Duplicate session variables

[laowai]

Hi,

 

I'm having a wierd problem related to session variables. It looks like variables would get duplicated inside same session, which of course should not be possible.

 

Background:

This problem exists on one page script which creating a quote request system where users can select different products and get quote for those. Quote system creates quote ID per customer and all products selected in one session should go under the same quote ID. Problem is that sometimes when user selects products second quote ID is created and after that products are randomly added into both of quotes. While trying to solve this problem I added simple logs to see what's going on, those are added below.

 

Problem seems to be caused by duplicated session variables. At somepoint it looks like session variables are not defined any more and new quote ID is created. After that the old and new session variables seems to be used randomly.

 

To demonstrate the problem I added session variable called 'counter' which is defined if it does not exist and incremented always when page is reloaded by submitting the form. As you can see from below logs the 'counter' variable seems to have duplicate values, see the quote value to separate two different session variable "sets".

 

 

<?php session_start();

echo "\n Current session id: ".session_id();

echo "\n _SESSION['quote']: ".$_SESSION['quote'];

$_SESSION['counter'] = isset($_SESSION['counter'])? $_SESSION['counter'] +1 : 0;

echo "\n _SESSION['counter']: ".$_SESSION['counter'];

 

 

Output when page is reloaded(form submitted):

 

Current session id: r5i15u4s9e20ud4j6jke8ln376

$_SESSION['quote']: 

$_SESSION['counter']: 0

set  _SESSION['quote']: 984

 

Current session id: r5i15u4s9e20ud4j6jke8ln376

$_SESSION['quote']:

$_SESSION['counter']: 0

set  _SESSION['quote']: 985

 

Current session id: r5i15u4s9e20ud4j6jke8ln376

$_SESSION['quote']: 985

$_SESSION['counter']: 1

 

Current session id: r5i15u4s9e20ud4j6jke8ln376 

$_SESSION['quote']: 985 

$_SESSION['counter']: 2 

 

Current session id: r5i15u4s9e20ud4j6jke8ln376 

$_SESSION['quote']: 984 

$_SESSION['counter']: 1 

 

Current session id: r5i15u4s9e20ud4j6jke8ln376 

$_SESSION['quote']: 985 

$_SESSION['counter']: 3 

 

Current session id: r5i15u4s9e20ud4j6jke8ln376 

$_SESSION['quote']: 984 

$_SESSION['counter']: 2 

 

 

Could anyone explain how the 'counter' can behave such way inside same session (based on session ID)?

This is far beyond my knowledge and I would highly appreciate any advice or tip how to solve this porblem. Thanks.

 

BestRegards,

Laowai

[laowai]

---EDIT---

Added 'echo serialize($_SESSION);' to output session variables in the begin and end of the page to demonstrate problem more clearly.

 

 

<?php session_start();

echo "\nSerialized data at begin of page: ";

echo serialize($_SESSION);

 

echo "\n Current session id: ".session_id();

echo "\n _SESSION['quote']: ".$_SESSION['quote'];

$_SESSION['counter'] = isset($_SESSION['counter'])? $_SESSION['counter'] +1 : 0;

echo "\n _SESSION['counter']: ".$_SESSION['counter'];

OUTPUT:

 

Initial loading of page:

  Serialized data at begin of page: a:0:{}

  Current session id: vbbpohof2jo757eaj5jrp4dv02

  $_SESSION['quote']: 

  $_SESSION['counter']: 0

  ...

  Serialized data at end of page: a:1:{s:7:"counter";i:0;}

 

 

Page 1. reload by form submit:

  Serialized data at begin of page: a:0:{}

  Current session id: vbbpohof2jo757eaj5jrp4dv02

  $_SESSION['quote']: 

  $_SESSION['counter']: 0

  ...

  Serialized data at end of page: a:3:{s:7:"counter";i:0;s:8:"quote";i:1023;s:9:"quotedate";s:10:"2010-11-18";}

 

 

Page 2. reload by form submit:

  Serialized data at begin of page: a:1:{s:7:"counter";i:0;}

  Current session id: vbbpohof2jo757eaj5jrp4dv02

  $_SESSION['quote']: 

  $_SESSION['counter']: 1

  ...

  Serialized data at end of page: a:3:{s:7:"counter";i:1;s:8:"quote";i:1024;s:9:"quotedate";s:10:"2010-11-18";}

 

 

Page 3. reload by form submit:

  Serialized data at begin of page: a:3:{s:7:"counter";i:0;s:8:"quote";i:1023;s:9:"quotedate";s:10:"2010-11-18";}

  Current session id: vbbpohof2jo757eaj5jrp4dv02

  $_SESSION['quote']: 1023

  $_SESSION['counter']: 1

  ...

