PHP: Page kills session for no reason?



  • Greetings!


    Me again, with another strange PHP question. I'm working on a PHP application (been pretty much done, just going through some bug fixes), and I ran into a mighty strange bug on one of the pages, but I can't find the problem. The site maintains logins through sessions stored in cookies, and everything works fine except for this one page -- when I go to the page, it comes up normally, but trying to go to any page after that page kills the session -> I get the username/password form asking for my login creds with an error message, which should happen when trying to access a page without logging in first. It's not unsetting any variables, and the header that deals with all of the session stuff is the same as every other page on the application, but I've managed to trace the problem to the page dropping the session.

     Any ideas would be appreciated.
     



  • THe only thing I can say with a high degree of certainty is that there actually is a reason.  You just don't know it.

     

    PS.  In general it is hard to debug code without seeing either the source or the program in action! 



  • Knowing which side drops the session would be a hint. On server's side you have session data, and on client side you have the cookie holding session_id

    If server send the cookie holding session_id with an expiration date in the past, cookie is forgotten and session in lost.

    Also check your page domain/path, which can affect cookie's behavior. 



  • Depends a bit on how your application works, but what helps me with seamingly random/strange behaviour is to put die()'s into the affected page(s) around the piece that i suspect might be the problem. (which in your case would be that specific page)

    Keep either putting the die further along or closer backto the start until the problem starts/disappears.
    And there's your problem.

     

    Offcourse before all that setting error_reporting(E_ALL) can be a eye opener also. 

     Als no output can happen before your session_start.
     



  • The first suspect I'd go for is any cookie-related code on that page. Maybe cookies are inadvertantly deleted, and then the session goes with it.



  • @stratos said:

    Depends a bit on how your application works, but what helps me with seamingly random/strange behaviour is to put die()'s into the affected page(s) around the piece that i suspect might be the problem. (which in your case would be that specific page)

    Keep either putting the die further along or closer backto the start until the problem starts/disappears.
    And there's your problem.

     

    Offcourse before all that setting error_reporting(E_ALL) can be a eye opener also. 

     Als no output can happen before your session_start.
     

     
    Thanks for the reply.. this one got me closer, but still no answer. Now this isn't making sense either: the page in question is a "manage users" page for the site I'm working on, and if it only reads the first row of the users database, the page works fine, but if it reads any other row, the session dies. Even if I only try to pull a single record other then the first, it won't keep the session. 

    There's a page on the customer portion of the site that lets them look at the same information for their own username, and the session stays with them, but this page refuses to hold the session, even though it's querying the same database and pulling the same information.
     



  • (Stupid edit timer)

    Bit more debug: as soon as it tries to do a mysql_result() with any row but the first, the $_SESSION variable stays set, but the values in the session are cleared. (isset() returns true, but doing an echo on any element of the $_SESSION array spits out a blank.) No errors are thrown, though, even with E_ALL.

    WTF?
     



  • I'm certainly not 100% sure of this, but you might wanna look at registers global.
    registers_global is a evil setting in php, that will make a lot of stuff global, and automatically fill variables.

    For instance in a register global env, if i pass ?user=test on the url, php will automatically generate the variable $user for me, with the value test.
    Now i'm not sure here (and don't feel like looking it up), but it might also work backwards.

    so perhaps, you have a session like

    $_SESSION['user']['user_name']

    but by doing

    $user = mysql_fetch_assoc($sql_user_result);

    you overwrite it. 

     
    But again, this is just a hunch, and i'm not sure if register globals even go's that far, but it might be worth a test. 



  • My wild guess is that something might be wrong with the session handler (if you use one that replaces the standard "files" handler with a custom MySQL one). However, this looks like a non-PHP related issue, like corrupted MySQL client libraries or something funny going on in the server.

    The register_globals idea is quite probable, but I think the registered variables are copies of the superglobals, and not references. Also, this doesn't explain why the entire $_SESSION is wiped out. 


Log in to reply
 

Looks like your connection to What the Daily WTF? was lost, please wait while we try to reconnect.