Killed by cookies

jimatvs

After scouring the four corners of the Internet for help, I've decided to post a message here to see if the experts can get me out of the purgatory I've been living in for the past month. I'll appologize in advance for the lengthy message - this is a real tough one to explain.

I am using PHP Sessions to keep track of what users are viewing what pages etc. and to verify access in password protected web site areas. The problem I am having is that 1 out of probbaly every 20 times, the Session created on the first page viewed by the user is not carried over to the second page. When the user goes to a second page, a new Session is created. The problem is that the first page includes HTTP_GET_VARS variables that are assigned to Session variables.

When a new session is created, I lose track of the HTTP_GET_VARS variables (not to mention, they come up as unvalidated users in password protected areas). Most of the time, the first session sticks and lasts the duration of the visit. When a second session (and sometimes a third session) is spawned, it will stick for the duration of the visit - so I know the visitor accepts cookies. I even created a separate test cookie at the same time as the session is created to see if the problem was session-specific. The cookie, however, has the same problem and is replaced by a second cookie and session for those few users experiencing trouble.

Here is what I've looked at and ruled out:
1) Visitors do accept cookies (the second session/cookie wouldn't stick if their browsers don't accept cookies)
2) The first session that disappears is created on the web server (I see it in a tmp directory I've created).

Here is my code . . .
1) Every php page starts with:
ini_set("session.use_trans_sid", "0");

$screen="intro";
$menu_num=1;
include 'log.php';

2) log.php is as follows:
<?php
function debuglog($urladdress) {
$LogIp1 = getenv("REMOTE_ADDR");
$fp=fopen('debug.txt','a');
$cnt=$SESSION['count'];
$sess=session_id();
if (!$fp) die ("message=CANT+OPEN+FILE");
fputs ($fp,"\r");
if ($COOKIE['PLAY-IT']=="") {
setcookie("PLAY-IT",date("d-M-Y H:i:s"),time()+606024*100,"/",".verticalsound.com",0);
}

$testcookie=$_COOKIE['PLAY-IT'];

fputs ($fp,date("d-M-Y H:i:s"));
fputs ($fp," $LogIp1");
fputs ($fp," $cnt");
fputs ($fp," $sess");
fputs ($fp," $urladdress");
fputs ($fp," $testcookie");
fclose($fp);
}
if (substr($HTTP_HOST,0,4)!="www.") {
header("Location: http://www.".$HTTP_HOST.$REQUEST_URI);
exit();
}
session_save_path("/m11/jimatvs/tmp/phpses");
ini_set("session.cookie_domain", "www.verticalsound.com");
session_start();
debuglog(sprintf("%s%s",$HTTP_HOST,$REQUEST_URI));
if (!isset($SESSION['count']) || $SESSION['count'] == null || $_SESSION['count'] == 0) {
include 'start_session.php';
}

if (isset($HTTP_GET_VARS['prm'])) {
$_SESSION['promotion_code']=$HTTP_GET_VARS['prm'];
}

if($HTTP_GET_VARS['src'] !="") {
$origins=substr($HTTP_GET_VARS['src'],0,3);
if (is_null($origins) || $origins==" " || $origins=="") {
$origins="non";
}
$SESSION['origins']=$origins;
}
$SESSION['last_activity']=mktime();
require_once('Connections/jimatvs.php');
mysql_select_db($database_jimatvs, $jimatvs);
$log_date=date("Ymd");

if ($SESSION['band_id']=="") {
$bband_id="0";
$aaccount_id="0";
} else {
$bband_id=md5($SESSION['band_id']);
$aaccount_id=md5($_SESSION['account_id']);
}

$insertSQL = sprintf("INSERT INTO log (counter, date, screen, band_id, account_id) VALUES (%s, %s, %s,%s,%s)",
GetSQLValueString($_SESSION['count'], "int"),
GetSQLValueString($log_date, "text"),
GetSQLValueString($screen, "text"),
GetSQLValueString($bband_id, "text"),
GetSQLValueString($aaccount_id, "text"));

