Really weird bug. I'm running MAMP Pro on my development computer, and I have a really simple test PHP program that looks like this:
<?php
session_start();
var_dump($_SESSION);
And the program works where ever I put it on my server, dumping out the session variables. UNLESS, the directory name starts with "ads" (then it just outputs an empty array).
http://domain/test.php - works
http://domain/ads/test.php - doesn't work
http://domain/adtest/test.php - works
http://domain/adserve/test.php - doesn't work
http://domain/sads/test.php - works
I don't have any .htaccess file doing anything with "ads".
Update: I did some more testing and found that this is only happening with Safari (not in Chrome or Firefox). But Safari is the main browser that would be used for this site. I don't want to change the name of the entire directory just to squirm around some Safari quirk if I don't have to. I've tried restarting Safari with no luck.
sessions in php use cookie so you need to check if your your safari browser allowing cookies and send a session id cookie back to the server
So when I wasn't experiencing this in any other browser, including Safari on other machines, I just deleted all the related cookies from the Safari on my development machine, and everything started working again. No idea what would cause the bug, but at least it was an easy enough fix in the end.
Edit: the problem came back a few days later, so I had to delete cookies again. I certainly hope this doesn't happen on others' browsers.
Related
I have a PHP program that uses session variables to pass data over several PHP scripts. When I test it on my normal computer it flows just fine, and the session data holds through where expected, gets maintained on page refreshes, etc.
The strange thing I'm encountering is that on a secondary computer, the session is wildly inconsistent. I'll arrive at a page and it acts as if none of the session variables had been set. What's even stranger is, if I try reloading the page, sometimes the variables will actually load (and if I refresh again, they disappear again).
From what I can tell the problem doesn't seem to be browser-specific (I've tested on Chrome, Firefox and IE on both computers), but rather computer-specific, which seems really strange to me. I asked two other people to try it out, and discovered the exact same issue -- for one person the program runs just fine, but for the other person the session variables load inconsistently.
Any thoughts? I'm not doing anything fancy with the session, I just have the session_start() calls at the beginning of the scripts, post data via forms, and access/store via $_SESSION.
Edit: Some additional details --- in firebug, on the computer that isn't affected I'm seeing 3 cookies, which I guess I should be expecting (I'm admittedly not much experienced in session management and cookies). On the computer that is affected though, I'm not seeing any cookies at all in Firebug, even when the page does randomly load properly.
Also for clarification, I do expect the session data to be distinct for each computer, I'm not expecting data from one computer's session to be available on another computer's session.
Edit 2: I checked the cookies in firebug again, and it does seem like the 3 cookies are showing up on the affected computers (maybe it wasn't loading properly earlier today). I've done a var_dump of the $_SESSION variable on the pages that aren't displaying the data correctly, and sure enough all the information is there. It's just, for some reason it only sometimes loads in the HTML section below. I'll keep digging.
After a ton of digging around and testing, I finally figured it out, and the answer was surprisingly obscure and yet under my nose at the same time. My company uses VPN to tunnel remote desktops to our work servers. Although the pages I had set up on the work servers were accessible and worked properly via the browser (which is what threw me off), the session cookies weren't passing properly to the affected computers because those computers didn't have the site's IP address mapped to the work domain in their Windows hosts files. Once I mapped the IP address to the site domain, everything worked perfectly like my primary computer. Thanks to everyone who gave the issue some thought!
Somehow, when calling another script (all other scripts than index.php), all my CMS authorisation data gets deleted. The login boolean and username consists. This only appears using Chrome/Chromium.
The chrome developer tools don't show any errors, only 200 OK and 304 Not modified.
This is really annoying since I've changed to Chromium for Firefox being to ressource-heavy.
Any solutions?
Its going to be really hard to debug without any code or anything. When you say session data I assume you are referring to your php session. This has nothing to do with the browser. Are you making sure you aren't changing the domain/subdomain while browsing at all (which will cause you to lose your session). You can check your php.ini session settings but that shouldn't matter if it is working on other browser.
I'm guessing this is occuring because your session isn't getting started properly OR the session data is getting cleared somehow in your code.
Now it appears in Fx too. The problem: The hoster updated to PHP5 and there register_globals was set to On again.
I spent about 45 minutes yesterday trying to research and troubleshoot this, so hopefully someone has another idea I can try.
It started out with one of my PHP scripts detecting that the session $_SESSION was empty, so it stopped executing the rest and threw an error for me.
This entire project has worked on that server for at least half a year without any problems, and no update to code or server has been made since then.
Here's what I did then:
I created a new PHP file for testing, made sure there was nothing before or after the <?php ?> container, and wrote this code:
session_start();
var_dump($_SESSION);
$_SESSION['test'] = 5;
Then I ran the file by itself repeatedly, and it always came up with an empty session.
I had run into this before, so I checked the folder where the session files are located on the server (in my case /var/lib/php5), made sure it had the correct directory owner and permissions, deleted all the files in it and restarted apache.
No dice...
I ran the file again a few times, and each run created a NEW session file, and the session file did contain the test=5 entry, so sessions do write correctly.
So I checked the browser cookies. They are there and working as far as I can tell - both the phpsessid cookie and another cookie my site creates were there. If I delete all cookies and then run my test file again, the phpsessid cookie is recreated normally and does contain the same session id that was created as a session file.
