Sessions - need an expert - PHPBuilder Forums

Sessions - need an expert

sjmci

I am using sessions on my site to pass data between programs which collect data. I had some initial problems which I attributed to people having cookies turned off, so I am now passing the sessionid from php with something like..

header('location: newprogram.php?PHPSESSID='.session_id());

I also move to other programs with regular "<a href=..." html statements and javascript. I have checked them all and the session data is always passed whether or not cookies are turned off by the user. I have the server code on my remote server and on my local machine. I have been using IE 5 and 6 to access both and I cannot get either system to fail no matter what I try.

However, in analyzing the collected online data it is obvious that the data is not always being passed between sessions. This is true for roughly 10% of the data.

My question is this: can anyone come up with any reason/scenario where someone's ISP or browser choice or browser setting or anything else would interfere with sessions working properly?

Thanks in advance...

swr

Originally posted by sjmci
However, in analyzing the collected online data it is obvious that the data is not always being passed between sessions. This is true for roughly 10% of the data.

How have you determined that?

Is it possible the 10% are from people arriving at your site who just don't have a session yet?

sjmci

The start page for the site begins w/ the following code:

session_start();
session_unset();
session_destroy();
session_start();

Its unlikely anyone is bypassing this page since they would have to first know the names of subsequent php programs. The start page opens multiple frames but sessions seem to propogate fine to frames.

Kenderized

Dont believe any browser can mess up your session var, sounds more to me that you need to instantiate or recheck user input validation and script permissions.

Good Luck
AJ

swr

Originally posted by sjmci
The start page for the site begins w/ the following code:

session_start();
session_unset();
session_destroy();
session_start();

So if the user has a session, then goes to the start page, their session data will be destroyed. Could that account for the data being lost?

You still haven't explained how you've determined the data is being lost. That could be important information. Especially since you haven't really given us any other information.

sjmci

There are a bunch of programs which link to one another. The last one writes a file which includes 2 session items. On about 10% of the records the values are empty. I have checked all the programs and cannot find anyplace where the session data is not being passed. Also, I cannot get the program to write empty data now matter what I try.

So I'm really grasping at straws here just looking for some other environment that someone may have which would interfere w/ sessions working properly. For example, its my understanding that sessions use cookies on the users machine (unless they are blocked). Could someone have some setting (or some spam program or some virus program) on their machine that might interfere with these cookies? (I'm just guessing here, the fact that I can't reproduce the error is a major problem for me)

swr

If the user has disabled cookies then sessions aren't going to work correctly without special measures. That's probably the the problem.

The session data is stored on the server, identified by a session ID. The user gets a cookie with the session ID in it. That way, when they go to the next page, the cookie (containing the session ID) will tell PHP which session data to use. With cookies disabled, that doesn't work.

It is possible to make sessions work with cookies disabled, by using a mechanism other than cookies to pass session IDs from page to page. See here for more info:

http://www.php.net/manual/en/ref.session.php#session.idpassing

[edit]
Looking back at your very first post, it looks like you are trying to pass the session ID in the URL too, so cookies disabled is probably not the problem. Unless you're passing the session ID in URLs when redirecting, but not for href links?

sjmci

It looks like (from just experimenting) that if a user blocks all their cookies the session id is still automatically passed by the following...

a normal html link ('<a href=newprogram.php...)

a submit from a form('<form method action=newprogram.php...)

So I have not changed any of this code.

However, the seesion id does not get passed by the following...

php header ('header('location: newprogram.php')

javascript href ('this.location.href=newprogram.php')

So I have added the PHP session id to all of these occurrences in my programs. This seemed to have solved my problems when I blocked cookies on my browser, but something else is still not working and I cannot simulate it on my machine.