  Serialized data at end of page: a:3:{s:7:"counter";i:1;s:8:"quote";i:1023;s:9:"quotedate";s:10:"2010-11-18";}

 

Page 4. reload by form submit:

  Serialized data at begin of page: a:3:{s:7:"counter";i:1;s:8:"quote";i:1024;s:9:"quotedate";s:10:"2010-11-18";}

  Current session id: vbbpohof2jo757eaj5jrp4dv02

  $_SESSION['quote']: 1024

  $_SESSION['counter']: 2

  ...

  Serialized data at end of page: a:3:{s:7:"counter";i:2;s:8:"quote";i:1024;s:9:"quotedate";s:10:"2010-11-18";}

 

Page 5. reload by form submit:

  Serialized data at begin of page: a:3:{s:7:"counter";i:1;s:8:"quote";i:1023;s:9:"quotedate";s:10:"2010-11-18";}

  Current session id: vbbpohof2jo757eaj5jrp4dv02

  $_SESSION['quote']: 1023

  $_SESSION['counter']: 2

  ...

  Serialized data at end of page: a:3:{s:7:"counter";i:2;s:8:"quote";i:1023;s:9:"quotedate";s:10:"2010-11-18";}

I hope this demonstrates my problem better than unclear original description. Sorry for that. This time "two concurrent" session variable arrays, if such can be, seem to be active one after another. Sometimes other is active few times and then another...

 

---EDIT---

 

[PFMaBiSmAd]

Since you haven't posted all the code involved (including your form), it is not directly possible to eliminate your code as the cause of the problem.

 

Another possibility (when variables change value on their own) is that register_globals are on and you have same name session/post/get/cookie/program variables and they are overwriting each other. What does a phpinfo(); statement show for register_globals?

[laowai]

register_globals is set OFF:

 

if (ini_get('register_globals') == 1){echo "\n Register Globals turned ON ";}

else {echo "\n Register Globals turned OFF";}

 

Output:

Register Globals turned OFF

 

I understand that it's difficult to comment without sources but if you focus on 'counter' session variable, which I can assure is unique and not modifed anywhere else than in the begin of page:

 

$_SESSION['counter'] = isset($_SESSION['counter'])? $_SESSION['counter'] +1 : 0;

echo "\n _SESSION['counter']: ".$_SESSION['counter'];

 

What else than some issue with session variable arrays could explain the output?

 

Btw, I cannot reproduce problem in localhost. Only in server where website is hosted.

 

Thanks a lot for your interest to this issue! I'm looking forward if you would have ideas what could cause such bizarre behaviour.

 

[PFMaBiSmAd]

No one asked you to use ini_get() to check register_globals as ini_get might be disabled and could return an indication dependent on your logic order.

 

If you aren't, can't, or won't post all the relevant code, I don't know what level of help you were expecting to get on a forum. 

[laowai]

Sorry, my mistake. Here is output of 'phpinfo()':

Directive    Local Value    Master Value

register_globals Off Off

 

What more relevant code related to 'counter' session variable there can be than I have already posted?

You can see from session variable serialization what are the values when page is reloaded and you can see the code how it's set. As the session remains same there is no explanation how the value can be decrement.

 

I really appreciate your comments and hope to get more good ideas what should be checked.

[Anti-Moronic]

I think the key to the problem is here:

 

"Btw, I cannot reproduce problem in localhost. Only in server where website is hosted."

 

Of course, I still don't have a clue. But that is a pretty big indicator it is down to either code mismatch or server environment.

[laowai]

I agree that the key point is that problem can be reproduced only on real server and I also believe it can be related to server environment. I just have no idea what could cause such behaviour which no-one else seems never witnessed based on lot of googling.

 

If you mean with code mismatch that there would be different version on server and localhost, that's not possible as I have uploaded latest version to server and isolated problem to one 'test.php' file.

 

As the source is not mine, I'm trying to help friend in trouble, I would not like to publish it.

[laowai]

I attached all details provided by 'phpinfo()' in html format in case someone would have time to give a peek to server configurations. Thanks.

 

[attachment deleted by admin]

[laowai]

I have confirmed that this is 100% sure server side problem.

 

I'm facing now random problems also with shopping cart and captcha check. I created simple test to debug randomly failing captcha check and finding was that it fails sometimes because session variable is old containing old captcha, the one user input in previous trial.

 

Any ideas what else than code could be causing such random session variable problems?

[PFMaBiSmAd]

Have you asked the web host is any other accounts are having session problems or if the web server this account is on is currently experiencing problems?

[laowai]

I created simple script to simulate the problem where I dump session variables in the begin and the end of page. Page is having single button which will refresh the page and in the begin of page is counter which is stored into session variables. Finding was that if pressing button quickly everything works well but if waiting >10s then session variables are empty (counter variable) and after that when pressing the button either original counter or concurrent session variable array counter is incremented.

 

I also isolated the problem into the server where original problematic website is hosted. Problem cannot be reproduce in localhost nor other server which I tested. So the conclusion is that some configuration in server is wrong or there is a bug in PHP 5.2.9 or some other component.

 

I will contact server hosting company to sort out what is the problem on server side.

 

Thank you all for your comments.