SitePoint Sponsor

User Tag List

Results 1 to 3 of 3
  1. #1
    SitePoint Member Apallo13's Avatar
    Join Date
    May 2008
    Posts
    15
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Sessions Interferance?

    Is this a case of Sessions interferance?

    Am using three different sessions on a PHP Web site.
    The sessions seem to be interfering with each other instead of operating independently.

    I seem to have found this because a login that does usually work - will not work if the other sessions (pages) have been accessed first.

    Starting first session as such:
    This first session is used for cart use.
    session_start();
    It also has no particular name.

    The second session is used just on a Form page, and its associated pages.
    This session is named.
    The purpose is to keep someone from using the process data page without using the Form:
    session_name('PHPFORM');
    session_start();
    // store the HTTP_USER_AGENT.
    $_SESSION['agent'] = md5($_SERVER['HTTP_USER_AGENT']);

    The process data page further insures that it has been accessed by the same user agent or
    it will revert the url of that page back to the Form page.
    This page of course uses the 'PHPFORM' session:
    session_name('PHPFORM');
    session_start();

    if (!isset($_SESSION['agent']) OR ($_SESSION['agent'] != md5($_SERVER['HTTP_USER_AGENT']))) {
    $url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']);

    // remove any trailing slashes.
    if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\')) {
    $url = substr($url, 0, -1);
    }

    // add the page.
    $url .= '/form.php';
    header("Location: $url");
    exit();
    }

    Another different and third session is used in a member area of the same Web site.
    It starts on a login page and brings in the loggedin page if the login was successful, error displayed if not:
    if login was successful ...
    session_name('MEMBER');
    session_start();

    // store the HTTP_USER_AGENT.
    $_SESSION['agent'] = md5($_SERVER['HTTP_USER_AGENT']);

    // redirect.
    $url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']);

    // remove any trailing slashes.
    if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\')) {
    $url = substr($url, 0, -1);
    }

    // add the page.
    $url .= '/loggedin.php';
    header("Location: $url");
    exit();

    Then the loggedin page further insures that it has also been accessed by the same user agent or
    it will revert the url of that page back to the login page.
    The loggedin page uses this third session thusly:
    session_name('MEMBER');
    session_start();

    if (!isset($_SESSION['agent']) OR ($_SESSION['agent'] != md5($_SERVER['HTTP_USER_AGENT']))) {
    $url = 'http://' . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']);

    // remove any trailing slashes.
    if ((substr($url, -1) == '/') OR (substr($url, -1) == '\\')) {
    $url = substr($url, 0, -1);
    }

    // add the page.
    $url .= '/login.php';
    header("Location: $url");
    exit();
    }

    What is causing the problem of not being able to log in, with a known good login that is successful if used before the other pages were accessed?

    The login works if pages were not first accessed that are using other sessions. Otherwise what seems to be happening is the loggedin page reverts back to the login page, and will not remain on the logged in page as it should - and does when accessed before the other pages that use the other sessions.

    Strange, but also noticed that I can be logged in just fine, but sometimes after visiting other pages in different tabs then suddenly my current loggedin page reverts back to the login page - whereupon I cannot log back in.

    I did not mention any errors, because there are NONE.

    The PHP version being used is 5.2.8

    To re-state the problem in need of solution:
    The sessions seem to be interfering with each other instead of operating independently.
    A login that Does Work will not work if the other sessions (pages) have been accessed first.

  2. #2
    Twitter: @AnthonySterling silver trophy AnthonySterling's Avatar
    Join Date
    Apr 2008
    Location
    North-East, UK.
    Posts
    6,111
    Mentioned
    3 Post(s)
    Tagged
    0 Thread(s)
    You should not be setting the name of the session, every user will acquire the data contained within the session.
    @AnthonySterling: I'm a PHP developer, a consultant for oopnorth.com and the organiser of @phpne, a PHP User Group covering the North-East of England.

  3. #3
    SitePoint Wizard bronze trophy
    Join Date
    Jul 2008
    Posts
    5,757
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    On any of these pages, does session_start() get called more than once in a single script execution? This includes other scripts called via include(). If you're using more than one session per execution, it would be a good idea to call session_write_close() and destroy session variables before loading the next.

    Are you using the default files based session handler, or a custom handler(database, memcache etc...)? Always call session_write_close() before sending a redirect header or you risk the possibility of data loss/corruption due to race conditions.

    use ini_get() to make sure session.auto_start is off.

    Is register_globals on?

    Do some debugging. Find out what your code is doing instead of wondering. Check the values of your variables. Make sure they contain the values you think they do.

    PHP Code:
    // instead of
    if (!isset($_SESSION['agent']) OR ($_SESSION['agent'] != md5($_SERVER['HTTP_USER_AGENT']))) {
    // ... redirect
    }


    // do this!
    if (!isset($_SESSION['agent']) OR ($_SESSION['agent'] != md5($_SERVER['HTTP_USER_AGENT']))) {
    print_r($_SESSION);
    print_r($_SERVER);

    Systematically work through your code and you will find the variables or conditons which don;t work they way you thought they would. Then you're hot.


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •