# [web] Broken session variable...?

This topic is 4110 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

## Recommended Posts

I'm becoming very livid at this point with frustration and am now cooling down and asking for help. It seems as if session variables on a website of mine has ceased to function correctly. The PHP file has not been touched, my code is, at least it seems to me, correct, and yet, I set a session variable on one page and poof, it's gone when I go to the next page. ARGG! In this particular case, it's a debug. The concept is very, very simple. In the url, I add &debug=1 or &debug=2, depending on what debug mode I want. From that point on, a session variable, you guessed it, 'debug', contains the value that I have set and so on every page I load, I get my debug info. I have this setup and actively working on one site, and yet, on this site, where some changes have been made but do not affect this variable, it is not working. If I specify &debug=0, the debugger is turned off, hooray! Simple right? Well, it be broke (yes I meant "it be broke"). I've searched all files on the site to see if the session variable is set or altered anywhere, but it is only set at one point. My site has an MVC-ish setup and so I have several files that are included that comprise of the overall site and includes, blah blah. So here's a rundown of the process: A module is called via ?m=[module] through index.php. The only include here is master.inc, which contains a list of includes as well as defines the user permissions used throughout the site: session_start(); include db.inc - Database commands only. include rpc.inc - Used for custom AJAX functionality include functions.inc - Common functions include calednar.inc - Calendar class include duration.inc - Class used to convert seconds to an interval include user.inc - User class include role.inc - Role class At this point, I check $_COOKIE for the user_id, if set, set$_SESSION['user_id'] with the cookie value. This method is temporary. If $_SESSION['user_id'] is set, I reset the cookie using setcookie() Now I gather both all and specific user permissions and begin setting my constants (constants are uppercase permission names set with a 1 (allowed) or 0 (denied)) include settings.inc - Various constants and global variables are set here. The very last variable being set is the debug variable. In settings.inc, I have tried debugging this problem by printing$_SESSION and seeing the values set. A print before and after this portion should tell me what's going on. So if on one page I set debug=2, I get 0 and 2. Refreshing the page gives me 2 and 2 (as it should). Opening a different page in another tab or simply going to another page will give me 0 and 0 since debug=2 isn't at the top (but the point of this is to NOT set that everywhere I go). Now that I've rambled, does this problem make any sense? Any suggestions? Edit: Ok, I assumed a result when in fact I was wrong. Going to another page, at least in this case, does not give me a 0 and 0 before and after value (it gives me the initial debug value, in this case, 2 and 2). I kill the script after printing this out, so something is going haywire after this part... joygasm... Edit 2: More odd behaviour. What seemed like was working is now going nutso again. Edit 3: It's just getting better. More testing and debugging has shown that on one page, when I've specified &debug=1 and the on a 2nd tab, when I've got nothing specified, I refresh the first, I see 1 and 1, I refresh the second, I see 2 and 2. WTHECK! [Edited by - Mathachew on September 15, 2006 12:02:06 AM]

##### Share on other sites
I was able to trace it back to a function that would either check a session variable or set it. I've removed the set feature since I've noticed it to be flaky in certain areas and instead of figuring out why, I'll use the ol fashioned way of setting session variables:

\$_SESSION['bah'] = 'humbug';

Once I did this and reset the last usage of that function to set the variable, the site started behaving correctly. This is probably the same bug that was causing issues with me supposedly being logged in when I didn't log in... O.o

So um, thanks and... yay!

##### Share on other sites
This is a bit of a standard response:

1. Does it also fail on your development server? If so, can you step back through your version history to determine when it started failing?

2. Do you have proper error handling / logging enabled, and what messages do you see when the problem occurs?

3. Have you tried making a simple test harness script just to determine whether session variables are working correctly.

---

On a more specific note, if you're using cookies (which are the best way), you should really ensure that all your URLs are canonical, i.e. do not have two URLs pointing at the same page. Specifically, you should ensure that there is exactly one host name pointing at your web site.

If you have multiple domains / domain names (including www.example.com vs example.com), you should configure all except one of them to do a redirect.

The reason for this is that cookies are domain-name specific, therefore they won't be correctly transferred between different host names, even example.com vs www.example.com

Mark

##### Share on other sites

This topic is 4110 days old which is more than the 365 day threshold we allow for new replies. Please post a new topic.

## Create an account

Register a new account

• ### Forum Statistics

• Total Topics
628735
• Total Posts
2984449

• 25
• 11
• 10
• 16
• 14