Can sessions be erased by a XHTML/CSS template?

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

daerimin
Forum Newbie
Posts: 2
Joined: Wed Sep 09, 2009 3:34 pm

Re: Can sessions be erased by a XHTML/CSS template?

Post by daerimin »

I'm the developer: Let me see if I can clear this up:

In php.ini, I have session_autostart = 1. That means, I don't use session_start() anywhere in my application.

The key thing here, is that there are two copies of my application: one that has been wrapped in this template, and one that has not. The one that has been wrapped does NOT preserve sessions across even one redirect (and to clarify, there are three pages: One has the form, the 2nd does the SQL and stores the resulting recordset in a session variable, and the 3rd displays the results - I do it this way so I can show the results in pages w/o doing multiple SQL commands) I am using: header("Location:some_page.php>"); to display search results.

The copy that is NOT wrapped in the template works perfectly - only after applying the CSS does the application cease to function.

I can see the session information from BOTH applications living in /tmp on the server - so I know the backend environment is fine (sorry pytrin, you're just gonna have to accept that I'm not a novice with any part of the LAMP setup). Garbage collection, cookie lifetime.. all that stuff is fine. I have written other PHP applications for this same client, which all live in the same set of paths, and they all work w/o issue. The only difference here is the CSS/HTML content that was added after the deliverable was put in place.

It appears to me that no sessions are being erased on the server, however on the 2nd page (the one that does the SQL), doing a print_r($_SESSION) shows NOTHING.. which is wrong, because multiple values are set for demographic purposes on the page before. In addition, any session data set on page 2 is also gone when moving to page 3. And once again, the "test" copy that hasn't been "templatized" works perfectly.

Hope this helps!
User avatar
Eran
DevNet Master
Posts: 3549
Joined: Fri Jan 18, 2008 12:36 am
Location: Israel, ME

Re: Can sessions be erased by a XHTML/CSS template?

Post by Eran »

sorry pytrin, you're just gonna have to accept that I'm not a novice with any part of the LAMP setup
Hey man, it was nothing personal. I was just raising options to what could cause sessions to lose state. please lose the attitude.

We haven't seen any code, but from what you describe, the problem is with how you integrate the HTML markup with your PHP code. There are infinite ways to go about this, some of which are better and some could cause problems. The main theme here though is that HTML alone cannot affect sessions in any way.

Cheers.
daerimin
Forum Newbie
Posts: 2
Joined: Wed Sep 09, 2009 3:34 pm

Re: Can sessions be erased by a XHTML/CSS template?

Post by daerimin »

Well, despite you saying my first response was vague & meaningless, I didn't intend any attitude. :wink: I just wanted to point out that I was not a novice, so anyone trying to help us wouldn't take the "is it plugged in?" approach. No worries man.

~D
User avatar
Mirge
Forum Contributor
Posts: 298
Joined: Thu Sep 03, 2009 11:39 pm

Re: Can sessions be erased by a XHTML/CSS template?

Post by Mirge »

daerimin wrote:I'm the developer: Let me see if I can clear this up:

In php.ini, I have session_autostart = 1. That means, I don't use session_start() anywhere in my application.

The key thing here, is that there are two copies of my application: one that has been wrapped in this template, and one that has not. The one that has been wrapped does NOT preserve sessions across even one redirect (and to clarify, there are three pages: One has the form, the 2nd does the SQL and stores the resulting recordset in a session variable, and the 3rd displays the results - I do it this way so I can show the results in pages w/o doing multiple SQL commands) I am using: header("Location:some_page.php>"); to display search results.

The copy that is NOT wrapped in the template works perfectly - only after applying the CSS does the application cease to function.

I can see the session information from BOTH applications living in /tmp on the server - so I know the backend environment is fine (sorry pytrin, you're just gonna have to accept that I'm not a novice with any part of the LAMP setup). Garbage collection, cookie lifetime.. all that stuff is fine. I have written other PHP applications for this same client, which all live in the same set of paths, and they all work w/o issue. The only difference here is the CSS/HTML content that was added after the deliverable was put in place.

It appears to me that no sessions are being erased on the server, however on the 2nd page (the one that does the SQL), doing a print_r($_SESSION) shows NOTHING.. which is wrong, because multiple values are set for demographic purposes on the page before. In addition, any session data set on page 2 is also gone when moving to page 3. And once again, the "test" copy that hasn't been "templatized" works perfectly.

Hope this helps!
Maybe, if only for testing purposes, quickly add a session_start(), and session_set_cookie_params() if needed, to each of the pages (or a few test pages) and see if the issue is resolved. If it IS resolved, at least you know more specifically where the problem lies.
Eric!
DevNet Resident
Posts: 1146
Joined: Sun Jun 14, 2009 3:13 pm

Re: Can sessions be erased by a XHTML/CSS template?

Post by Eric! »

daerimin wrote:It appears to me that no sessions are being erased on the server, however on the 2nd page (the one that does the SQL), doing a print_r($_SESSION) shows NOTHING
Ok now we can get somewhere. Why don't you echo BOTH the session_id() and $_SESSION data on the assigning page RIGHT BEFORE the redirect and then echo them again IMMEDIATELY on the redirected page? Let's see what is happening between pages. When the session data is gone, check the session data directory for that session_id and verify the data is there. You might want to double check ini_get('session.save_path') and ini_get('session.autostart') on the failing page.

Also, are these two pages running in the same server and same directory?

As pytrin and I keep saying adding the HTML/CSS alone can't logically break the session data, but logic assumes everything is configured and running as it is supposed to.
Post Reply