Why sometimes PHP doesn't get any input at all?

[ArtemG]

Hi!

 

I have interesting problem which I can't figure out for a long time.

 

Our website uses its own session handling module. It provides a unique ID to a user i.e. SID. Copy of a SID is stored in the database.

 

Each link must have this SID as one of the parameters as well as each form should have it too. Otherwise, the website will think that a user is not logged in and it will keep generating a new SID.

 

Also, I just noticed that the website stores cookies with SID, however, the website works perfectly without cookies. I tested in on highest security settings in IE and I blocked all cookies.

 

The problem is that sometimes a user is getting logged out.

 

We investigated the issue and found out that when it happens PHP does't get any input at all.

 

No $_POST, no $_COOKIE, no php://input ... Nothing!

 

However, the log files clearly shows that URL contains SID.

 

This issue was not a big deal until recenly - when we started to use AJAX for some forms - we started to receive a lot of complains. It seems that AJAX requests increased the rate of getting this issue. It is very anoying for a user, when he/she losts all the data in the middle of entering it (we started to use AJAX in some forms).

 

We have like 20-40 users daily using the website. AJAX forms might generate 1-3 requests per 1-2 secons - it is maximum. So Apache might will get 100 requests in one second - that's the maximum.

 

Our webserver uses SSL. We use mod_rewrite to redirect all requests to HTTPS://.  Can it be the problem with mod_rewrite ?

 

I'm already desperate with this issue.

 

I will really appreciate any help on this.

[PFMaBiSmAd]

Is your code using $_GET to access the value or is it using $_REQUEST? Also, what does a phpinfo(); statement show for register_globals?

[ArtemG]

We check everything $_GET, $_REQUEST and $_POST. Strangest thing is that all of them are empty.

 

Phpinfo function is disabled, however, I looked into INI file and register_globals is off

[ArtemG]

I showed the topic to our Team Leader and he told me that I wrote it wrongly. Sorry for disinformation.

 

Problem 1 is that sometimes in AJAX requests $_POST doesn't have any data, however, $_GET cointains SID. As a result everything that  a user is entered is getting lost. User enters the products into the form line by line. In 99% cases everyhing is okay, and just sometimes $_POST is empty, and sometimes a few times in a row. We use only IE8 (with Compatibility mode), IE7 and IE6 only. Maybe it is connected to the load on the server?

 

Problem 2, which is most interesting (and I think it is connected with 1) is a random logout of users from random pages. We will add a log on this to see if there is anything in $_GET, and  I will post the results here.