Sorry if this is a silly question but lately I've been designing a site for a client and something strange has been happening with my sessions.
The site has a PayPal button which redirects the user to PayPal so they can confirm a payment, before being redirected to the site again.
Before the user is redirected, a load of session variables are saved. Some of them are to do with PayPal, others are to do with things on my site such as a variable to determine which user is logged in, their shopping cart items, etc.
Now, here's where things have been going wrong...
The user is redirected from checkout.php to PayPal. Before they're redirected, all session variables for the site are present (shown by var_dump and print_r). This is fine.
The user returns from PayPal to orderreview.php, but var_dump and print_r now show that the site session variables are missing, but all PayPal ones are there.
I fixed this problem by removing "session_start();" from the top of orderreview.php.
So my question is, why did removing that line fix the issue? Why wouldn't it work before?
I thought I understood PHP sessions but clearly I don't understand them as well as I thought.
I'd read this somewhere:
"As of PHP 4.3.3, calling session_start() while the session has already been started will result in an error of level E_NOTICE. Also, the second session start will simply be ignored."
So I was under the assumption that calling session_start at the top of the script wouldn't affect anything if a session was already started earlier.
Thanks for any answers, once again I apologise if this is a silly question.
That's may be because that you have been redirected to another site during the process. And while you return from Paypal to your website, session_start() generated a new session id which your previously stored session variables are not linked to.
And when you removed session_start() (I don't think session should work without this on top), it used the old session id and never got regenerated. Hence, old session data are back!
This is just my assumption.
Related
For some reason my site is doing a 307 redirect. It used to have validation in codeigniter, so that if user was not logged in it would redirect. However I took away this validation so that now any person can access that page. Nonetheless, now a 307 redirection appeared and I can't take it away. The CI_cookie is still called, so I'm guessing that the validation and redirect is still cached somewhere, but I don't know how to remove it, nor find any information on google on how to refresh cache if that's what it is.
Here is the header info:
Note: the redirection used to happened inside the controller, not on a .htaccess file. I used sessions for the user validation. I'm not posting it because it's no longer on the file, however if you need to see it just let me know and I'll update my question.
Also it would be nice if you could explain me the downvote. I know this question isn't a duplicate because I haven't found it anywhere. Thanks!
Without seeing the controller code in question...I can only make a guess...if you did indeed remove the redirect from the controller, then it could be cached. Try in a different browser, or refer to your browser's documentation for clearing cookies/cached data.
Not really clear from question but I would use a cookie manager extension like this one
and clear the session cookie, you can find the name of the session cookie in config.php
$config['sess_cookie_name'] = 'your_session_cookie_name';
when you delete the session cookie and refresh the page, CI will (in the background) call session_destroy() method and create a new session, so deleting the session cookie from the client will oblige the server to regenerate a new session.
that being said, if destroying the session doesn't help, we can't really answer without seeing the controller
The issue here is I am trying to login into my system via ajax. Let me explain it to your first.
when my user puts in his login details it will be send to the server via Ajax request and then once it gets verified i create an entry into a session and save the information like userid and logged_in flag.
And then i return those value through Json back to user which is processed by a piece of javascript and redirect the user to dashboard.
If the user is not authenticated it shows an error.
But now whats happening here is. When i create a session variable and when the user is redirected to the dashboard. Sometimes it does not create the session variables and thats why i cant show logout button?
any help will be appreciated.
If you’ve used AJAX-heavy web apps built on a CI backend, you might have noticed premature session expiration, even if you’re expiration was set to never expire ($config['sess_expiration'] = 0; in application/config/config.php)
This was apparently due to AJAX requests not regenerating sessions, and apparent collisions. Long story short, last month there was a patch introduced without much fanfare, which (so far) seems to be working for me.
Replace your system/libraries/Session.php file with the one found here (CI’s git):
https://raw.github.com/EllisLab/CodeIgniter/b211adee89f5fd2192051e9c0826146bd150f469/system/libraries/Session.php
I have a problem with cookies.
Basically I'm trying to store the user's session ID as a cookie like so:
setcookie("CheckoutSessionID",session_id(),time()+3600);
This works fine on my site, the cookie has the correct value and is valid for long enough. However, my site redirects to PayPal so the user can confirm a payment. The user is then redirected back to my site. It's when the user is redirected back to my site that ALL cookie variables are gone.
As in, print_r($_COOKIE), var_dump($_COOKIE) etc have no values. This only occurs after being directed to and from PayPal.
Any ideas as to why this is happening?
Thanks in advance for all help, I'm stumped!
Okay I've been digging quite deep and realised that an earlier question of mine is related:
PHP sessions and session_start()
Basically I had problems because PHP sessions were being deleted when I went to PayPal and back. However, I believe this was actually caused by the session COOKIE being destroyed, not the entire session.
I also found this topic here: Do PHP sessions get lost when directing to a payment gateway?
Answer given by someone suggests using a GET request with the return URL to send data back, instead of using cookies or sessions.
The whole reason I was using a cookie in the first place was to save the user's session ID, as the sessions weren't working properly, so basically I've just made my return URL something like this:
mydomain.co.uk/mypage.php?SessionID=[session ID goes here] and then obtained it then set the user's session ID to it.
Sorted! For now... I mean I'll probably end up hitting another brick wall due to cookies/sessions not working properly.
Thanks everyone for your help :)
Actually whatever is happening (cookie is being empty), logically it's right. When you submit a page/make request the browser sends the cookie from the client's computer with the request so that you can find the cookie in the cookie variable.
But once you redirect the user to another external page/site and come back again to your page then you should not get the cookie in the cookie variable because (in your case) when the user is getting back to your site from the paypal the paypal is not submitting the cookie with the request.
In this case you can save your data in the database before you redirect the user to the paypal and once the user comes back to your site you can retrieve that data from the database.
I got similar problem cookies being removed after redirect from Paypal.
it took me a while to figure out where was a problem.
Samesite=**"Strict"** // Removes cookies after redirect from Paypal.
Samesite=**"Lax"** // does not remove cookies after redirect from Paypal.
i am developing a e-commerce website. The user logs in and buy a product when he checkout the page will redirect to the payment gateway. After the payment is completed it will return back to my website. This is ok. But when it is returning back the session maintained in my website get lost. This happen only for the first time. If the user again logged in and checkout the process works good and the session is maintaining.
Why does the session lost for first time.
I used session_start() in all the pages..
I cannot find the solutions. Kindly help..
Why don't you use javascript? You can create cookie to store your incoming members data.
With Jquery and cookie plugin you can do this very easy, sure you must do login for member to create this data. Some useful links:
http://www.jquery.com/
http://plugins.jquery.com/project/Cookie
http://www.electrictoolbox.com/jquery-cookies/
Why does the session lost for first time.
That's hard to tell because there is not much information in your question.
Normally a session get's lost if the session identifier (or session ID in short) is not passed from one request (page) to the other.
Please see the PHP Manual how the session ID can be passed. You need to take care with your code, for example that the cookie is properly set. If the session cookie is not set, the session id will be gone and session_start will create a new session.
I have code that creates a session variables for a user on one page. Before the data is entered in the database they go to PayPal to checkout and come back to the site. When they come back those session variables created for the user sometimes remain and sometimes return as NULL.
User enters their information creates session variables -> Go to PayPal, checkout -> Come back to the site, session variables are sometimes retained going into the database, sometimes not
I cannot figure out for the life of my why it does it sometimes and not other times. Is there something about sessions that I am missing? Any ideas?
Make sure you're calling session_write_close() before redirecting to Paypal.