Question:
This is REALLY weird (PHP Session problem)?
merlot7799
2008-12-11 13:14:52 UTC
I do website/database design for a company here in Las Vegas. I have several hundred web pages that the employees use after logging into the site. When they login, PHP creates a session variable called 'uid,' that I use to identify the user on each page. So, each page begins with a session_start, and I check for $_SESSION['uid'] first, and proceed if that variable passes a few tests. Right now, all of my pages start with:

session_start();
echo 'Session uid: '.$_SESSION['uid'];
...
?>

Here's my problem: When anyone in the office visits one particular page, $_SESSION['uid'] returns null, and the user is logged out (the entire session is killed). After visiting this page, they can't go anywhere in the site...they're logged out. It only happens on ONE of several hundred pages. And here's the catch: It only happens on ONE computer. Everyone in the office can visit every page, on every computer except one. On this one computer, everyone can visit every page except one. I have a mixture of XP/Vista boxes. The entire office is behind a router and the web server is at another location, so the web server only sees one IP address anyway.

I'm really stumped. Why just one computer? Why just one page on that computer? The first several lines of code on every page (the validation lines) are identical.

Any clue? Thanks!
Three answers:
iam
2008-12-11 13:59:43 UTC
That's a good one... Are the sessions implemented with cookies? Maybe that particular machine has a problem with that - why only on the one page though... What if you just did a dump of your all your get/post/session vars to see if any of the other globals are doing something unexpected for that particular file? Good luck - sorry I couldn't think of anything more constructive to try..
just "JR"
2008-12-11 21:50:31 UTC
Not a wierd problem: a classical one (but hard to solve).

Problem 1: you are on a router, hence, you only appear as a ONE IP address to the server.

Problem 2: you use "session_start()" on ALL pages. This is wrong from Php 4: you should only use it ONCE, on the entry page.

(From Php 4, you should get a warning msg, and the successive calls should be ignored, hence "blank" $_SESSION.)



Now, session_start() creates a session ($id = session_id() ) that is UNIQUE on every machine making the first call: this allows you, from now on, to differenciate EACH machine, while on the same IP!

Solution:

Initiate the session at home page ONLY.

Save the session_id in a cookie (you could do in javascript, but it is more complicated).

DEPENDING of your Php.ini config, the session can pass to other pages automatically, but I do not trust it.

So, when jumping to another page, your FIRST call is to check the cookie session, and call the server to "restore" the session. You continue the same session. If you can't restore it, use it as an argument to the next page call. (page2.php?s=session_id).

I use a DB table. When user visits the home page, I store, there, the session_id + other details. I then read the cookie and get the other details from the DB to restore the session.

(Actually, I use session_start to create a unique session number, different for each machine on the network, then kill the session: that number in my DB, together with an ID of the machine (also cookie). On call, the ID gives me the old session)

Warning: you HAVE to delete the cookies and any entries in the DB when the user LEAVES the site!
Patrick
2008-12-13 18:18:56 UTC
here are the main hints in my opinion:



1. the problem only happens on one machine

2. it works when you change the URL



the machine in question seems to be having troubles with cookies. a cookie has a path associated to it, check the path, if you want the cookie to be valid from any page use path='/'



you can set the php session cookie path with session_set_cookie_params() BEFORE calling session_start()



i suggest using:



session_set_cookie_params(

ini_get('session.cookie_lifetime'),

'/');


This content was originally posted on Y! Answers, a Q&A website that shut down in 2021.
Loading...