Are empty $_SESSIONs possible?

Not for 'how-to' coding questions but PHP theory instead, this forum is here for those of us who wish to learn about design aspects of programming with PHP.

Moderator: General Moderators

Post Reply
pascalpensa
Forum Newbie
Posts: 2
Joined: Sat Dec 10, 2005 4:40 am

Are empty $_SESSIONs possible?

Post by pascalpensa »

dear all,

i'm currently conducting an online survey and had a problem with empty $_SESSION variables.

the survey in question would be this: Forecasting Survey

all data that is not generated through user interaction, eg. selecting options, is stored in session variables and passed back to the script before saving to a text/csv file.

the second day into the study, one clever guy "stress-tested" the script and played roughly 50 consecutive rounds with round times of less than 4 seconds (between page display and submission) in some cases.

after this "incident", the script started to generate empty values as other people started to play at the same time (3 times). namely the data that is stored in session variables. everything else, eg. the $_POST variables worked fine. since then, as people interacted "normally" with the script, nothing similar happened.

my questions are the following:

- what could've caused the empty values? is it because the script "overheated"? are there limitations to session variables when under stress, i.e. multiple sessions at the same time and fast changes in session variables?

and

- are there limitations to using flat files for this? would we be better off using MySQL?

thanks for sharing your thoughts.

-pascal
User avatar
onion2k
Jedi Mod
Posts: 5263
Joined: Tue Dec 21, 2004 5:03 pm
Location: usrlab.com

Re: Are empty $_SESSIONs possible?

Post by onion2k »

pascalpensa wrote:- are there limitations to using flat files for this? would we be better off using MySQL?
Are you flock()ing the files before writing to them? If you're not then I suspect this problem arises from multiple scripts attempting to write to the file at once. If you are then it's something more complicated.

Either way, a database would definitely be a better option.
pascalpensa
Forum Newbie
Posts: 2
Joined: Sat Dec 10, 2005 4:40 am

Re: Are empty $_SESSIONs possible?

Post by pascalpensa »

onion2k wrote:Either way, a database would definitely be a better option.
ok, so i'll skip the flock()-thing (cause it does not look that bomb proof either) entirely and convert to a SQL solution. thanks.
User avatar
AKA Panama Jack
Forum Regular
Posts: 878
Joined: Mon Nov 14, 2005 4:21 pm

Post by AKA Panama Jack »

Well, it would depend upon how you are doing things in your code. It is kind of hard to get a handle on what is happening without something more to go on.

We use session variables on just about all of our sites and don't have any problems and some of them are under very, very heavy usage.

Plus it would be nice to know how much drive space is still left where PHP is storing the session data for each user. If that drive is almost full it could be failing to store the session data and that would return empty session variables. Another problem could be if the user or group permission on the directory session data is stored is different from the user or group for Apache.

There are a number of reasons something like this could happen and some of them are poorly configured or maintained server installations that have nothing much to do with PHP itself.
User avatar
Maugrim_The_Reaper
DevNet Master
Posts: 2704
Joined: Tue Nov 02, 2004 5:43 am
Location: Ireland

Post by Maugrim_The_Reaper »

Although I like Database stored sessions (I think they offer superior security) they are generally not justified by the file based altenative returning empty SESSION arrays. So the right solution, but for the wrong reasons?

You should take a look at the above posts - I've never encountered a situation where the file based sessions (or an alternative) failed simply from stress tests. Its either a server misconfiguration or a session handler error. Moving to a database may even carry a similar problem (if you're using a custom written session handler with some undiagnosed bug).
GRemm
Forum Newbie
Posts: 17
Joined: Fri Jul 08, 2005 3:37 pm
Location: California
Contact:

Post by GRemm »

Sounds like session corruption.
Make sure that you are not re-using the same session for the form no matter who is editing information and from where. If you two users change the same value in the same session at similiar times then the last change and only the last change would take effect.

You can store sessions in the db but you still need to solve the concurrent session issues. Are you requiring a login for the users? Are you starting a new session based on some sort of unique return value upon logging in? Do you generate a unique session id for each session? Are your files correctly permissioned? Are you using some sort of api for managing sessions or using php's built in functions?

We can only help so much without better information.

Gremm
Post Reply