"Randomly" loosing session information

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
Galahad
Forum Contributor
Posts: 111
Joined: Fri Jun 14, 2002 5:50 pm

"Randomly" loosing session information

Post by Galahad »

I'm having a seemingly random bug with a project I'm working on. I've got this nice mysql database admin page running using session variables. However, every once and a while, it seems to just drop the session information. I can't really seem to reliably reproduce the error. If I go fool around with moving between pages, eventually it will fail. I have a form post the info the main page. Here is what I'm doing there:

Code: Select all

<?php
if (!$_GET&#1111;'id']) &#123;
  $id = md5(uniqid(rand(),1));
&#125;

session_id($id);
session_start();
include("../../web.inc");

if ($_POST&#1111;'u'] && $_POST&#1111;'p']) &#123;
  session_register('u');
  session_register('p');
  session_register('ID');
&#125;

createHeader("", "$user Downloads Admin", false);
createMenu();

if (session_is_registered('u')) &#123;
// set up $ID and show users page
&#125; else &#123; 
  echo "Session - Invalid username or password.  Click <a href='login.php?id=$id'>here</a> to try again.";
&#125;
Here is another example:

Code: Select all

<?php
session_id($id);
session_start();

include("../../web.inc");
createHeader("", "Add $user Downloads", false);
createMenu();

echo "<center>\n";

if (!session_is_registered('ID')) die("Session error.  Click <a href='login.php?id=$id'>here</a> to try again.");

if ($_POST&#1111;'filename']) &#123;
// deal with POST entry
&#125; else &#123;
// show form to enter data in
&#125;
Both of these pages have links to each other (the links look like "page.php?id=a14n15j3k3l" only with the id the page got from GET).

Every once and a while when I just click between these two pages, it will fail my session_is_registered() test. I had it output $id and also session_id() when it failed, but they are both the same. I tried outputting the entire $HTTP_SESSION_VARS when it fails, but it is empty (has the data when it works right though).

There doesn't seem to be a pattern with how many clicks it takes, sometimes it is just one others it is many. Both pages will do it, it's not just one of them. Most times it does that, I can hit refresh a few times and it will recover it's mind and continue working. If it recovers, it will usually work fine until you close that window and open a new one. Then is does the same sort of thing. Has this happened to anyone else before? Do you have any ideas about what's going on? Thanks for the help, I appreciate it.
User avatar
kilren
Forum Newbie
Posts: 5
Joined: Fri Jul 05, 2002 8:24 am
Location: FRANCE - Aix En Provence

sesion_id

Post by kilren »

you don't need to give by yourself an Id PHP do so automatically

if you want to set it by yourself be careful :
if you force the sesion Id to an empty name you wont be able to access to your data.
you must also be careful of the method you maintain your Id
GET method is dangerous if you use link writen in javascript
POST method isn't recommanded.

try this code if your are sure to transmit Id to all your page :

Code: Select all

<?php 
if (!$HTTP_GET_VARS&#1111;'id']) &#123; 
  session_id(md5(uniqid(rand(),1))); 
  
&#125; 
else session_id($HTTP_GET_VARS&#1111;'id']); 

session_start(); 
include("../../web.inc"); 

if ($_POST&#1111;'u'] && $_POST&#1111;'p']) &#123; 
  session_register('u'); 
  session_register('p'); 
  session_register('ID'); 
&#125; 

createHeader("", "$user Downloads Admin", false); 
createMenu(); 

if (session_is_registered('u')) &#123; 
// set up $ID and show users page 
&#125; else &#123; 
  echo "Session - Invalid username or password.  Click <a href='login.php?id=$id'>here</a> to try again."; 
&#125; 
?>
or this one really easier and safer if php.ini => session.use_cookies = 1:

Code: Select all

<?php 
//session_id($id); 
session_start(); 

include("../../web.inc"); 
createHeader("", "Add $user Downloads", false); 
createMenu(); 

echo "<center>\n"; 

if (!session_is_registered('ID')) die("Session error.  Click <a href='login.php?id=$id'>here</a> to try again."); 

if ($_POST&#1111;'filename']) &#123; 
// deal with POST entry 
&#125; else &#123; 
// show form to enter data in 
&#125; 
?>
Galahad
Forum Contributor
Posts: 111
Joined: Fri Jun 14, 2002 5:50 pm

Post by Galahad »

I need the unique session id. Refer to this thread to read about that. Like I said in my first message, I have done checks where, when it drops the session variables, I have it output the id I pass it and the actual session id and they match. Besides, if I sent it the wrong id, I would not be able to refresh the browser and get it back.

I tried your recommended GET syntax:

Code: Select all

if (!$HTTP_GET_VARS&#1111;'id']) &#123;
  $id = md5(uniqid(rand(),1));
&#125; else $id = $HTTP_GET_VARS&#1111;'id'];

session_id($id);
session_start();
However, that didn't work either. I need the variable $id to pass to other pages later on in the script. I also have renamed my session variable 'ID' to be 'site' just to be sure of no confusion/conflicts. Still no change. Thanks though.

Could refreshing it get the data back because it is cached by the browser? Just a thought, let me know what you all think.
Galahad
Forum Contributor
Posts: 111
Joined: Fri Jun 14, 2002 5:50 pm

Post by Galahad »

I discovered that the problem was not with my code (always nice to find out). My web server uses a "cluster" of servers. Basically they have several servers operating in parallel. One machine would deal with the first request and start my session. A later request may or may not be served by the same machine, so the session data appears to randomly get lost. When I refreshed, the original machine would get the request sometimes and get my data back. Anyway, just thought I'd let you guys know.
Post Reply