Re: Tale of woe

"The Eclectic Electric" <nospam@xxxxxxxxxxxxxx> wrote in message
news:PKp0h.5018$RR2.354@xxxxxxxxxxxxxxxxxxxxxxx
I'm a PHP noob and just thought I'd quickly relay my latest tale of woe.
As
an erstwhile professional programmer I like to research/fix things myself
whenever possible, even if this means - as it did today - bashing my
cold-addled head against a brick wall for hours on end. I'm sure everyone
has at least one similar story.

Anyway, yesterday I started to implement sessions on my site. I'd set up
a
user on my user database as was very proud when I could log myself in.
Then
I set about transferring the data from the user table to session variables
and changing all the places I'd put in temporary hard-coded values. It
was
very exciting. Then I tried to login again and that was fine, but when I
hit the main page, it had all gone very badly wrong.

To cut a long story short, I spent the best part of 24 hours (have a cold
at
the minute so didn't sleep much) flaggin things and adding things and
taking
things away and going through about a ton of online documentation and
problem forums wondering why on Earth no one else had been suffering with
my
problem - the session ID was being propagated between pages but the
variables were not. Then suddenly I discovered the problem: I'd become
convinced for some reason that the session global array was $S_SESSION[].
Every supposed session variable on the site was set to this. So it was
always showing up within the same script when I was echoing it (as it's a
valid identifier), but not when new scripts were invoked. I'm now taking
the rest of what's left of the week (about 20 minutes) off!!!

+e


One day in the, hopefully, distant futer, I will remember this post :)
Hope you enjoyed that 20 mins to the full!
Vince Morgan


.

Relevant Pages

  • Re: stupid IE7 question
    ... closer look on session handling. ... Obscure methods like hiding an URI always ... rewrites itself to another script of yours with the session key as the ... I am currently testing a proprietary secure web based ...
    (Pen-Test)
  • Re: (Sloppy correction) Re: session management with database: optimal parameters in php.ini
    ... looking then another script read N! ... make it so simple that there are obviously no deficiencies, ... but I never used their db session management ... I avoid MySQL since I consider it an inferior db. ...
    (alt.php)
  • IndiaTimes.com - Email - Session hijacking and Inbox Blocking
    ... IndiaTimes.com - Email - Session hijacking and Inbox Blocking ... The script allows user to embed HTML and also javascript in the mail. ...
    (Bugtraq)
  • Re: Not able to establish session--Help
    ... when i run it on my local webserver it ... > never create session means it validate the user but still displays u ... > But when i run this script on my website it runs successfully.. ... > BuntyIndia ...
    (alt.php)
  • Re: Managing concurrency due to multiple submits
    ... PHP script which would not get aborted by the second click do to my ... This will mean I have to write out the session ... Which will never be true with the default file session handler because sessions are single threaded. ... So the second script will wait for the first one's session to end. ...
    (comp.lang.php)