Solved

PHP session ID causing error

Posted on 2002-03-18
17
201 Views
Last Modified: 2006-11-17
I have recently written a website in PHP.  My pages use sessions all starting with:
<?php
 session_start();
?>

I use a query to control what part of the mysql database is displayed on each page.  Each page is the same, only the query prompt changes and controls what section information is displayed.

The problem is that when the main page is first opened in the browser, the PHP session ID also is appended to the query string.  This causes the software to think an invalid page is selected.  If I refresh the page in any way this problem disappears and I must open another instance of the browser to make it reappear.

The website address is:
http://www.techtutorials.info

Does anyone have any idea why this problem is occuring and how to solve it?

Thanks for any help.
0
Comment
Question by:mzehner
  • 6
  • 5
  • 4
  • +2
17 Comments
 
LVL 5

Expert Comment

by:andriv
ID: 6878091
I cannot duplicate your error, I did not have a problem with the main page. How did you enter the page, using back button? If this is what you are doing then you will have the variables originally set.

Is the error on the URL you supplied?

Try to retype the URL and hit enter.
0
 
LVL 5

Expert Comment

by:dkjariwala
ID: 6878940
Same, no problem for me either.
JD
0
 
LVL 6

Expert Comment

by:andreif
ID: 6879324
Hi,

I see your problem. You can "clean" QUERY STRING value with this regular expression:

$index = preg_replace("/^(.*?)&.*$/","\\1",$QUERY_STRING);

So, for query string "apps&PHPSESSID=63bc9cb7419234ca61c0120a69216d2e"

$index will contain "apps".

0
 
LVL 5

Accepted Solution

by:
dkjariwala earned 150 total points
ID: 6879341
What if query string contains other parameters getting passed ??

If you just want to clean up you can use,


$index = remove_querystring($QUERY_STRING,'PHPSESSID');

function remove_querystring($url,$word)
{
    return preg_replace("/(\&{0,1}$word=\w+)(\&{0,1}\w+){0,1}/","\\2",$url);

}



JD
0
 
LVL 6

Expert Comment

by:andreif
ID: 6879348
Comment to my code:

it returns the first part of QUERY STRING, from the very beginning till the first & - so it will work with any additional parameters which can be need later
0
 
LVL 5

Expert Comment

by:dkjariwala
ID: 6879359
I was talking case where PHPSESSID is inbetween other parameters.  ;)

JD
0
 
LVL 2

Author Comment

by:mzehner
ID: 6882374
I get the problem in IE 6.0 and I believe on other computers I am using IE 5.5 or 5.0.  It only occurs the first time the browser is opened to that page.  If you right click on the link above and open another browser window in IE, then hold the mouse over a link, you should see the PHP session ID show up.

I believe andreif and dkjariwala may have a good solution but I am curious as to why this would happen in the first place.  I think it is an interesting problem.  When I first created the web site, I did not notice this problem.  I had not changed the code for a while, then the problem began.  I wonder if my provider may have made server changes that could have affected it.  I know there has been a recent PHP security patch.  Could this patch have affected this?

I will try the solutions tonight.

Thanks for your answers.
0
 
LVL 6

Expert Comment

by:andreif
ID: 6882389
I think this text from manual gives answer:

"PHP is capable of doing this transparently when compiled with --enable-trans-sid. If you enable this option, relative URIs will be changed to contain the session id automatically."

So, it's possible that PHP settings were changed
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 5

Expert Comment

by:dkjariwala
ID: 6882483
Yeah ,

but PHP also utilises cookie to pass on session ID not necessarily through query string.

JD
0
 
LVL 6

Expert Comment

by:andreif
ID: 6882499
I think this text from manual gives answer:

"PHP is capable of doing this transparently when compiled with --enable-trans-sid. If you enable this option, relative URIs will be changed to contain the session id automatically."

So, it's possible that PHP settings were changed
0
 
LVL 6

Expert Comment

by:andreif
ID: 6882505
sorry for copy :)
0
 
LVL 9

Expert Comment

by:waygood
ID: 6883853
Got the same problem using IE6 and Netscape 6.2, even when I use any of your sites links in a new window.

http://www.techtutorials.info/ctt.php?olschool

How are you generating your first page?
Believe this is were the problem originates

According to the source code all the links have the session id in the URL.  Can you supply us with a sample of the query/php code that you run before displaying the first page, and for creating the urls.

0
 
LVL 2

Author Comment

by:mzehner
ID: 6885216
The code needs cleaned up but here it is:

$page=1;
if (!$QUERY_STRING)  /* Use sections for query unless there is a query string */
{
  $sectionn="sections";
  $section=$sectionn;
}
else
{
  $dash="-";
  $pos=strpos($QUERY_STRING,$dash);
  if ($pos===false)
  {
     $sectionn=$QUERY_STRING;
  }
  else
  {
    $sectionn=substr($QUERY_STRING,0,$pos);  //should now have section name
    $page=substr($QUERY_STRING,$pos+1);  //should now have page
  }
  $section=$sectionn;
  $thisection=$sectionn; //Store the section in case of a search
}
if ($section=="unknown")
{
  $section="sections";
}

The code for the links on the left is hardcoded in HTML as follows:

<li class="dot"><a class="featureSetText" href="ctt.php?olschool" target="_top" onMouseOver="window.status='On Line Schools' ;return true" onMouseOut="window.status='';return true">On Line Schools</a>
0
 
LVL 2

Author Comment

by:mzehner
ID: 6885247
I've added the code written by dkjariwala and it stripped the session ID so the problem no longer appears.

I think andreif may have posted the reason for the change.  The statement by dkjariwala is also correct, but I believe it depends on how my web site host compiled the PHP.  Still investigating this.
0
 
LVL 5

Expert Comment

by:dkjariwala
ID: 6885250
So who would get the points ?? ;)

JD
0
 
LVL 6

Expert Comment

by:andreif
ID: 6900140
Hi mzehner, I think there was an answer, am I right?
0
 
LVL 2

Author Comment

by:mzehner
ID: 6910488
Sorry for the delay.  I have been very busy and had a difficult time deciding who should get the points.

It seems like the changes to PHP have slowed the performance of the site.  I have removed PHP sessions from the main pages of the site due to performance.  I am beginning to think sessions should be avoided unless absolutely necessary.  Use of hidden variables in forms to pass extra information rather than sessions is a good idea.
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Foreword (July, 2015) Since I first wrote this article, years ago, a great many more people have begun using the internet.  They are coming online from every part of the globe, learning, reading, shopping and spending money at an ever-increasing ra…
Part of the Global Positioning System A geocode (https://developers.google.com/maps/documentation/geocoding/) is the major subset of a GPS coordinate (http://en.wikipedia.org/wiki/Global_Positioning_System), the other parts being the altitude and t…
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …

930 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

14 Experts available now in Live!

Get 1:1 Help Now