$Result1 = mysql_query($insertSQL, $jimatvs) or die(mysql_error());
?>

3) start_session.php is as follows:
<?php
if ($screen=="verticalsound.com") {
require_once('go_vertical/Connections/jimatvs.php');
include 'go_vertical/end_session.php';
} else {
require_once('Connections/jimatvs.php');
include 'end_session.php';
}
$ipaddress = getenv("REMOTE_ADDR");
$browser = $HTTP_USER_AGENT;
if (isset($HTTP_GET_VARS['prm'])) {
$SESSION['promotion_code']=$HTTP_GET_VARS['prm'];
} else $SESSION['promotion_code']="";
if($HTTP_GET_VARS['src'] !="") {
$origins=substr($HTTP_GET_VARS['src'],0,3);
$id="";
$idvalue=substr($HTTP_GET_VARS['src'],3);
if (is_numeric($idvalue)) {
$id=$idvalue;
}
if (is_null($idvalue) || $idvalue==" " || $idvalue=="" || !is_numeric($idvalue)) {
$id="0";
}
}
if($HTTP_GET_VARS['ref'] !="") {
$idvalue=$HTTP_GET_VARS['ref'];
if (is_numeric($idvalue)) {
$refid=$idvalue;
}
if (is_null($idvalue) || $idvalue==" " || $idvalue=="" || !is_numeric($idvalue)) {
$refid="0";
}
}
if (is_null($id) || $id==" " || $id=="" || !is_numeric($id)) {
$id="0";
}
if (is_null($refid) || $refid==" " || $refid=="" || !is_numeric($refid)) {
$refid="0";
}
if (is_null($origins) || $origins==" " || $origins=="") {
$origins="non";
}
if (getenv("REMOTE_ADDR") != "68.5.248.27") {
mysql_select_db($database_jimatvs, $jimatvs);
$log_date=date("Ymd");

$insertSQL = sprintf("INSERT INTO counter (ipaddress, origin, id, refid, date, browser, promotion, screen) VALUES (%s, %s, %s, %s, %s, %s, %s, %s)",
	GetSQLValueString($ipaddress, "text"),
	GetSQLValueString($origins, "text"),
	GetSQLValueString($id, "text"),
	GetSQLValueString($refid, "text"),
	GetSQLValueString($log_date, "text"),
	GetSQLValueString($browser, "text"),
	GetSQLValueString($_SESSION['promotion_code'], "text"),
	GetSQLValueString($screen, "text"));

$Result1 = mysql_query($insertSQL, $jimatvs) or die(mysql_error());

$query_counter = "SELECT last_insert_id()";
$counter = mysql_query($query_counter, $jimatvs) or die(mysql_error());
$row_counter = mysql_fetch_assoc($counter);
$_SESSION['count']=$row_counter['last_insert_id()'];
debuglog(sprintf("%s%s",$HTTP_HOST,$REQUEST_URI));

}
$SESSION['login_type']=1;
$SESSION['origins']=$origins;
?>

My hunch is that the first session and test cookie are created on their computer and that for some reason a second test cookie and session are being created and are not overwriting the initial cookie, but rather are somehow viewed as different thant he first session/test cookie. The problem is I can't replicate it to find this out. BTW - I'm using a MAC and have tested it with Netscape 7 and IE 5.x

If anybody has any ideas, I'd be EXTREMELY grateful!! If you want to check out the pages firsthand to see if you are one of the lucky few, it is easy to see if the first session is replaced by a second session. . .

1) Simply click on this link:
http://www.verticalsound.com/go_vertical/intro.php?src=sch
2) Click on the details tab or the "see how we do it" button. At the very bottom, left under "Want to see our Venue Database?", if you see a textbox requiring your email address that means the first session was replaced by a second session and I lost the "src=sch " sent in the link (I have a session variable that sets itself to the value of src on the first page viewed).

Thanks again (even if you just sat through the above without being able to help)!

Jim