Session variables not working properly

[garbagegigo]

Hi everyone,

 

I am trying to implement an OAuth system in PHP. I've got the code working but the very first time a fresh, new browser window is opened, the code doesn't work. If I refresh the page and try again, then it works. I have a few suspicions as to where the problem might be but other than that I am stumped.

 

I have two classes: OAuthServer and OAuthClient. I create and store an object of the appropriate class in session variables. I know this is tricky but I am serializing and unserializing properly. To fetch responses from the Server, I am using curl. As curl uses a different session from the browser, I am doing a session_write_close before initializing curl and passing the appropriate parameters to curl.

 

But my code needed to further write session variables even after session_write_close was called and to achieve this, I am calling session_start(), once again, after the curl code is finished. I found that this works but PHP was throwing warnings saying that the header info had already been sent or something like that, but I have suppressed such warnings. I suspect the error has something to do with this but I'm not sure.

 

The part that doesn't work the very first time is that on the server-side, the session variable that is supposed to contain the OAuthServer object is NULL. But if I do a refresh of the page(flow: login_page->error_page), it works.

 

Can anyone tell me why I am encountering the above error and if I am doing things correctly or not. Any help would be greatly appreciated.

 

Thanks & Regards,

GarbageGigo

[PFMaBiSmAd]

I create and store an object of the appropriate class in session variables. I know this is tricky but I am serializing and unserializing properly.

 

Php serializes and unserializes the session data automatically when it writes and reads the session data file, you don't have to. To store or reference an object in a session variable, all you need to do is have the class definition before the session_start() statement (so that php can recreate the object properly) and then either directly use a $_SESSION variable to hold the instance of the class (i.e. $_SESSION['an_object'] = new class_name();) or you make an instance in a scaler variable and assign that to a session variable (i.e. $object = new class_name(); $_SESSION['an_object']=$object;). To reference the object, you can either directly use the session variable  $_SESSION['an_object']->method(); or $_SESSION['an_object']->property; or you can assign the object back to a scaler variable $object = $_SESSION['an_object']; and reference the methods and properties as $object->method(); or $object->property;

 

The browser's session and the session id cookie you are propagating when using curl to access a page(s) don't have anything to do with each other. There would be no need to do any of the things you suggest.

 

I have suppressed such warnings

 

^^^ Hiding errors messages doesn't fix the problem. The error is still occurring and your code still doesn't work, but you have hidden the message that is telling you what error is preventing your code form working.

 

You need to rework your code taking into account the information I have supplied.

[garbagegigo]

Hi PFMaBiSmAd,

 

Thank you for your reply. If PHP handles class objects automatically, then that's great and it's less work for me.

 

The browser's session and the session id cookie you are propagating when using curl to access a page(s) don't have anything to do with each other. There would be no need to do any of the things you suggest.

 

I would like to respectfully disagree. I've tried it out and I encountered problems while not using the specific methods I said. I tried printing out the session id generated from curl and the browser, and they were different -- so they were using different sessions when I needed them to use the same one. I am using PHP 5.3 by the way.

 

But why isn't it working the first time but working from the second time onwards. What situation would warrant such behavior?

 

Thanks for your reply once again,

[PFMaBiSmAd]

Curl is used to make requests to (generally other) servers.

 

If you are using it to make a request to a server different from your own server (the normal case), there is no connection or relationship between the session on your server that was started by the browser and a session the curl request establishes on the other server.

 

If you are using curl to make a request back to the same server your script is running on, you are doing something the hardest and slowest way possible. You should be directly accessing code or data on your server through the file system, not by making http requests back to your own server.

 

What situation would warrant such behavior?

 

Among other things, an incorrect understanding of how something your code is using works or an assumption about an initial condition that isn't being satisfied. It's impossible to tell without seeing the code that reproduces the symptom. In programming, due to its general purpose nature and multiple ways of accomplishing any task, there is not a one to one relationship between any symptom and what is causing it. Six different people could have written code that implements the same application and they could all be getting the same exact symptom, but the actual cause could be different in each case because of differences in their actual code, data, and methodology used to implement the application.