Session Vars not "sticking"

[zandermander]

I've got a very odd problem occuring which I'm hoping someone can help me out with.
Simply put, I'm setting a session variable, resetting it but then finding the new value is not being "remembered".

The flow should be something like this:

Page 1 (set HTTP_SESSION_VARS['P'] = 10) --> using post or get, send new value for P
Page 2 (read HTTP_SESSION_VARS['P'] & reset it to 13) --> using post or get, send new value for P
Page 2 (read HTTP_SESSION_VARS['P'] & reset it to 37) --> (continue)


Here's the clues/things I've tried to get to where I am (which is very confused/frustrated):

* I have verified that cookies are working and the session ID is not changing from page to page.

* I have turned register_globals off to prevent potential problems.

* I put this code BEFORE and AFTER the manipulations of the vars so I can see the session values and the result of the manipulations:
print("<pre>");
print_r($_SESSION);
print("</pre><br>");

* here is the code to manipulate the var:

PHP Code:

    $P_D = 1; // a default value
    $P_G = $HTTP_GET_VARS['P'];
    $P_S = $HTTP_SESSION_VARS['P'];
    $P_P = $HTTP_POST_VARS['P'];
    $CurrentP = Validate_Vars($P_G, NULL, $P_P, $P_D);
    $HTTP_SESSION_VARS['P'] = $CurrentP; 


* The function Validate_Vars sets $CurrentP to the value of P_X in this order if present: $P_G (get), $P_P (post), $P_D (default).

* Here's what the test code says on page 1 (what I expect):

Code:

	Array
	(
	)

	Array
	(
	    [P] => 1
	)

* Then I use a POST method to send the value of P=10 and get this (not what I expect):

Code:

	First run as POST:			Second run as POST:
	Array					Array
	(					(
	[P] => 1					[P] => 1
	)					)

	Array					Array
	(					(
	    [P] => 10					[P] => 10
	)					)

* But if at any time send a GET method to set P=10, it "sticks" like this (what I expect):

Code:

	First run as GET:			Second run as GET:
	Array					Array
	(                                       (
	    [P] => 1				    [P] => 10
	)                                       )

	Array					Array
	(                                       (
	    [P] => 10                               [P] => 10
	)                                       )

* As I understand the code I've written, the GET is working properly:
(1) Print to screen values of session value [P]
(2) Check if there's been a POST or GET and change the session value [P] to it
(3) Print to screen the value of session value [P]

* And the POST is too in that it is printing the session value, changing it and printing it but for some reason, it is not "remembering" it.

Any suggestions for where I can go from here to figure this out?

Many thanks!

EZ

[zandermander]

OK, since the response to my post was so overwhelming... ;-)

I've been working on and around this problem since my original post, constantly running into it and having to create new hacks to get around it. But today I think I have figured out the problem and I can now say it's not me!

I troubleshooted and analyzed every step of the process with multiple cases, doing it multiple times - even unset()-ing the _SESSION variable then resetting it as well as starting a new session by erasing the SESSIONID cookie between *every* iteration. All that process did was prove that this problem is very consistent and reproducible. And frustrating as it seems to be an undocumented "feature."

After all of this troubleshooting, on a hunch, I tried changing the form submission type from a POST to a GET. Viola! No more problem.

Just to be sure, I changed the form submission type back to POST and the problem reappeared. (Can you tell I used to be a scientist? Nothing better than the scientific method! )

Luckily for me, wherever I have encountered this problem it really doesn't matter whether I use GET or POST.

So I think I can say that the problem is a bug. I assume it is in PHP since it has to do with handling the GET/POST variables and SESSION variables.

Anyone else able to shed light on this? It's been quite an, uh, "educational experience" for me and I'd like to learn more.

[ergophobe]

Wow, I'm having the same problem but

1. Mine is with session data when following a link with a get parameter

2. not all session data is lost, just some

3. it works fine on my local testbed machine (so it isn't PHP).

I ran phpinfo() locally and on the JagPC server and then used a file compare utility to see of there was some weird configuration issue. So far, no answer. I was hoping you had it!

Do you know whether the /tmp dir that holds session data is *my* /tmp or the *server* /tmp? I can't find any session files in my /tmp, so I assume they're either being stored in /tmp for server root or not being stored at all (which would explain a lot).


Tom

[ergophobe]

I think I have my problem figured out.

JAG has register_globals *on* by default. I always assume they are off (and believe they should be). So I have


$_SESSION['var'] = 50;
$var = 0;


With register globals off, $_SESSION['var'] still equals 50, but with globals on, it gets overwritten.

[jason]

PHP turned register_globals off by default several versions ago for security reasons. Its a good idea to have it off. Unfortunately, nearly every PHP script that was written prior to that config change, both in distributed packages and custom jobs, was written with the expectation that register_globals would be on.

Right after the PHP devlopers made the change and JPC upgraded PHP on their servers (with register_globals off) there was a flood of posts here (and tickets too, I'd imagine) with people complaining that their sites weren't working, so the setting was turned back on.

If you want to turn it off for your account, just add

php_flag register_globals off

to your .htaccess file.

Also, ergophobe, session data is stored in /tmp, the system temp directory.

--Jason