recursive session_start

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

Post Reply
ediehl
Forum Newbie
Posts: 3
Joined: Fri Feb 13, 2009 1:42 pm

recursive session_start

Post by ediehl »

I'm new to php, and I'm trying to use session variables to perpetuate values from page to page. I have a .php form page that gets called multiple times (sometimes by itself and sometimes by PayPal) and it responds differently based on input parameters etc.

My problem is that the first time it's called it's a data entry form (at which time it starts the session and creates session variables), then it posts to itself to validate the variables, then it posts to PayPal. PayPal then sends its payment notification back to the same form. But the session variables are no longer available at that time. I'm assuming the session_start call is starting a new session (for testing purposes I found that a separate form could start a session and see the values that the multi-purpose form had set). I've tried several conditional session_starts, like the one below, to try to not start a new session if it's seen that a session is already active, but I haven't got it worked out yet. I see that the session ID is different between the time the page sets the variables and when it tries to read them (but the same when comparing the original setting and a later reading by a separate page).

I suppose I could simply split the code into separate pages so I wouldn't have to be concerned over starting a new, separate session, but it's hard for me to accept that there's not a simple way to rejoin the existing session.

Any suggestions?

<?php
if (isset($_SESSION['ID'])) { session_start($_SESSION['ID']); } else { session_start(); }
$_SESSION['ID'] = session_id();
sparrrow
Forum Commoner
Posts: 81
Joined: Mon Oct 20, 2008 12:22 pm

Re: recursive session_start

Post by sparrrow »

You can't pass anything to session_start. Please see Session_start PHP manual Session_start creates a new session if one doesn't exist, otherwise it resumes the existing session. A unique persistent session exists for each unique host during that single browser session. The session ID is stored in the browser buffer, and is accessed by calling session_start().

I assume you are using Paypal's IPN? When you or your user are executing scripts, that is a single session. When Paypal posts back from it's own servers, it is a completely different session because the requests are coming from Paypal, not from the user.

You need to capture something significant that you are passing to Paypal inside a database or persistent storage. Invoice ID is what I use. Then when Paypal posts back, you need to look in your database again for the Invoice ID that Paypal posted to match the data back up. You should also validate the dollar amount, recipient ID, and other significant transaction data to ensure the paypal post wasn't spoofed and that the right amount of money went to the right person.
ediehl
Forum Newbie
Posts: 3
Joined: Fri Feb 13, 2009 1:42 pm

Re: recursive session_start

Post by ediehl »

You are correct, I am using IPN. I wondered if it might be something along the lines of what you said, but I wasn't finding that info from my searchs (I did check the PHP Manual, and the info may be there but I wasn't picking up on it).

Anyway, thanks much for your help---I understand the problem now.
Post Reply