Support: Can PHP hop SESSIONs somehow?!
9 views
Skip to first unread message
Bronius Motekaitis
Jul 18, 2013, 5:41:43 PM7/18/13
to bcs...@googlegroups.com, Christopher Weldon
Hi All-
A site I am working with has been, apparently, hopping PHP sessions, and I don't see how nor how to rectify it. I say "Session" but that might misleading.. Specifically, the $_COOKIE superglobal is not reliably referring to the same user it's supposed to!
One simple method to demonstrate it:
<?php print $_COOKIE['UserName']; ?>
This should print the browser cookie value "UserName" under this site's domain, right? And so it would stand to reason that if UserName is cleared out locally, that a refresh of that page should also be blank, right? (and possibly even issue a PHP Undefined Index Notice) And in no case should the value shown be something from some random user that has never been on my computer, right??
Here's a clue or a fish: It *seems* that refreshing the browser reliably returns that same wrong cookie value for a long time, but another browser experiencing the same issue may have a different wrong name (reliably with each refresh).
Note: The site is behind a load balancer, but there is only 1 Apache/PHP server.
Any thoughts on what makes PHP session's superglobals tick, how this "session hopping" is possible and how to fix it? I've never seen/noticed something like this before.
Thanks?
-Bronius
Christopher Weldon
Jul 19, 2013, 8:51:24 AM7/19/13
to Bronius Motekaitis, bcs...@googlegroups.com
I've seen this before a couple of times, both distinctly different reasons. Also, this has happened with $_SESSION, not $_COOKIE, so ymmv.
First, if you are trying to do anything custom with the session management (ala storing in a database or something else besides built in), it can be your own logic causing problems. Pay particularly close attention to that.
Other than that, it could also be the load balancer...depending on the LB, it could be trying to manage session persistence on its own, conflicting with session management on the PHP web server. This hasn't happened for me lately, but had been an issue in the past.
HTH
--
Chris Weldon
Sent from my Windows Phone
First, if you are trying to do anything custom with the session management (ala storing in a database or something else besides built in), it can be your own logic causing problems. Pay particularly close attention to that.
Other than that, it could also be the load balancer...depending on the LB, it could be trying to manage session persistence on its own, conflicting with session management on the PHP web server. This hasn't happened for me lately, but had been an issue in the past.
HTH
--
Chris Weldon
Sent from my Windows Phone
From: Bronius Motekaitis
Sent: 7/18/2013 4:41 PM
To: bcs...@googlegroups.com; Christopher Weldon
Subject: Support: Can PHP hop SESSIONs somehow?!
Bronius Motekaitis
Jul 19, 2013, 11:55:17 AM7/19/13
to Christopher Weldon, bcs...@googlegroups.com
Thanks Chris!
While it's not immediate on the ground answers, it at least gives my paranoia a target at which to point the hypothetical* blame finger.
* It *sounds* like I should have said "proverbial" but I just couldn't work out another word better than "hypothetical," and I couldn't let it go that I might be speaking grammatically incorrectly. I feel like, you know, when you have to justify saying "him and me" when some stupid third grade teacher hammered it into our heads so hard that it is almost always "him and I" and you are almost always going to say it wrong**, so just default to "him and I" to play it safe (but you really only sound like an uneducated fool who is trying too hard**).
** It is *so* tempting to write "wrongly" or "hardly" but there's a special word for these kinds of adverbs. What is it again?
-Bronius
Reply all
Reply to author
Forward
0 new messages