it will remain logged in.

    Sorry for trying to reiterate ... Been trying to figure out whats going on, I'm giong to download 5.2.13 and see if the problem occurs on the development server.

    I haven't contacted the host yet, since I don't know what to exactly write to them ...

    edit: Ok I installed php5.2.13, and nope - it does not clear the session on the search.php page....

    and yes the live server is running all latest.
    Last edited by adamou; 07-20-2010 at 04:59 PM.

  2. #2
    Join Date
    Jun 2010
    Posts
    92
    Ok I've followed the code and it is a smaller file which is wiping out all of the session - but this small file does not touch the session at all ... I am ultimately confused, haha...

    I will try remove part by part of the code and report back if I find anything; I even tried a ctrl + f and could not find anything with the word session in it

    ~ It works perfectly on the development server however, the settings are untweaked .. and it worked fine on the previous live server, the settings were xfered over, its just running 5.2.13 now.

    The only thing this small script access is the database, but there is database access everywhere
    Last edited by adamou; 07-20-2010 at 05:37 PM.

  3. #3
    Join Date
    Jun 2010
    Posts
    92
    agh... I can't pin point where its going wrong!

    I removed securimage, and the sessions weren't cleared - then I made an AJAX request to add to watchlist, that clears the session. So I put back in my imagecaptcha and that clears out the session (So something in there is clearing it out - but I have never ever ever had a problem with it until now, just on this server)

    I still don't know what setting is different ... I might just end up copying my php.ini over to the server in the end out of desperation :x

    I contacted server host, no word yet but I assume they will look into it ... I hope...

  4. #4
    Join Date
    Jun 2010
    Posts
    92
    Ok so annoyed at this problem (host can't seem to fix it, works on other machine -.-) I decided to write my own session handler ... and I think its better off in the end.

    PHP Code:
        define("SESS_COOKIE","sid");
        class 
    session implements ArrayAccess   {
            var 
    $id null;
            var 
    $arr = array();
            var 
    $any_changes false;
            function 
    __construct() {
            
    //first lets check if there is a cookie set    
                
    if(!headers_sent()) {
                    if(isset(
    $_COOKIE[SESS_COOKIE]) && is_numeric($_COOKIE[SESS_COOKIE])) {
                        
    $r mysql_query("select id,val from sessions where sess_key = '{$_COOKIE[SESS_COOKIE]}' and ip = '{$_SERVER['REMOTE_ADDR']}'");
                        if(
    $d mysql_fetch_assoc($r)) {
                            
    //means we successfully read from it
                            //therefore update the time.
                            
    mysql_query("update sessions set time = UNIX_TIMESTAMP(now()) + 600 where id = '{$d['id']}'");
                            
    $this->id $d['id'];
                            if(!empty(
    $d['val'])) $this->arr unserialize(stripslashes($d['val'])); 
                        } else {
                            
    //just create another session
                            
    self::createCookie();
                            
    mysql_query("insert into sessions (`sess_key`,`ip`,`time`) values ('{$_COOKIE[SESS_COOKIE]}','{$_SERVER['REMOTE_ADDR']}',UNIX_TIMESTAMP(now()) + 600)");
                            
    $this->id mysql_insert_id();
                        }
                        
                    } else {
                        
    self::createCookie();
                        
    mysql_query("insert into sessions (`sess_key`,`ip`,`time`) values ('{$_COOKIE[SESS_COOKIE]}','{$_SERVER['REMOTE_ADDR']}',UNIX_TIMESTAMP(now()) + 600)");
                    }
                } else {
                    
    //headers have been sent. Failed
                    
    return false;
                }
                return 
    true;
                    
            }
            
            function 
    save() {
                if(
    $this->any_changes) {
                    
    $d addslashes(serialize($this->arr));
                    
    mysql_query("update sessions set val = '{$d}', time = UNIX_TIMESTAMP(now()) + 600 where id = '{$this->id}';");
                    
    $this->any_changes false;
                }
            }
            
            function 
    __destruct() {
                
    $this->save();    
            }
            
            static function 
    createCookie() {
                
    //easier to manage
                
    $cid self::generateId();
                
    setcookie(SESS_COOKIE,$cid,time()+3600,"/");
                
                
    //just to avoid this annoying thing..
                
    $_COOKIE[SESS_COOKIE] = $cid;

            }
            
            static function 
    generateId() {
                
    //since it is an IP based sessiobn we're just going to use a random number to set the session_key
                //capish?
                
