Solved

Problem with PHP SESSION variables changes

Posted on 2012-03-14
9
297 Views
Last Modified: 2012-03-15
Short form: what might lead $_SESSION content to change between several PHP pages?

Background:
1 - In a php page, I add values to $_SESSION, then session_write_close() [note: values were successfully written in $_SESSION in a previous PHP page] ; if later in php script displaying $_SESSION, its contents displays as expected. This, I did believe, proves that $_SESSION content has been recorded correctly, without waiting the end of running the php script.

2 - In the next php page... $_SESSION displays without my last changes

Any idea? In which situations do you think this might happen?

3 - More background info: the first page does not call directly the second; in fact, these pages are called one after the other from an html/javascript script running on the client with the iUi library. This runs Ajaxly the php scripts: they run on the server and any html/text output is handled on the client. And yes, this works fine for the php scripts before the ones where I meet the problem.
0
Comment
Question by:fibo
9 Comments
 
LVL 1

Expert Comment

by:rakjosh
ID: 37719161
Hi,
have you included session_start(); on other pages.
0
 
LVL 36

Expert Comment

by:Loganathan Natarajan
ID: 37719219
You could always check the session values on the pages, by just printing this line,

print '<pre>';
print_r ($_SESSION);
0
 
LVL 29

Author Comment

by:fibo
ID: 37719336
@rakjosh: yes I have
@logutdotcom: yes, I do. That's how I see that the values are there "before" and not "after"

B-) just for the record, a nice way of doing this is basically:
echo "** SESSION values: <pre>", print_r($_SESSION,true), "</pre><br>***";
0
 
LVL 108

Accepted Solution

by:
Ray Paseur earned 500 total points
ID: 37719515
What is the intended result of calling session_write_close()?  Why not just wait and let the garbage collector handle the cleanup?
0
Top 6 Sources for Identifying Threat Actor TTPs

Understanding your enemy is essential. These six sources will help you identify the most popular threat actor tactics, techniques, and procedures (TTPs).

 
LVL 29

Author Comment

by:fibo
ID: 37719744
@Ray:

- intended result of session_write_close: as presented in http://www.php.net/manual/en/function.session-write-close.php, this speeds up the recording of session data in server space, and I am assuming that it avoids some of the problems sometimes found when you write $_SESSION data and later on try to reread it: on some configurations it fails, as it is not guaranteed that the session data is recorded until you end the session by leaving the page.

- anyway, I just removed the instruction, and nothing has changed
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 37719800
OK, if that is the case, I think I would be looking for conditional statements that deal with the contents of $_SESSION.  Are you using HTML frames to run multiple concurrent requests that use the same session?  I am curious about the idea of "write $_SESSION data and later on try to reread it" - what does that mean, exactly?  It seems like inside any given request, you would be able to use $_SESSION like any other variable (and in fact you can, even if you have not executed session_start() which to my way of thinking is a terrible design flaw in PHP).  So the part about "write session data" may not be in play until the session is deliberately closed, or the script is terminated, unless you are using HTML frames.  I do not know what would happen to the session data if the script terminated in a fatal error.
0
 
LVL 29

Author Comment

by:fibo
ID: 37727035
Solved: remove ALL session_write_close as suggested hy Ray.
(I had not removed some existing instances, hence my program was still not working).

1 - Although page http://www.php.net/manual/en/function.session-write-close.php might be interpreted as "session_write_close is recommended for improving performance" it should hav a footnote "but do NOT use it in PHP pages called thru Ajax from a javascript page.

2 - Page http://stackoverflow.com/questions/5130241/php-session-write-close-keeps-sending-a-set-cookie-header presents a possible explanation.
0
 
LVL 29

Author Closing Comment

by:fibo
ID: 37727053
Excellent as usual Ray! Thx a lot.
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 37727324
Wow, thanks for your explanation of that.  I never use session_write_close() and so I would never have gotten tripped by an AJAX-related issue!  That's good information to know.

All the best, ~Ray
0

Featured Post

Better Security Awareness With Threat Intelligence

See how one of the leading financial services organizations uses Recorded Future as part of a holistic threat intelligence program to promote security awareness and proactively and efficiently identify threats.

Join & Write a Comment

Developers of all skill levels should learn to use current best practices when developing websites. However many developers, new and old, fall into the trap of using deprecated features because this is what so many tutorials and books tell them to u…
Introduction A frequently asked question goes something like this:  "I am running a long process in the background and I want to alert my client when the process finishes.  How can I send a message to the browser?"  Unfortunately, the short answer …
Learn how to match and substitute tagged data using PHP regular expressions. Demonstrated on Windows 7, but also applies to other operating systems. Demonstrated technique applies to PHP (all versions) and Firefox, but very similar techniques will w…
The viewer will learn the basics of jQuery, including how to invoke it on a web page. Reference your jQuery libraries: (CODE) Include your new external js/jQuery file: (CODE) Write your first lines of code to setup your site for jQuery.: (CODE)

747 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now