Go Premium for a chance to win a PS4. Enter to Win

x
  • Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 545
  • Last Modified:

Session-Related Logic Error

I need another pair of eyes on this problem.  I have two scripts identical except for the instruction on line 34.  One works and one does not.  You can install the code here and run it to see the effect in action.  On my server, the apparent error is that the Session array does not hold the "cv" value if the value was generated by rand().

This one works as expected:
<?php // RAY_temp_session_works.php
error_reporting(E_ALL);

// ALWAYS START SESSION UNCONDITIONALLY
session_start();
if (empty($_SESSION["cv"])) $_SESSION["cv"] = '?';

// SET FORM STRING
$str = <<<'EOCAP'
<pre>
<form method="post">
ENTER 'CCC' IN THIS BOX:
<input name="cv" value="" autocomplete="off" />
<input type="submit" />
</form>
EOCAP;

// WAS THE FORM SUBMITTED?
if (!empty($_POST["cv"]))
{
    // SHOW SESSION AND POST
    echo "<pre>";
    echo "SESSION: ";
    var_dump($_SESSION);
    echo "POST: ";
    var_dump($_POST);

    // TEST FOR MATCH
    if ($_POST["cv"] == $_SESSION["cv"]) echo PHP_EOL . 'MATCH';
    if ($_POST["cv"] != $_SESSION["cv"]) echo PHP_EOL . 'NO MATCH';
}

// GET A NEW FIXED VALUE
$cv = '321';

// STORE THE VALUE IN THE SESSION
$_SESSION["cv"] = $cv;

// AND PRODUCE THE FORM
$new = str_replace('CCC', $cv, $str);
echo $new;
var_dump($_SESSION);

Open in new window


This one does not work as expected:
<?php // RAY_temp_session_error.php
error_reporting(E_ALL);

// ALWAYS START SESSION UNCONDITIONALLY
session_start();
if (empty($_SESSION["cv"])) $_SESSION["cv"] = '?';

// SET FORM STRING
$str = <<<'EOCAP'
<pre>
<form method="post">
ENTER 'CCC' IN THIS BOX:
<input name="cv" value="" autocomplete="off" />
<input type="submit" />
</form>
EOCAP;

// WAS THE FORM SUBMITTED?
if (!empty($_POST["cv"]))
{
    // SHOW SESSION AND POST
    echo "<pre>";
    echo "SESSION: ";
    var_dump($_SESSION);
    echo "POST: ";
    var_dump($_POST);

    // TEST FOR MATCH
    if ($_POST["cv"] == $_SESSION["cv"]) echo PHP_EOL . 'MATCH';
    if ($_POST["cv"] != $_SESSION["cv"]) echo PHP_EOL . 'NO MATCH';
}

// GET A NEW RANDOM VALUE
$cv = (string)rand(101, 999);

// STORE THE VALUE IN THE SESSION
$_SESSION["cv"] = $cv;

// AND PRODUCE THE FORM
$new = str_replace('CCC', $cv, $str);
echo $new;
var_dump($_SESSION);

Open in new window


Thanks for your help, ~Ray
0
Ray Paseur
Asked:
Ray Paseur
  • 9
  • 6
  • 4
4 Solutions
 
dsmileCommented:
Are you sure $str is well defined?

$str = <<<'EOCAP'

Parse error: parse error, unexpected T_SL in xxx.php on line 9
0
 
dsmileCommented:
After I corrected that $str, I've got your script run.
And both scripts run fine as designed.

Don't know how your server configured but I suggest that you change each keyname of POST and SESSION that represents cv to different names so that there're no chances that php engine might get confused.
0
 
Ray PaseurAuthor Commented:
$str = <<<'EOCAP'

This is NOWDOC syntax.  PHP 5.3+
http://www.php.net/manual/en/language.types.string.php#language.types.string.syntax.nowdoc

Can you please post a link to where you have the scripts installed?  I would like to observe.  My versions are here:
http://www.laprbass.com/RAY_temp_session_works.php
http://www.laprbass.com/RAY_temp_session_error.php

Thanks, ~Ray
0
Concerto Cloud for Software Providers & ISVs

Can Concerto Cloud Services help you focus on evolving your application offerings, while delivering the best cloud experience to your customers? From DevOps to revenue models and customer support, the answer is yes!

Learn how Concerto can help you.

 
dsmileCommented:
Sorry, I didn't know that. I'm still using PHP 5.2

I don't have a host so I can't show you my deployment of your scripts.
But when I access your online versions, they still work fine.

