Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 209
  • Last Modified:

PHP session ID causing error

I have recently written a website in PHP.  My pages use sessions all starting with:
<?php
 session_start();
?>

I use a query to control what part of the mysql database is displayed on each page.  Each page is the same, only the query prompt changes and controls what section information is displayed.

The problem is that when the main page is first opened in the browser, the PHP session ID also is appended to the query string.  This causes the software to think an invalid page is selected.  If I refresh the page in any way this problem disappears and I must open another instance of the browser to make it reappear.

The website address is:
http://www.techtutorials.info

Does anyone have any idea why this problem is occuring and how to solve it?

Thanks for any help.
0
mzehner
Asked:
mzehner
  • 6
  • 5
  • 4
  • +2
1 Solution
 
andrivCommented:
I cannot duplicate your error, I did not have a problem with the main page. How did you enter the page, using back button? If this is what you are doing then you will have the variables originally set.

Is the error on the URL you supplied?

Try to retype the URL and hit enter.
0
 
dkjariwalaCommented:
Same, no problem for me either.
JD
0
 
andreifCommented:
Hi,

I see your problem. You can "clean" QUERY STRING value with this regular expression:

$index = preg_replace("/^(.*?)&.*$/","\\1",$QUERY_STRING);

So, for query string "apps&PHPSESSID=63bc9cb7419234ca61c0120a69216d2e"

$index will contain "apps".

0
Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

 
dkjariwalaCommented:
What if query string contains other parameters getting passed ??

If you just want to clean up you can use,


$index = remove_querystring($QUERY_STRING,'PHPSESSID');

function remove_querystring($url,$word)
{
    return preg_replace("/(\&{0,1}$word=\w+)(\&{0,1}\w+){0,1}/","\\2",$url);

}



JD
0
 
andreifCommented:
Comment to my code:

it returns the first part of QUERY STRING, from the very beginning till the first & - so it will work with any additional parameters which can be need later
0
 
dkjariwalaCommented:
I was talking case where PHPSESSID is inbetween other parameters.  ;)

JD
0
 
mzehnerAuthor Commented:
I get the problem in IE 6.0 and I believe on other computers I am using IE 5.5 or 5.0.  It only occurs the first time the browser is opened to that page.  If you right click on the link above and open another browser window in IE, then hold the mouse over a link, you should see the PHP session ID show up.

I believe andreif and dkjariwala may have a good solution but I am curious as to why this would happen in the first place.  I think it is an interesting problem.  When I first created the web site, I did not notice this problem.  I had not changed the code for a while, then the problem began.  I wonder if my provider may have made server changes that could have affected it.  I know there has been a recent PHP security patch.  Could this patch have affected this?

I will try the solutions tonight.

Thanks for your answers.
0
 
andreifCommented:
I think this text from manual gives answer:

"PHP is capable of doing this transparently when compiled with --enable-trans-sid. If you enable this option, relative URIs will be changed to contain the session id automatically."

So, it's possible that PHP settings were changed
0
 
dkjariwalaCommented:
Yeah ,

but PHP also utilises cookie to pass on session ID not necessarily through query string.

JD
0
 
andreifCommented:
I think this text from manual gives answer:

"PHP is capable of doing this transparently when compiled with --enable-trans-sid. If you enable this option, relative URIs will be changed to contain the session id automatically."

So, it's possible that PHP settings were changed
0
 
andreifCommented:
sorry for copy :)
0
 
waygoodCommented:
Got the same problem using IE6 and Netscape 6.2, even when I use any of your sites links in a new window.

http://www.techtutorials.info/ctt.php?olschool

How are you generating your first page?
Believe this is were the problem originates

According to the source code all the links have the session id in the URL.  Can you supply us with a sample of the query/php code that you run before displaying the first page, and for creating the urls.

0
 
mzehnerAuthor Commented:
The code needs cleaned up but here it is:

$page=1;
if (!$QUERY_STRING)  /* Use sections for query unless there is a query string */
{
  $sectionn="sections";
  $section=$sectionn;
}
else
{
  $dash="-";
  $pos=strpos($QUERY_STRING,$dash);
  if ($pos===false)
  {
     $sectionn=$QUERY_STRING;
  }
  else
  {
    $sectionn=substr($QUERY_STRING,0,$pos);  //should now have section name
    $page=substr($QUERY_STRING,$pos+1);  //should now have page
  }
  $section=$sectionn;
  $thisection=$sectionn; //Store the section in case of a search
}
if ($section=="unknown")
{
  $section="sections";
}

The code for the links on the left is hardcoded in HTML as follows:

<li class="dot"><a class="featureSetText" href="ctt.php?olschool" target="_top" onMouseOver="window.status='On Line Schools' ;return true" onMouseOut="window.status='';return true">On Line Schools</a>
0
 
mzehnerAuthor Commented:
I've added the code written by dkjariwala and it stripped the session ID so the problem no longer appears.

I think andreif may have posted the reason for the change.  The statement by dkjariwala is also correct, but I believe it depends on how my web site host compiled the PHP.  Still investigating this.
0
 
dkjariwalaCommented:
So who would get the points ?? ;)

JD
0
 
andreifCommented:
Hi mzehner, I think there was an answer, am I right?
0
 
mzehnerAuthor Commented:
Sorry for the delay.  I have been very busy and had a difficult time deciding who should get the points.

It seems like the changes to PHP have slowed the performance of the site.  I have removed PHP sessions from the main pages of the site due to performance.  I am beginning to think sessions should be avoided unless absolutely necessary.  Use of hidden variables in forms to pass extra information rather than sessions is a good idea.
0

Featured Post

Technology Partners: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 6
  • 5
  • 4
  • +2
Tackle projects and never again get stuck behind a technical roadblock.
Join Now