Solved

PHP session ID causing error

Posted on 2002-03-18
17
199 Views
Last Modified: 2006-11-17
I have recently written a website in PHP.  My pages use sessions all starting with:
<?php
 session_start();
?>

I use a query to control what part of the mysql database is displayed on each page.  Each page is the same, only the query prompt changes and controls what section information is displayed.

The problem is that when the main page is first opened in the browser, the PHP session ID also is appended to the query string.  This causes the software to think an invalid page is selected.  If I refresh the page in any way this problem disappears and I must open another instance of the browser to make it reappear.

The website address is:
http://www.techtutorials.info

Does anyone have any idea why this problem is occuring and how to solve it?

Thanks for any help.
0
Comment
Question by:mzehner
  • 6
  • 5
  • 4
  • +2
17 Comments
 
LVL 5

Expert Comment

by:andriv
ID: 6878091
I cannot duplicate your error, I did not have a problem with the main page. How did you enter the page, using back button? If this is what you are doing then you will have the variables originally set.

Is the error on the URL you supplied?

Try to retype the URL and hit enter.
0
 
LVL 5

Expert Comment

by:dkjariwala
ID: 6878940
Same, no problem for me either.
JD
0
 
LVL 6

Expert Comment

by:andreif
ID: 6879324
Hi,

I see your problem. You can "clean" QUERY STRING value with this regular expression:

$index = preg_replace("/^(.*?)&.*$/","\\1",$QUERY_STRING);

So, for query string "apps&PHPSESSID=63bc9cb7419234ca61c0120a69216d2e"

$index will contain "apps".

0
 
LVL 5

Accepted Solution

by:
dkjariwala earned 150 total points
ID: 6879341
What if query string contains other parameters getting passed ??

If you just want to clean up you can use,


$index = remove_querystring($QUERY_STRING,'PHPSESSID');

function remove_querystring($url,$word)
{
    return preg_replace("/(\&{0,1}$word=\w+)(\&{0,1}\w+){0,1}/","\\2",$url);

}



JD
0
 
LVL 6

Expert Comment

by:andreif
ID: 6879348
Comment to my code:

it returns the first part of QUERY STRING, from the very beginning till the first & - so it will work with any additional parameters which can be need later
0
 
LVL 5

Expert Comment

by:dkjariwala
ID: 6879359
I was talking case where PHPSESSID is inbetween other parameters.  ;)

JD
0
 
LVL 2

Author Comment

by:mzehner
ID: 6882374
I get the problem in IE 6.0 and I believe on other computers I am using IE 5.5 or 5.0.  It only occurs the first time the browser is opened to that page.  If you right click on the link above and open another browser window in IE, then hold the mouse over a link, you should see the PHP session ID show up.

I believe andreif and dkjariwala may have a good solution but I am curious as to why this would happen in the first place.  I think it is an interesting problem.  When I first created the web site, I did not notice this problem.  I had not changed the code for a while, then the problem began.  I wonder if my provider may have made server changes that could have affected it.  I know there has been a recent PHP security patch.  Could this patch have affected this?

I will try the solutions tonight.

Thanks for your answers.
0
 
LVL 6

Expert Comment

by:andreif
ID: 6882389
I think this text from manual gives answer:

"PHP is capable of doing this transparently when compiled with --enable-trans-sid. If you enable this option, relative URIs will be changed to contain the session id automatically."

So, it's possible that PHP settings were changed
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 5

Expert Comment

by:dkjariwala
ID: 6882483
Yeah ,

but PHP also utilises cookie to pass on session ID not necessarily through query string.

JD
0
 
LVL 6

Expert Comment

by:andreif
ID: 6882499
I think this text from manual gives answer:

"PHP is capable of doing this transparently when compiled with --enable-trans-sid. If you enable this option, relative URIs will be changed to contain the session id automatically."

So, it's possible that PHP settings were changed
0
 
LVL 6

Expert Comment

by:andreif
ID: 6882505
sorry for copy :)
0
 
LVL 9

Expert Comment

by:waygood
ID: 6883853
Got the same problem using IE6 and Netscape 6.2, even when I use any of your sites links in a new window.

http://www.techtutorials.info/ctt.php?olschool

How are you generating your first page?
Believe this is were the problem originates

According to the source code all the links have the session id in the URL.  Can you supply us with a sample of the query/php code that you run before displaying the first page, and for creating the urls.

0
 
LVL 2

Author Comment

by:mzehner
ID: 6885216
The code needs cleaned up but here it is:

$page=1;
if (!$QUERY_STRING)  /* Use sections for query unless there is a query string */
{
  $sectionn="sections";
  $section=$sectionn;
}
else
{
  $dash="-";
  $pos=strpos($QUERY_STRING,$dash);
  if ($pos===false)
  {
     $sectionn=$QUERY_STRING;
  }
  else
  {
    $sectionn=substr($QUERY_STRING,0,$pos);  //should now have section name
    $page=substr($QUERY_STRING,$pos+1);  //should now have page
  }
  $section=$sectionn;
  $thisection=$sectionn; //Store the section in case of a search
}
if ($section=="unknown")
{
  $section="sections";
}

The code for the links on the left is hardcoded in HTML as follows:

<li class="dot"><a class="featureSetText" href="ctt.php?olschool" target="_top" onMouseOver="window.status='On Line Schools' ;return true" onMouseOut="window.status='';return true">On Line Schools</a>
0
 
LVL 2

Author Comment

by:mzehner
ID: 6885247
I've added the code written by dkjariwala and it stripped the session ID so the problem no longer appears.

I think andreif may have posted the reason for the change.  The statement by dkjariwala is also correct, but I believe it depends on how my web site host compiled the PHP.  Still investigating this.
0
 
LVL 5

Expert Comment

by:dkjariwala
ID: 6885250
So who would get the points ?? ;)

JD
0
 
LVL 6

Expert Comment

by:andreif
ID: 6900140
Hi mzehner, I think there was an answer, am I right?
0
 
LVL 2

Author Comment

by:mzehner
ID: 6910488
Sorry for the delay.  I have been very busy and had a difficult time deciding who should get the points.

It seems like the changes to PHP have slowed the performance of the site.  I have removed PHP sessions from the main pages of the site due to performance.  I am beginning to think sessions should be avoided unless absolutely necessary.  Use of hidden variables in forms to pass extra information rather than sessions is a good idea.
0

Featured Post

How to improve team productivity

Quip adds documents, spreadsheets, and tasklists to your Slack experience
- Elevate ideas to Quip docs
- Share Quip docs in Slack
- Get notified of changes to your docs
- Available on iOS/Android/Desktop/Web
- Online/Offline

Join & Write a Comment

Suggested Solutions

Title # Comments Views Activity
Time difference 10 35
update field on focusout 15 22
Phone Dialer 5 36
How to load vendor files from Composer into specify directory 13 17
Introduction HTML checkboxes provide the perfect way for a web developer to receive client input when the client's options might be none, one or many.  But the PHP code for processing the checkboxes can be confusing at first.  What if a checkbox is…
Things That Drive Us Nuts Have you noticed the use of the reCaptcha feature at EE and other web sites?  It wants you to read and retype something that looks like this.Insanity!  It's not EE's fault - that's just the way reCaptcha works.  But it is …
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

706 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

18 Experts available now in Live!

Get 1:1 Help Now