                
    $id number_format( (rand() * 20000),0,'','');
                
    $res mysql_query("select id from sessions where sess_key = '{$id}'");
                while(
    $d mysql_fetch_assoc($res)) {
                    
    mysql_free_result($res);
                    return 
    self::generateId();
                }
                return 
    $id;
                
            }
            
            public function 
    offsetSet($offset$value) {
                
    $this->arr[$offset] = $value;
                
    $this->any_changes true;
            }
            public function 
    offsetExists($offset) {
                return isset(
    $this->arr[$offset]);
            }
            public function 
    offsetUnset($offset) {
                unset(
    $this->arr[$offset]);
                
    $this->any_changes true;
            }
            public function 
    offsetGet($offset) {
                return isset(
    $this->arr[$offset]) ? $this->arr[$offset] : null;
            }    
        
        } 
    Code:
    CREATE TABLE `sessions` (                                
                `id` int(2) unsigned NOT NULL AUTO_INCREMENT,          
                `sess_key` int(4) unsigned NOT NULL,                   
                `ip` varchar(35) NOT NULL,                             
                `val` char(100) NOT NULL,                              
                `time` int(5) unsigned NOT NULL,                       
                PRIMARY KEY (`id`,`sess_key`,`ip`)                     
              ) ENGINE=MEMORY
    Could do with some more work but its acceptable atm,

    I just run a cron job every 15 minutes to clear out all of the expired sessions.

    Can't do much flash with my session class (no foreach) but, shouldn't really have to in the first place; if you want to use it do whatever you will to it

    usage :

    PHP Code:
        $_SESSION= new session();
        
        
    $_SESSION['id'] = 6
    though edit to add; is there a particular reason why I shouldn't override $_SESSION ?
    Last edited by adamou; 07-21-2010 at 08:31 PM. Reason: changed extends ArrayObject to implements ArrayAccess

  5. #5
    Join Date
    Aug 2004
    Location
    Ankh-Morpork
    Posts
    19,225
    If you override $_SESSION like that, it will no longer be "super-global" and instead will be locally scoped like any other user-defined variable.
    "Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
    ~ Terry Pratchett in Nation

    eBookworm.us

  6. #6
    Join Date
    Jun 2010
    Posts
    92
    oh thats a bummer .. is there a way to keep it as a superglobal, I suppose I could just re-write it as the save handler thing

  7. #7
    Join Date
    Jun 2010
    Posts
    92
    nope!

    PHP Code:
        $_SESSION = new session();
        
    $_SESSION['id'] = '6';
        
        function 
    test() {
            echo 
    $_SESSION['id'];
        }
        
        
    test(); 
    results in 6

  8. #8
    Join Date
    Jun 2010
    Posts
    92
    AHAHAA IT WORKED

    OH THANK GOD

    session data on my server now works !!!

    *edit*
    Sorry just overly excited, it seems $_SESSION remains a super global even if over-ridden? Regardless I am supberbly happy now.

    Also becareful of your rand() function, you might need to set the sess_key bigger
    Last edited by adamou; 07-21-2010 at 08:48 PM.

  9. #9
    Join Date
    Aug 2004
    Location
    Ankh-Morpork
    Posts
    19,225
    Hmm...curious, I wonder if something changed in newer versions of PHP or if I'm just misremembering something, because I was sure I saw something in the manual warning against overwriting the entire $_SESSION array.

    Anyway, if it would be of any interest to you, you might check out my article: Implementing a Database-based Session-handler.
    "Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
    ~ Terry Pratchett in Nation

    eBookworm.us

  10. #10
    Join Date
    Aug 2004
    Location
    Ankh-Morpork
    Posts
    19,225
    PS: Another "gotcha" that can cause a difference on different hosts is to watch out for pages accessed with or without the "www." sub-domain in the URL. Depending on your PHP settings, the session cookie may not carry over from the more specific "www.example.com" to the "example.com" URL. This problem can be avoided by setting session.cookie_domain to ".example.com" (note the leading "."), or else using URL rewriting at the web server to redirect all "example.com" requests to "www.example.com".
    "Please give us a simple answer, so that we don't have to think, because if we think, we might find answers that don't fit the way we want the world to be."
    ~ Terry Pratchett in Nation

    eBookworm.us

  11. #11
    Join Date
    Jun 2010
    Posts
    92
    Of course I suppose ideally I should just use the session handler functions, but I think I will keep it like this for a little while (Its working and just in the nick of time); I barely had to change any of my existing code, except for things like session_id()

    Though thanks for the cookie advice

Thread Information

Users Browsing this Thread

There are currently 1 users browsing this thread. (0 members and 1 guests)

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •  
HTML5 Development Center



Recent Articles