Monday, May 7, 2012

$_SESSION created but theres no PHPSESSID in $_SERVER


I'm experiencing some weird problems with SESSION variables on my PHP/Ajax online shopping cart.



When I first view the page, the SESSION is created and works within the page. Then when I navigate to another PHP page within the same directory the SESSION is completely lost. What's weird is that this only happens once . Once the user goes through this process of completely losing their SESSION upon changing page, the SESSION works in full across the entire cart.



I started mailing myself var_exports of both $_SESSION and $_SERVER data on each page view. It seems that when a page is first viewed, the SESSION exists and contains data. However there is no PHPSESSID generated in the $_SERVER['HTTP_COOKIE'] variable. On navigating to another page, the PHPSESSID gets created and the SESSION will start working, but the initial SESSION data of the first page view is lost.



Is there a way to generate a PHPSESSID if one has not yet been generated for the SESSION? Or is this typical behaviour and is irrelevant to my random SESSION loss problem? I'm using PHP 5.2.



Every page in the cart starts the exact same way: 





$title="Title";

$keywords="keywords";

$description="description";

@include('../header_cart.php');


And then at the top of header_cart.php there is: 





session_start();

if(!isset($_SESSION['active'])){

    $_SESSION['active']=$_SERVER['REMOTE_ADDR'];

}

Source: Tips4all
Post by On
Tags , , , , ,

3 comments:

  1. UserMay 7, 2012 at 6:59 PM

    Have you checked that there is no output before your call to session_start()? (Not even a white-space character!).

    HTTP headers cannot be sent after any output has been flushed so that could be causing the attempt to tell the client the initial session cookie to fail.

    ReplyDelete
  2. UserMay 7, 2012 at 6:59 PM

    Are you switching between http: and https: ? They are sometimes treated as two separate domains, and a key may not be shared between them.

    ReplyDelete
  3. UserMay 7, 2012 at 6:59 PM

    Turns out it was recognizing mydomain.com and www.mydomain.com as separate sessions and was storing 2 cookies with 2 different PHPSESSIDs.

    I added this to my .htaccess file to always redirect mydomain.com/shop to www.mydomain.com/shop for both http and https.

    RewriteEngine On

    #force http://www. to make sure SESSION data is always the same
    RewriteCond %{HTTPS} off
    RewriteCond %{HTTP_HOST} !^www\.
    RewriteCond %{REQUEST_URI} shop
    RewriteRule ^(.*)$ http://www.mydomain.com/shop/$1 [R,L]

    #force https://www. to make sure SESSION data is always the same
    RewriteCond %{HTTPS} on
    RewriteCond %{HTTP_HOST} !^www\.
    RewriteCond %{REQUEST_URI} shop
    RewriteRule ^(.*)$ https://www.mydomain.com/shop/$1 [R,L]

    ReplyDelete

Subscribe to: Post Comments (Atom)