Solved

Session-Related Logic Error

Posted on 2010-11-23
20
535 Views
Last Modified: 2013-12-07
I need another pair of eyes on this problem.  I have two scripts identical except for the instruction on line 34.  One works and one does not.  You can install the code here and run it to see the effect in action.  On my server, the apparent error is that the Session array does not hold the "cv" value if the value was generated by rand().

This one works as expected:
<?php // RAY_temp_session_works.php
error_reporting(E_ALL);

// ALWAYS START SESSION UNCONDITIONALLY
session_start();
if (empty($_SESSION["cv"])) $_SESSION["cv"] = '?';

// SET FORM STRING
$str = <<<'EOCAP'
<pre>
<form method="post">
ENTER 'CCC' IN THIS BOX:
<input name="cv" value="" autocomplete="off" />
<input type="submit" />
</form>
EOCAP;

// WAS THE FORM SUBMITTED?
if (!empty($_POST["cv"]))
{
    // SHOW SESSION AND POST
    echo "<pre>";
    echo "SESSION: ";
    var_dump($_SESSION);
    echo "POST: ";
    var_dump($_POST);

    // TEST FOR MATCH
    if ($_POST["cv"] == $_SESSION["cv"]) echo PHP_EOL . 'MATCH';
    if ($_POST["cv"] != $_SESSION["cv"]) echo PHP_EOL . 'NO MATCH';
}

// GET A NEW FIXED VALUE
$cv = '321';

// STORE THE VALUE IN THE SESSION
$_SESSION["cv"] = $cv;

// AND PRODUCE THE FORM
$new = str_replace('CCC', $cv, $str);
echo $new;
var_dump($_SESSION);

Open in new window


This one does not work as expected:
<?php // RAY_temp_session_error.php
error_reporting(E_ALL);

// ALWAYS START SESSION UNCONDITIONALLY
session_start();
if (empty($_SESSION["cv"])) $_SESSION["cv"] = '?';

// SET FORM STRING
$str = <<<'EOCAP'
<pre>
<form method="post">
ENTER 'CCC' IN THIS BOX:
<input name="cv" value="" autocomplete="off" />
<input type="submit" />
</form>
EOCAP;

// WAS THE FORM SUBMITTED?
if (!empty($_POST["cv"]))
{
    // SHOW SESSION AND POST
    echo "<pre>";
    echo "SESSION: ";
    var_dump($_SESSION);
    echo "POST: ";
    var_dump($_POST);

    // TEST FOR MATCH
    if ($_POST["cv"] == $_SESSION["cv"]) echo PHP_EOL . 'MATCH';
    if ($_POST["cv"] != $_SESSION["cv"]) echo PHP_EOL . 'NO MATCH';
}

// GET A NEW RANDOM VALUE
$cv = (string)rand(101, 999);

// STORE THE VALUE IN THE SESSION
$_SESSION["cv"] = $cv;

// AND PRODUCE THE FORM
$new = str_replace('CCC', $cv, $str);
echo $new;
var_dump($_SESSION);

Open in new window


Thanks for your help, ~Ray
0
Comment
Question by:Ray Paseur
  • 9
  • 6
  • 4
20 Comments
 
LVL 13

Expert Comment

by:dsmile
ID: 34198632
Are you sure $str is well defined?

$str = <<<'EOCAP'

Parse error: parse error, unexpected T_SL in xxx.php on line 9
0
 
LVL 13

Expert Comment

by:dsmile
ID: 34198747
After I corrected that $str, I've got your script run.
And both scripts run fine as designed.

Don't know how your server configured but I suggest that you change each keyname of POST and SESSION that represents cv to different names so that there're no chances that php engine might get confused.
0
 
LVL 108

Author Comment

by:Ray Paseur
ID: 34198902
$str = <<<'EOCAP'

This is NOWDOC syntax.  PHP 5.3+
http://www.php.net/manual/en/language.types.string.php#language.types.string.syntax.nowdoc

Can you please post a link to where you have the scripts installed?  I would like to observe.  My versions are here:
http://www.laprbass.com/RAY_temp_session_works.php
http://www.laprbass.com/RAY_temp_session_error.php

Thanks, ~Ray
0
 
LVL 13

Expert Comment

by:dsmile
ID: 34199422
Sorry, I didn't know that. I'm still using PHP 5.2

I don't have a host so I can't show you my deployment of your scripts.
But when I access your online versions, they still work fine.

I use FF 3.6.12 and IE8.
ray-session-ie.JPG
0
 
LVL 108

Author Comment

by:Ray Paseur
ID: 34199786
Interesting.  I deleted my cookies, and reran the test.  It worked correctly on IE8 and failed on FF 3.6.12.  Did you actually test FF 3.6.12?  I noticed that your posted image was IE.

Thanks for your help here.  Still not sure what to make of this.
0
 
LVL 13

Expert Comment

by:dsmile
ID: 34202929
Yes I did, Ray, just forgot to attach the screenshot.

