Page 1 of 1

My session bug, incredible, must read!

Posted: Thu Mar 02, 2006 1:35 pm
by chrys
As some of you may have noticed I have posted a few issues with sessions. I have finally found out what the problem is.

The current platform is as such:
Firefox
PHP

I have a PHP site that people use strictly with Firefox.

It took me forever to debug this, but here is the conclusion I came to:
When Firefox has stored more than 70 cookies for a domain, it starts to read selectively, and only reads 70 of them. The cookies that are selectively chosen are the ones after the 70 mark. I don't know if this is an issue related to Firefox storage, or to PHP readage. I am leaning towards Firefox, because Javascript also has the same issues reading the cookies past 70.

Has anyone heard anything bout this? Anyone have their input?

Thank you, but after months of suffering, I have finally figured this bug out. I am going to drink to that (that's how mystifyingly stressful it was)

Posted: Thu Mar 02, 2006 1:48 pm
by chrys
I just tested it in IE, it appears the thresh hold is even lower in IE, about 20?

Posted: Thu Mar 02, 2006 2:41 pm
by nincha
is this true? i thought cookies are capped based on menory usage.

Posted: Thu Mar 02, 2006 2:47 pm
by chrys
nincha wrote:is this true? i thought cookies are capped based on menory usage.
This may be possible since each of my cookies are generally the same size. It is restricted by domain. Anyone else know anything?

Posted: Thu Mar 02, 2006 3:14 pm
by feyd
the HTTP standard dictated that clients who accept cookies only should store 4 per domain with a maximum of 4K of data in each. It's still up to the browser companies to choose how far they'll store, so Firefox allowing more than that is of their own choosing. I think you need to rethink how cookies are used on your site.

Posted: Thu Mar 02, 2006 3:19 pm
by nincha
what about sessions??

Posted: Thu Mar 02, 2006 3:26 pm
by feyd
Sessions have, often, less in size limitations, however they often take up a cookie on their own. For file based sessions there's the server's clean-up routine that may bite you, so if you do use them, go with a database version. I try to pack all data used across the entire domain into a single session. I don't like how, at least right now, phpBB uses two to three cookies by itself. Hopefully I can fix that in the fork I'm working on.

Posted: Thu Mar 02, 2006 3:26 pm
by neophyte
70 Cookies? Whoa!

Got milk?

:D

Posted: Thu Mar 02, 2006 3:28 pm
by neophyte
feyd wrote: I don't like how, at least right now, phpBB uses two to three cookies by itself. Hopefully I can fix that in the fork I'm working on.
phpBB Fork? Are you going to publish it?

Posted: Thu Mar 02, 2006 3:38 pm
by feyd
Yes, it will be open sourced.

Posted: Thu Mar 02, 2006 3:40 pm
by chrys
PHP Sessions just store one cookie with the session ID.


I will indeed have to rethink cookies in the future. For now my solutions is that the cookies I set expire after 10 minutes, since they're not needed for longer than that. The problem was those cookies would pile up. Eventually the PHPSESSID was getting pushed out of the range so people would be getting logged out and couldn't log back in, I finally figured out why!

Posted: Thu Mar 02, 2006 3:42 pm
by neophyte
Congratulations!

Posted: Thu Mar 02, 2006 4:01 pm
by Roja
feyd wrote:Hopefully I can fix that in the fork I'm working on.
A solo effort? I feel so left out. Here I thought I was gonna help. ;)

Posted: Thu Mar 02, 2006 4:02 pm
by chrys
neophyte wrote:Congratulations!
Beer will be had.