Solved

$_SESSION not working

Posted on 2015-02-16
23
55 Views
Last Modified: 2015-02-19
I have a situation where php $_SESSION is failing.

See attached programs. payment.php accepts customer payment info.

captcha.php is a simple captcha program.

payment_step2.php processes the payment; not I have cust it short to try to figure out the $_SESSION failure.

pmnt_test.php is a VERY simple program that uses captcha.php & goes to payment_step2.php.

When I use pmnt_test.php, $_SESSION variable is correctly passed. When I use payment.php, $_SESSION variables don;t exist for payment_step2.php.

If you want a url, I'll send it. You just have to enter a lot into payment.php to get to the error.

Thanks
captcha.php
payment.php
payment-step2.php
pmnt-test.php
0
Comment
Question by:Richard Korts
  • 11
  • 6
  • 6
23 Comments
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 40613015
0
 

Author Comment

by:Richard Korts
ID: 40613027
Ray,

I moved session_start() to the VERY top of payment_step2.php.

Still the same

Thanks
0
 
LVL 108

Accepted Solution

by:
Ray Paseur earned 250 total points
ID: 40613030
My guess would be that there is a conditional statement somewhere that is causing session_start() to be skipped, or there is a similar logic failure that is omitting a step that is expected to set a value in the session array.

I don't see anything obviously wrong, and the scripts do not appear to be testable, so I'll just try to give you the general advice, although it's probably restating the article.  

Go into all of these scripts and make session_start() be the first executable instruction.  First instruction in all of them, no excuses,  Even if all the script does is produce some HTML, put <?php session_start(); ?> on the first line.
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 40613038
You should also verify that the client browser is accepting cookies.

You might also try this experiment.  I have never seen a correctly configured server that fails this test - the number always increments when you tell it to increment.  If this fails, then your hosting company needs to come to your rescue.
<?php // RAY_session_test.php
error_reporting(E_ALL);


// DEMONSTRATE HOW PHP SESSIONS WORK
// MAN PAGE HERE: http://php.net/manual/en/function.session-start.php


// START THE SESSION (DO THIS FIRST, UNCONDITIONALLY, IN EVERY PHP SCRIPT ON EVERY PAGE)
session_start();

// INITIALIZE THE SESSION ARRAY TO SET A DEFAULT VALUE
if (empty($_SESSION["cheese"])) $_SESSION["cheese"] = 1;

// SEE IF THE CORRECT SUBMIT BUTTON WAS CLICKED
if (isset($_POST['fred']))
{
    // ADD ONE TO THE CHEESE
    $_SESSION['cheese']++;
}

// RECOVER THE CURRENT VALUE FROM THE SESSION ARRAY
$cheese = $_SESSION['cheese'];


// END OF PROCESSING SCRIPT - CREATE THE FORM USING HEREDOC NOTATION
$form = <<<ENDFORM
<html>
<head>
<title>Session Test</title>
</head>
<body>
Currently, SESSION["cheese"] contains: $cheese<br/>
<form method="post">
<input type="submit" value="increment this cheese" name="fred"  />
<input type="submit" value="leave my cheese alone" name="john" />
</form>
</body>
</html>
ENDFORM;

echo $form;

Open in new window

0
 

Author Comment

by:Richard Korts
ID: 40613180
Ray,

Thanks for all that.

I put session_start() on the VERY first line of the script payment_step2.php.

Recall that I said that when I do a SIMPLE text program (I enclosed it. pmnt_test.php), it works fine.

So my conclusion is there is something the the "real" payment page, payment.php, that is causing this, because when I use the simple test, it works & that uses all the pieces EXCEPT payment.php.

Thanks
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 40613183
Where is session_start() in payment.php now?
0
 

Author Comment

by:Richard Korts
ID: 40613190
Ray,

I ran your session test; it worked fine.

Richard
0
 

Author Comment

by:Richard Korts
ID: 40613197
Ray,

On payment.php it was NOT at the top, I just put it there & tested again, no change.

The echos's in payment_step2.php show BOTH the session variables blank.

I have a plan "B", I can build a database table & let the captcha put the value in there with a random key I give to it, etc., & pass the key as a hidden form field to the processing page, but what a bunch of crap.

Thanks,

Richard
0
 
LVL 82

Expert Comment

by:Dave Baldwin
ID: 40613213
In payment_step2.php you have an echo on line 7.  That alone should cause the session_start() cookie to fail.  Things like that are why session_start() must go first.
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 40613229
Might be worth posting the most current versions of those scripts so we can see exactly what we're working with now.  Also, make sure your browser cache is cleared.
0
 

Author Comment

by:Richard Korts
ID: 40613236
Dave,

That was correct, I fixed that & it made NO difference.

The top of payment_step2.php now looks like this:

<?php
      session_start();
      //require_once 'securimage/securimage.php';
      
      $emailTo = 'payments@rain1.com';

 echo "entered page<br>";

As I have stated several times, when I use the program (attached to the original post) pmnt_test.php, it passes the session variables just fine. It even did that BEFORE I moved session_start() to the top.

Thanks
0
Threat Intelligence Starter Resources

Integrating threat intelligence can be challenging, and not all companies are ready. These resources can help you build awareness and prepare for defense.