If deleting cookies makes it run again, then a little tweak on session configuration in php.ini might help.
Let me know when you find the root cause :)
ray-session-ff.JPG
0
 
LVL 108

Author Comment

by:Ray Paseur
ID: 34205210
No, deleting the cookies did not make it run correctly.  I'm mystified.  I've reproduced the failure on a PHP 5.2 server, so I am beginning to think there is something wrong with my installation of FF.
0
 
LVL 11

Accepted Solution

by:
Bruce Smith earned 500 total points
ID: 34421060
For what it's worth, I'm using FF 4.0 Beta 7 and both appear to work fine. See the following:

Supposed Error Script:
 Error Script
Working Script:
 Working Script
0
 
LVL 11

Assisted Solution

by:Bruce Smith
Bruce Smith earned 500 total points
ID: 34421133
They both work fine in IE7, IE8, and FF 4.0 Beta 7 on my installation:

http://www.patsmitty.com/ExpertsExchange/temp_session_works.php
http://www.patsmitty.com/ExpertsExchange/temp_session_error.php

I am running PHP Version 5.2.14
0
Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

 
LVL 11

Assisted Solution

by:Bruce Smith
Bruce Smith earned 500 total points
ID: 34421208
And... I just tested it on both servers via FF 3.6.13 and both worked as expected.

Just for giggles, what does your about:config look like for your browser's session settings? Here is mine:
About:Config
0
 
LVL 108

Author Comment

by:Ray Paseur
ID: 34422658
Here's mine.
about-config.png
0
 
LVL 108

Author Comment

by:Ray Paseur
ID: 34422667
And while it works for you, I am still getting the error from this URL
http://www.laprbass.com/RAY_temp_session_error.php

And I am still amazed!
error.png
0
 
LVL 11

Expert Comment

by:Bruce Smith
ID: 34422988
Do you still get it from my URL Ray, or is it just yours?
http://www.patsmitty.com/ExpertsExchange/temp_session_error.php

If you only get the error on yours then I would assume that your php settings have to be the culprit. But if you get the error on both, then re-install your FF and see if that doesn't fix it.

Could this be a caveat to the good quote: "To err is human, and to blame it on a computer is even more so"?  haha
0
 
LVL 108

Author Comment

by:Ray Paseur
ID: 34423090
See attached.  I'm not exactly a novice in computer science and I am completely baffled.  I'm at PHP Version 5.3.4.  This is the only session-related error I have been able to cause.  I'll probably re-install FF, but I sure would like to know how the error is occurring.
patsmitty.png
0
 
LVL 11

Assisted Solution

by:Bruce Smith
Bruce Smith earned 500 total points
ID: 34423947
Try it again here: http://www.patsmitty.com/ExpertsExchange/temp_session_error.php

I replaced
$cv = (string) rand(101, 999);

Open in new window

with
$cv = '' . rand(101, 999);

Open in new window


Or try this one here (http://www.patsmitty.com/ExpertsExchange/temp_session_error_1.php) where I store the rand() into a variable and then cast that variable into a string:
// GET A NEW RANDOM VALUE
$cv1 = rand(101, 999);
$cv = (string) $cv1;

Open in new window


Shouldn't matter, but it's worth the shot. I can't think of any reason the fixed value would work where the random value wouldn't.

Happy Holidays
0
 
LVL 108

Author Comment

by:Ray Paseur
ID: 34423989
temp_session_error.php - NO MATCH
temp_session_error_1.php - NO MATCH

Thanks.  I may take this mystery to the grave.
0
 
LVL 108

Author Closing Comment

by:Ray Paseur
ID: 36288443
Never debugged the issue, but it went away when I upgraded Firefox, so I am a happy camper.  @patsmitty: Thanks for your help.  I, too, can't think of any reason the fixed value would work where the random value wouldn't.
0
 
LVL 11

Expert Comment

by:Bruce Smith
ID: 36289831
I guess I just don't understand how the browser could corrupt sessions somehow. Maybe, just maybe a plugin/add-on that you had was interfering. Thanks for the points though.

Cheers
0
 
LVL 108

Author Comment

by:Ray Paseur
ID: 36289921
Yeah, I don't understand it either.  Probably something about returning the wrong cookie.  Thanks for your help just the same!
0

Featured Post

Is Your Active Directory as Secure as You Think?

More than 75% of all records are compromised because of the loss or theft of a privileged credential. Experts have been exploring Active Directory infrastructure to identify key threats and establish best practices for keeping data safe. Attend this month’s webinar to learn more.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Introduction If you're like most people, you have occasionally made a typographical error when you're entering information into an online form.  And to your consternation, the browser remembers the error, and offers to autocomplete your future entr…
Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
The viewer will learn how to create a basic form using some HTML5 and PHP for later processing. Set up your basic HTML file. Open your form tag and set the method and action attributes.: (CODE) Set up your first few inputs one for the name and …
How to create a custom search shortcut to site-search Experts Exchange using Google in the Firefox browser. This eliminates the need to type out site:experts-exchange.com whenever you want to search the site. Launch your Bookmark Menu: Press 'Ctrl +…

920 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

12 Experts available now in Live!

Get 1:1 Help Now