PHP session_start() causes double page requests?
I've got a weird thing happening where web browsers are calling a page twice even though it was loaded only once.
The only thing I can see might be causing this must be either some PHP thing with sessions or an Apache misconfiguration.
Attached headers showing the request as well as the HTML of the page. Notice that this is a simple page, no JavaScript, no frames, no external images/css, etc.
What in the world could be causing this?!
This is so weird.
The only thing I can see might be causing this must be either some PHP thing with sessions or an Apache misconfiguration.
Attached headers showing the request as well as the HTML of the page. Notice that this is a simple page, no JavaScript, no frames, no external images/css, etc.
What in the world could be causing this?!
This is so weird.
===Initial Request===
GET /user/home/ HTTP/1.1
Host: www.t1shopper.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Cookie: PHPSESSID=sicX8F09WQ830n8g3xxxxxx6ve8; tsmc=no%20id
===Initial Response===
HTTP/1.x 200 OK
Date: Sat, 09 Aug 2008 22:10:46 GMT
Server: Apache/2.2.3 (Red Hat)
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Vary: Accept-Encoding,User-Agent
Content-Encoding: gzip
Keep-Alive: timeout=2, max=100
Connection: Keep-Alive
Transfer-Encoding: chunked
Content-Type: text/html
===Second Request (note referer) ====
GET /user/home/ HTTP/1.1
Host: www.t1shopper.com
User-Agent: Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1
Accept: image/png,image/*;q=0.8,*/*;q=0.5
Accept-Language: en-us,en;q=0.5
Accept-Encoding: gzip,deflate
Accept-Charset: ISO-8859-1,utf-8;q=0.7,*;q=0.7
Keep-Alive: 300
Connection: keep-alive
Referer: https://www.t1shopper.com/user/home/
Cookie: PHPSESSID=sicX8F09WQ830n8g3xxxxxx6ve8; tsmc=no%20idASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
Oh brother. I found it.
<img src='' height=30 width=1 alt=''>
Amazingly, making a call to an image without a source results in full browser call to the whole page. That's the oddest thing I've seen. I guess I'll be throwing my single pixel spacer back in there.
Unbelievable.
<img src='' height=30 width=1 alt=''>
Amazingly, making a call to an image without a source results in full browser call to the whole page. That's the oddest thing I've seen. I guess I'll be throwing my single pixel spacer back in there.
Unbelievable.
!!
Not sure it calls the whole page in fact... maybe it just gets the header and uses that as an answer?
Not sure it calls the whole page in fact... maybe it just gets the header and uses that as an answer?
No $_SESSION information would be shared between http and https. You might want to be sure it's one or the other for every session. Good luck, ~Ray
ASKER
fibo: Yes, it's amazing, it actually pulls the whole page. Below is a copy of the Apache log showing it - notice the 3468 bytes on both requests and that the second request shows "https://www.t1shopper.com/user/home/" as the referrer.
Ray_Paseur: Thanks, all the links to this section of the website are all HTTPS so a user should never get there via HTTP. If they do, we force them over to HTTPS. We don't allow the SESSION cookie to be set unless we're connected to the User via HTTPS it's part of our security around our cookie handling. https://www.t1shopper.com/cookies.html
It sure seemed like this was a scripting issue so I'm sorry it came down to simple HTML. After spending a few hours on this issue, I felt like dry heaving in the trash can at all my wasted time. Oh well.
Thanks everyone.
Ray_Paseur: Thanks, all the links to this section of the website are all HTTPS so a user should never get there via HTTP. If they do, we force them over to HTTPS. We don't allow the SESSION cookie to be set unless we're connected to the User via HTTPS it's part of our security around our cookie handling. https://www.t1shopper.com/cookies.html
It sure seemed like this was a scripting issue so I'm sorry it came down to simple HTML. After spending a few hours on this issue, I felt like dry heaving in the trash can at all my wasted time. Oh well.
Thanks everyone.
---=== First Request ===---
71.177.216.6 - - [10/Aug/2008:21:03:35 -0700] "GET /user/home/ HTTP/1.1" 200 3468 "-" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1" "o90dNHBPBifuJQKHGxxxxxx3od2"
---=== Second Request ===---
71.177.216.6 - - [10/Aug/2008:21:03:36 -0700] "GET /user/home/ HTTP/1.1" 200 3468 "https://www.t1shopper.com/user/home/" "Mozilla/5.0 (Windows; U; Windows NT 5.1; en-US; rv:1.9.0.1) Gecko/2008070208 Firefox/3.0.1" "o90dNHBPBifuJQKHGxxxxxx3od2"
ASKER
Thanks for reviewing the code!
B-))
ASKER
I'm hesitant to post the source code - it's quite long and would reveal all my security stuff (removing all the proprietary security stuff would take a long time). The page opens up like this and goes something like this::
<?php
session_start();
require_once 'helper_methods/class.hm.p
require_once '../variables.html.php';
...
check to make sure certain $SESSION data is present
...
output html
....
What do you think might be in my PHP code that could be causing this? I only use session_start() at the start of the page and then I access and set values in the $_SESSION array through the rest of the script.
I guess I can just start removing sections of code until it stops happening...