Session is partly lost sometimes (hard to reproduce)

[vriezerweb]

[ ENGLISH ]

 

I have a very strange problem, and I think (not 100% sure) it started to occur when we upgraded the PHP and apache version of our server.

Case is, we have a web application, in which the user fills in a paged questionnaire. After each 'Next' button is hit, the answers are stored in $_SESSION['answersessions'][<quesstionaireId>]. When the last page is shown and the user clicks 'Finish', the answers from session are stored in the database. This almost always works correctly, but sometimes (very hard to reproduce) the following happens:

 

The user gets these messages:

 

Warning: Creating default object from empty value 

 

This happens on the line:

$_SESSION['answersessions'][$_POST['questionnaireId']]->createDate = new DateTime; 

followed by

 

Fatal error: Call to undefined method stdClass:Save()

 

Which happens on this line:

$_SESSION['answersessions'][$_POST['questionnaireId']]->Save();

In both cases, obviously $_SESSION['answersessions'][$_POST['questionnaireId']] is not set anymore. But the session itself is not lost, the user is still logged in.

 

Does anyone have a slight clue what's going on?

 

I have already made sure the user cannot doubleclick the submitbutton by adding a jQuery click handler like:

$("#questionform").on("submit", function(){
if ($("#questionform").valid())
         $('#nextbutton').hide();
        });

Some settings form phpinfo():

 

session.cache_expire: 180

session.gc_maxlifetime: 1440

session.cookie_lifetime: 0

 

 

[Jacques1]

Besides the (potential) session issues, there's clearly something wrong with both your PHP configuration and your validation.

 

Users should never see internal PHP errors. Turn those off and enable logging instead. Also, input must always be validated. If there's a problem, you display a meaningful error message (e. g. “Invalid questionaire ID”) and possibly log additional information for debugging (like the invalid ID and the current session content).

 

So fix this first. Does the ID parameter even make sense? You said you have one questionaire, so why do you need the user to provide the ID all the time?

[vriezerweb]

Jaqes1, I totally agree with the things you are pointing out, but it's old software and I have to deal with it. But.. that doesn't explain the symptoms. Of course we can rewrite the entire piece of software in a more decent style, but that's economically impossible (quite a large application). So I am focussing on trying to get it 100% of the times working again instead of 99% of the times.

[maxxd]

Sounds like in certain situations, the standard class object stored in answersessions isn't being instantiated. Take a look at the logic flow and see if there's a path around the instantiation.

[Jacques1]

But.. that doesn't explain the symptoms.

 

I've just told you how to investigate the problem: If the array index is invalid, log both the ID and the session content.

 

None of us is psychic, so if you expected us to just pull out the magic bugfix, that won't happen. Especially when there's a problem with the whole application.

[vriezerweb]

The thing is, it's not a stdClass instance, it's an instance of the Answer class.

Jacques1, of course I don't expect anyone to fix the problem for me, only thing I ask is if anyone has a slight clue what might cause this.. and if anyone has had issues before with session vars getting lost.

 

Seems I'm not quite the only one having these problems:

 

https://www.google.nl/search?num=100&espv=2&q=php+session+sometimes+lost&oq=php+session+sometimes+lost

[mac_gyver]

I don't expect anyone to fix the problem for me

 

 

that''s not what he stated. you are the only person here that can investigate what your code and your data are doing. in order to fix a problem, you must find what is causing it. otherwise, all you are doing is trying to make symptoms disappear, which will just mess up the code and leave the problem intact.

 

in programming, except for very overt problems, there is not a 'one symptom' is always caused by exactly 'one thing' relationship, because there are multiple different methods of accomplishing any task. a dozen different people could have written a questionnaire application, that produces the same exact symptom you are getting, and the cause could be different in each application.

 

the error and line of code you posted is only the tail-ass-end of the problem, it's a symptom. without knowing fully how your code got to that execution point and what processing it is doing on the data up to that point, we cannot even suggest what to do to narrow down the problem.

 

had the code been written with validation and error checking/reporting logic in it, the code would be helping you by telling you the first point where something wasn't as expected, rather than continuing to execute and giving you a php error at the tail-end of the problem. fundamentally, if the code is well written, it will tell you when, where, and why it is failing. no one is suggesting rewriting all the code, but if it doesn't have useful validation and error checking/reporting logic in it now, it was never actually finished to begin with and still needs some work done on it.

 

the only hints i can give are general purpose debugging -

 

1) do you have php's error_reporting set to E_ALL? you are likely getting related Notice errors earlier in the code that could help pin down the problem. you may in fact be getting an undefined index Notice error at the same line code you have posted.

 

2) is php's output_buffering turned OFF, so that messages your code echos and php error messages won't be hidden if the code is doing header() redirects.

 

3) because it's random, it's due to either a race (timing/request) condition, an initial (initialization) condition, or assumption that the code and data are making.

 

beyond those, you have got an application that doesn't work. you would need to post enough of the code that reproduces the problem for us to even be able to give specific suggestions on what to check.

Edited November 11, 2016 by mac_gyver

[maxxd]

The thing is, it's not a stdClass instance, it's an instance of the Answer class.

 

Sounds like in certain situations, the Answer object stored in answersessions isn't being instantiated. Take a look at the logic flow and see if there's a path around the instantiation.