Empty session file but debug $_SESSION before looks good

[SchlauFuchs]

Hello,

 

This is quite urgent as our it affects our life server.

 

The server isn't storing our session variables properly. It is creating zero byte files for new sessions (so it has write access apparently). I have a print_r on the $_SESSION variable just a few lines before the script ends. The debug output looks nice, I have String, an Integer and two arrays in the session. But the session file behind is empty. I have redirected the session save path to one that is unique for this app, so there can't be anything that uses the session concurrently and destroys it by accident. The app itself doesn't call destroy, at least not in the normal workflow. All variables in the session have valid keys, no pipe or anything. no recursion, no NULL variables.

 

The phpinfo output says

 

PHP Version 5.1.6-1

System Linux server85.greatnet.de 2.6.27.7great_smp #1 SMP Wed Nov 26 10:52:56 CET 2008 i686

 

and register_globals is off.

 

Any hints?

 

Cheers,

SF

[PFMaBiSmAd]

Add the following lines of code immediately after your first opening <?php tag and before the session_start() statement  -

 

ini_set("display_startup_errors", "1");
ini_set("display_errors", "1");
error_reporting(E_ALL);

[SchlauFuchs]

I have done that. The only notice that is worth mentioning was

 

[function.import-request-variables]: No prefix specified - possible security hazard in [path]/index.php on line 81

 

the rest was about using unset variables in some places.

 

I have cleaned up a bit but this didn't change the root cause.

 

Next idea, please?

[mikesta707]

post your code?

[PFMaBiSmAd]

And confirm that sessions work using simple test code. If sessions work, then that would mean there is something in your code that is causing the problem.

 

It actually sounds like your page is being requested twice (either by the browser or due to code being included more than one or a redirect) or you don't have an exit statement after a header() redirect and the code itself is clearing the session variables.

[SchlauFuchs]

that will be a lot. Do you know the phpshop project? we have a private branch of the 0.6.2 release running here. I'll give you a link to it first:

 

http://www.wurstfrisch.de/?wsToken=gh1

 

In the top line (black on dark blue) of the page you can barely see the print_r output of the $_SESSION array just after session_start(). In the end of the page in the red bordered table you can find among others the print_r output of the $SESSION just before ending the page. there's nothing happening on the script after displaying that, beside of closing html tags.

 

If you refresh the page and when you got the PHPSESSID from the cookie the array in the top of the page should be filled properly. But isn't.

 

I tried to reproduce the issue with simple code that does with the session what our production code is doing but there I failed, the results look good. So I have something happen that I'm not aware of.

 

[SchlauFuchs]

BTW no redirects, and Firebug on client side doesn't show me a client redirect.

[PFMaBiSmAd]

Just because you can echo/print_r a variable named $_SESSION, does not mean that variable is part of a session, if the session_start did not actually start a session or you are closing the session before the variables are assigned values or you are doing something directly with the session id cookie...

 

There could literally be two dozen different things that could cause the symptom you are describing. Here is just one of them -

 

Caution

Do NOT unset the whole $_SESSION with unset($_SESSION) as this will disable the registering of session variables through the $_SESSION superglobal.

 

[SchlauFuchs]

the first print_r happens just after the line

session_start() or die ("Session could not be started.");

 

there is no code in the script that calls session_write_close, session_commit, session_unset or session_destroy. there is nothing like unset($_SESSION) happening

 

So I cannot actually see why the content of $_SESSION is lost at the end of the script or the session is void in the middle of it.

 

can you name the other two dozen causes minus the ones that can be excluded now? Please, so I can scan for them!

[SchlauFuchs]

just to add, as long as session_id() returns a non empty string I cann assume I'm in a valid session? the red block shows the session id as well and it is a valid one, the file to it exist but is empty - or not updated at the end of the script.

[Tonic-_-]

One thing I noticed with the session I had to use something like so..

 

<?php
session_name(blahblah);
session_start();

$_SESSION['blah'] = "Hello!!!!!!";
?>

Afterwards hello!!!!!!!!! is forever stored in blah till you use session destroy to clear it.