I use FF 3.6.12 and IE8.
ray-session-ie.JPG
0
 
Ray PaseurAuthor Commented:
Interesting.  I deleted my cookies, and reran the test.  It worked correctly on IE8 and failed on FF 3.6.12.  Did you actually test FF 3.6.12?  I noticed that your posted image was IE.

Thanks for your help here.  Still not sure what to make of this.
0
 
dsmileCommented:
Yes I did, Ray, just forgot to attach the screenshot.

If deleting cookies makes it run again, then a little tweak on session configuration in php.ini might help.
Let me know when you find the root cause :)
ray-session-ff.JPG
0
 
Ray PaseurAuthor Commented:
No, deleting the cookies did not make it run correctly.  I'm mystified.  I've reproduced the failure on a PHP 5.2 server, so I am beginning to think there is something wrong with my installation of FF.
0
 
Bruce SmithSoftware Engineer IICommented:
For what it's worth, I'm using FF 4.0 Beta 7 and both appear to work fine. See the following:

Supposed Error Script:
 Error Script
Working Script:
 Working Script
0
 
Bruce SmithSoftware Engineer IICommented:
They both work fine in IE7, IE8, and FF 4.0 Beta 7 on my installation:

http://www.patsmitty.com/ExpertsExchange/temp_session_works.php
http://www.patsmitty.com/ExpertsExchange/temp_session_error.php

I am running PHP Version 5.2.14
0
 
Bruce SmithSoftware Engineer IICommented:
And... I just tested it on both servers via FF 3.6.13 and both worked as expected.

Just for giggles, what does your about:config look like for your browser's session settings? Here is mine:
About:Config
0
 
Ray PaseurAuthor Commented:
Here's mine.
about-config.png
0
 
Ray PaseurAuthor Commented:
And while it works for you, I am still getting the error from this URL
http://www.laprbass.com/RAY_temp_session_error.php

And I am still amazed!
error.png
0
 
Bruce SmithSoftware Engineer IICommented:
Do you still get it from my URL Ray, or is it just yours?
http://www.patsmitty.com/ExpertsExchange/temp_session_error.php

If you only get the error on yours then I would assume that your php settings have to be the culprit. But if you get the error on both, then re-install your FF and see if that doesn't fix it.

Could this be a caveat to the good quote: "To err is human, and to blame it on a computer is even more so"?  haha
0
 
Ray PaseurAuthor Commented:
See attached.  I'm not exactly a novice in computer science and I am completely baffled.  I'm at PHP Version 5.3.4.  This is the only session-related error I have been able to cause.  I'll probably re-install FF, but I sure would like to know how the error is occurring.
patsmitty.png
0
 
Bruce SmithSoftware Engineer IICommented:
Try it again here: http://www.patsmitty.com/ExpertsExchange/temp_session_error.php

I replaced
$cv = (string) rand(101, 999);

Open in new window

with
$cv = '' . rand(101, 999);

Open in new window


Or try this one here (http://www.patsmitty.com/ExpertsExchange/temp_session_error_1.php) where I store the rand() into a variable and then cast that variable into a string:
// GET A NEW RANDOM VALUE
$cv1 = rand(101, 999);
$cv = (string) $cv1;

Open in new window


Shouldn't matter, but it's worth the shot. I can't think of any reason the fixed value would work where the random value wouldn't.

Happy Holidays
0
 
Ray PaseurAuthor Commented:
temp_session_error.php - NO MATCH
temp_session_error_1.php - NO MATCH

Thanks.  I may take this mystery to the grave.
0
 
Ray PaseurAuthor Commented:
Never debugged the issue, but it went away when I upgraded Firefox, so I am a happy camper.  @patsmitty: Thanks for your help.  I, too, can't think of any reason the fixed value would work where the random value wouldn't.
0
 
Bruce SmithSoftware Engineer IICommented:
I guess I just don't understand how the browser could corrupt sessions somehow. Maybe, just maybe a plugin/add-on that you had was interfering. Thanks for the points though.

Cheers
0
 
Ray PaseurAuthor Commented:
Yeah, I don't understand it either.  Probably something about returning the wrong cookie.  Thanks for your help just the same!
0

Featured Post

Ask an Anonymous Question!

Don't feel intimidated by what you don't know. Ask your question anonymously. It's easy! Learn more and upgrade.

  • 9
  • 6
  • 4
Tackle projects and never again get stuck behind a technical roadblock.
Join Now