I also added var_dump(session_id()); to the code right after session_start();, and it gave me a brand new session id every time the script ran.
We're running a PHP version that does not support session_status() yet, so that's not an option, either (not sure exactly what it would do, anyway, I'm flying rather blindly here).
So, we know sessions are created properly, the files contain the data, the cookie contains the correct id.
So as far as I can tell, the issue must lie either with the browser not sending the cookie data back to the server or the server not recognizing the session id from the cookie as an existing session.
While I was testing this, Firefox wanted to install an update, so I ran the update, but no change.
Firefox is set to receive cookies, and I did not find any exception set anywhere that would prevent them.
Given that this has been working fine for over 6 months, some freak accident must have corrupted something, but I don't know enough about Linux or the internal workings of PHP and sessions to even know where the start diagnosing.
At some point I did try session_write_close() which didn't change anything (and my whole project has always been working fine without it).
The ONLY thing that worked was this:
$c = $_COOKIE['phpsessid'];
session_name($c);
session_start();
var_dump($_SESSION);
$_SESSION['test'] = 5;
But I use session_start in a ton of pages and don't want to go through all of them to enter code that I shouldn't need in the first place...
Any thoughts?
Thanks in advance!
--- EDIT ---
I checked into the issue again, and I can confirm that the cookie name is phpsessid instead of PHPSESSID (thanks for pointing that out, #Cobra_Fast), so that is getting closer to the cause of the issue. I went into the php.ini file to put the value for session.name into quotation marks, then restarted apache, but still no change - the cookie name is still lower case. I haven't found an antivirus program on the computer, and I doubt that there's any network security that could do this... If the PHP settings are corrupted as #Cobra_Fast suggested, how could this be fixed? Editing the file just now didn't help...
After testing some more, we found a really weird thing:
Only one client computer was affected by this! We ran the code on another computer, and it worked normally, and the session cookies are written and read properly.
So it was not the server acting up at all!
I have no clue how this one computer could be just converting cookie names to lower case - it makes no sense at all, especially because it happens in two browsers...
But at least we have a "fix" for the situation, and it's out of our hands since they immediately said they were going to check that computer and re-install it if needed.
I am so majorly confused about this right now, but at least it's over :-)
Thanks for your responses!
In my Zend Application, I am trying to make our authenticated users be automatically logged out when they close their browser.
For that I'd write following code:
ini_set('session.cookie_lifetime', 0);
And its working fine on browsers like Chrome, Safari, IE7 and IE8, but in case of firefox, users still remain logged on when they close their browser.
Does anyone know what is causing problem?
Thanks In advance...
A value of 0 indicates "session cookie" - i.e. one that the browser should destroy when the "session" is over and the browser is closed.
However:
Different browsers have different interpretations of exactly what a "session" is - some will destroy these cookies when your close the tab, some when you close the window, some won't destroy the cookies until all instances of the browser have been closed - all tabs in all windows.
Since cookies are stored and transmitted by the client, they are completely the responsibility of the client. You should not rely on cookies alone to control whether a user has a valid login because they are ridiculously easy to spoof, you should implement some kind of activity timeout as well.
Make sure you have actually ended your Firefox session when testing - close all open tabs and windows, and watch the process list to ensure there are no instances left. If you are still having a problem, you are probably looking at some kind of bug in Firefox (or maybe you've made some strange change in about:config) and you need to ask for Firefox-specific help - SuperUser.com would be a better place for that. One thing you can be fairly sure of is that if it works everywhere else, it's not a problem with your PHP.
So I have been working on a project for a client on their current web site which has been in existence for quite some time. The version of PHP used is 4.4.7, and I am not in a position to ask them to upgrade. (The system is old and it could break something) This past week I made some changes to my project, everything worked fine cookies set, pages worked. I go to test the site earlier and all of the sudden the cookies no longer work. After 2 hours of troubleshooting I finally just set up a simple test page composed of this:
<?php
setcookie('eventCookie','1', time()+7200,'/','.levijackson.net');
echo $_COOKIE['eventCookie'];
?>
I put this on both their site as well as my own (I changed the .levijackson.net to the appropriate domain)
I did 2 refreshes of the page on both pages and only on mine did it return the cookie. So what could have caused something like this? Is there a certain setting that may have been changed by their admin/host?
I did test and HttpOnly cookies still work, so I am going to switch to them while I troubleshoot.
edit: Almost forgot to mention, it works fine in FF but in Chrome and IE it doesn't work at all. Not sure if this will be useful, but I still think that it is not the browser.
Thanks
Levi
Just a guess-- it could be that their server has auto_prepend_file enabled, and the file that is being auto-prepended outputs something to the client. Once anything is sent to the client, set_cookie() will not work, since cookies have to be set in the page header, which must be sent before anything is sent to the client.
If it's not that, try diff'ing the "PHP Core" section of a phpinfo() dump, looking for any other settings that might somehow affect this.
Edit: Here's something else you can try, if both sites are publicly accessible. Go here: http://web-sniffer.net/. This site will show you the actual HTTP headers which are being returned by the site. Run the test file for both sites, and look to see if there is any difference in the Set-Cookie headers which are returned.