Want to protect your cyber security and still get fast solutions? Ask a secure question today.Go Premium

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 1157
  • Last Modified:

SESSION values incorrect after POST / refresh

I am trying to save a value to a session variable and use it later for verification purposes, but this value is updated / altered by php if the user waits too long before reloading the page.

An example with code follows.   In this example, I simply want the SESSION variable to update by a count of 1 everytime the page is loaded or reloaded.   Unfortunately, if you wait 5, 10, 15 or more seconds and then hit refresh, the counter increases by a much larger factor.  I do not understand what is happening, and why php is arbitrarily changing my SESSION values.

The same happens when I store the current time.  PHP will change the time on the next refresh.

I am using PHP 4.3.10.  I am not sure if there were known SESSION issues with this load.

code:


<?

session_start();

                // Check if variable is set.  If so, print it.. if not, say so.
      echo "START<BR>";
      if (isset($_SESSION['dCode']))
            echo "SESSION dCode = " . $_SESSION['dCode'] . "<br>";
      else
            echo "SESSION dCode not SET<br>";
      echo "<br>------------------------<br>";


                // Retrieve Session Variable contents
      if (isset($_SESSION['dCode']))
            $temp = $_SESSION['dCode'];
      else
            $temp = 0;
            
                // Update Variable here
      $_SESSION['dCode'] = $temp + 1;


                //  This should show the incremented variable.
      echo "END<BR>";
      if (isset($_SESSION['dCode']))
            echo "SESSION dCode = " . $_SESSION['dCode'] . "<br>";
      else
            echo "SESSION dCode not SET<br>";
      echo "<br>------------------------<br>";

?>
0
Skytzo
Asked:
Skytzo
  • 4
  • 3
  • 3
  • +3
1 Solution
 
RoonaanCommented:
How would php know that you don't want to change the variables on refresh?

-r-
0
 
Ivo StoykovCommented:
Hello Skytzo,

> The same happens when I store the current time.  PHP will change the
> time on the next refresh.
this is normal because each refresh is a new different request/response communication between client and server. If your logic is to increment the value each time the page is hit - php just does this.

you could try to implement some logic to diferenciate requests by client's IP or cookies or whatever else and to increment the value only of these are diferent values...

HTH

I
0
 
SkytzoAuthor Commented:
Let me explain a little more why I am puzzled by this.

If I load the page and get the counters to show

1
2

I am fine, since they are sequential and correct.   When I refresh the page, I would expect the counters to show

2
3

BUT, this is not always the case.   If you wait 10 seconds or so and hit refresh, you could see something like

14
16


I would like to know where PHP gets the arbitrary value to increase my counters?   It is as if it assumes I have reloaded the page multiple times when I have only done it once.



0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
Ivo StoykovCommented:
Hi Skytzo,

check where else you're using $temp variable...

regards

I
0
 
SkytzoAuthor Commented:

In this case no where..   That is why I wanted to give you all a simple single page code example to try out yourselves.  Here it is, even simpler.  Excuse the lack of error handling code.

Put this code in a php file and run it yourself.   Refresh the page a couple of times.  Then wait some time between refreshes.   You will see that the SESSION value is only updated after the initial echo statement, yet when you refresh, somehow, the SESSION value is modified from when it was last displayed.

The first echo should be the same as the last echo prior to refreshing the page.  Does that make sense?


<?

session_start();

     echo $_SESSION['value'];

     // Update Variable here
     $_SESSION['value'] = date("H:i:s");

     echo $_SESSION['value'];


?>
0
 
Ivo StoykovCommented:
Hi Skytzo,

<?

session_start();

     echo "old value: " . $_SESSION['value'] . "<br>";

     // Update Variable here
     $_SESSION['value'] = date("H:i:s");

     echo "new value: " . $_SESSION['value'];


?>


the result at mine machine is

old value: 10:26:18
new value: 10:26:49

old value: 10:26:49
new value: 10:27:03

i.e. only seconds have changed which correspond to the interval between reloads...

regards

I
0
 
dutchclanCommented:
as  ivostoykov stated it should not be any problem.

But you might want to try writing them to vars and process the increase there and rewrite them to the session vars.

Something like

<?php

If(isset($_SESSION['dCode']) ){
      $my_var = $_SESSION['dCode'];
      unset($_SESSION['dCode']);
      $my_var ++;
      $_SESSION['dCode'] = $my_var;
}else{
      $my_var = 1;
}

echo "$my_var";

?>

This way you are sure you always calc with empty array`s (my_var is reset on reload) and always sure you work with an emty $_SESSION for its unset then set again. This way you will get a better fault tollerance.

Good luck
0
 
dutchclanCommented:
Ps!!

do unset($_SESSION['my_val']); before writing to it, always make sure the array key is empty before you write the new value.
0
 
ClickCentricCommented:
For the record, your original code works just fine for me on my server.  I have php 4.4.2.  You may want to check your session settings.  Though that doesn't seem too likely either.  You don't have more than one browser window open to that page when you're testing it, do you?  You may be overlapping your sessions.
0
 
SkytzoAuthor Commented:
Alright.  

I am using IE 7 beta 2 and it appears that this is causing the problem with php sessions.   Firefox worked correctly.

I will have to get IE 6 going again.

Thanks.
0
 
ClickCentricCommented:
Thanks for the points, though I didn't really answer your question.  But a C?? :P  Seriously, though, I wouldn't mind if you wanted to have the points recalled and just close the question.
0
 
SkytzoAuthor Commented:
That suits me.  How do I go about getting points recalled?

C, because of the way they worded the A, B and C.  Its not meant as a hit or anything.  I will see what I can do.
0
 
ClickCentricCommented:
I think you can just post a message in the support section.  I've never actually done it, though, so don't quote me on that.
0
 
NetminderCommented:
Closed, 350 points refunded.
Netminder
Site Admin
0

Featured Post

Industry Leaders: We Want Your Opinion!

We value your feedback.

Take our survey and automatically be enter to win anyone of the following:
Yeti Cooler, Amazon eGift Card, and Movie eGift Card!

  • 4
  • 3
  • 3
  • +3
Tackle projects and never again get stuck behind a technical roadblock.
Join Now