 

Author Comment

by:Richard Korts
ID: 40613253
To all,

Attached are the current versions of all. Except for the placement of session_start() at the top of payment.php & payment_step2.php, I believe they are identical to those previously submitted.

You can try the test version at www.rain1.com/payment/pmnt_test.php. Unless it's changed, the "captcha" code will be passed to payment_step2.php successfully.

Worked that way earlier, but paranoia is creeping in.................
payment-step2.php
payment.php
captcha.php
pmnt-test.php
0
 
LVL 82

Assisted Solution

by:Dave Baldwin
Dave Baldwin earned 250 total points
ID: 40613271
Richard, there is no magic to sessions.  It's just a matter of getting it right.  After correcting a number of errors and converting 'payment.php' to long open tags instead of short and moving the test $_SESSION variables to the top of 'payment-step2.php' (note the '-' instead of '_') so I didn't have to mess with the rest of the code there, the $_SESSION variables showed up as they should.
0
 
LVL 108

Expert Comment

by:Ray Paseur
ID: 40613280
This may be completely unrelated but you might want to stop using the short-open tags.  Short-echo tags are preserved, but short-open tags are being removed from PHP.

To give an example, use this: <?php and do not use this: <?

Also, please clarify... The last script named pmnt-test.php -- there is no PHP and therefore no session_start() statement in this script?  Any reason why not?  I don't really know whether this is a problem or not, but when I'm dealing with PHP scripts it makes sense to make all of them PHP scripts and do the initialization in all of the scripts.
0
 

Author Comment

by:Richard Korts
ID: 40613293
Ray,

The session variable is created by captcha.php. Where it says <img src='captcha.php />

Maybe that's part of the problem? If you look in the code of captcha.php..........

I'm aware of the short tags. ALL this code except the test program pmnt_test.php I have acquired from other sources. In fact, payment_step2.php is from Authorize.net, modified (by the original developer) slightly to include the captcha stuff.

captcha.php is from the author of that. I downloaded it today because the other captcha was not working (probably because of the session issue).

Thanks

Richard
0
 
LVL 82

Expert Comment

by:Dave Baldwin
ID: 40613299
In my testing, I changed all the short tags to long tags and 'captcha.php' worked fine.  Because I had no need to go thru all the code in 'payment_step2.php', I just put this at the top of the page and it worked fine.  It shows that the session_start() is working properly on that page.

<?php
	session_start();
	//require_once 'securimage/securimage.php';
	// Check CAPTCHA input
	echo "sess var = " . $_SESSION['code'] ."<br>";
	echo "sess test var = " . $_SESSION['test'];
	exit;

Open in new window

0
 

Author Comment

by:Richard Korts
ID: 40613308
Dave,

It works fine when used from pmnt_test.php.

It DOES NOT work from the real payment page.

Go to www.rain1.com/payment/payment.php.

Just get the captcha code & submit; the tests for all the other stuff are later if you use your page.

Thanks.
0
 
LVL 82

Expert Comment

by:Dave Baldwin
ID: 40613343
I fixed your payment page so it works.
payment.php
0
 

Author Comment

by:Richard Korts
ID: 40614502
Dave Baldwin,

I used your version, same result, nothing in the session variables.

The customer agreed to remove captcha because we decided it was not needed in this case, but it would still be nice to get this fixed & understand why it fails

Thanks,

Richard
0
 
LVL 82

Expert Comment

by:Dave Baldwin
ID: 40614827
But Richard... it works here.  Use my version of 'payment.php' and put my code above as the first thing in 'payment_step2.php'.  The 'captcha' has nothing to do with your problem.
0
 

Author Comment

by:Richard Korts
ID: 40614839
I used your payment.php, I changed payment_step2.php to be exactly like you said.

I'm going to try those pages on another server to see if I can replicated the issue, I have to move on with other late projects right now, maybe a day or so.

I spent 100% of yesterday on this crap.

Thanks,

Richard
0
 
LVL 82

Expert Comment

by:Dave Baldwin
ID: 40614877
Ok, we'll be here.  Just know that $_SESSIONS works and it basically works in the code that you posted.  I have yet to see a server that sessions do not work on.  Although... I vaguely recall one instance where the PHP session.save_path was either not configured or not write-able.  That would cause the variables to no be saved.
0
 

Author Closing Comment

by:Richard Korts
ID: 40620195
I will have to revisit this in the future.

Points awarded for your efforts.

I got around the problem by removing captcha; we decided it was not needed in this case.

Thanks
0

Featured Post

Highfive Gives IT Their Time Back

Highfive is so simple that setting up every meeting room takes just minutes and every employee will be able to start or join a call from any room with ease. Never be called into a meeting just to get it started again. This is how video conferencing should work!

Join & Write a Comment

Part of the Global Positioning System A geocode (https://developers.google.com/maps/documentation/geocoding/) is the major subset of a GPS coordinate (http://en.wikipedia.org/wiki/Global_Positioning_System), the other parts being the altitude and t…
Nothing in an HTTP request can be trusted, including HTTP headers and form data.  A form token is a tool that can be used to guard against request forgeries (CSRF).  This article shows an improved approach to form tokens, making it more difficult to…
Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.

746 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

13 Experts available now in Live!

Get 1:1 Help Now