Jump to content

Session variables not working properly


garbagegigo

Recommended Posts

Hi everyone,

 

I am trying to implement an OAuth system in PHP. I've got the code working but the very first time a fresh, new browser window is opened, the code doesn't work. If I refresh the page and try again, then it works. I have a few suspicions as to where the problem might be but other than that I am stumped.

 

I have two classes: OAuthServer and OAuthClient. I create and store an object of the appropriate class in session variables. I know this is tricky but I am serializing and unserializing properly. To fetch responses from the Server, I am using curl. As curl uses a different session from the browser, I am doing a session_write_close before initializing curl and passing the appropriate parameters to curl.

 

But my code needed to further write session variables even after session_write_close was called and to achieve this, I am calling session_start(), once again, after the curl code is finished. I found that this works but PHP was throwing warnings saying that the header info had already been sent or something like that, but I have suppressed such warnings. I suspect the error has something to do with this but I'm not sure.

 

The part that doesn't work the very first time is that on the server-side, the session variable that is supposed to contain the OAuthServer object is NULL. But if I do a refresh of the page(flow: login_page->error_page), it works.

 

Can anyone tell me why I am encountering the above error and if I am doing things correctly or not. Any help would be greatly appreciated.

 

Thanks & Regards,

GarbageGigo

Link to comment
Share on other sites

I create and store an object of the appropriate class in session variables. I know this is tricky but I am serializing and unserializing properly.

 

Php serializes and unserializes the session data automatically when it writes and reads the session data file, you don't have to. To store or reference an object in a session variable, all you need to do is have the class definition before the session_start() statement (so that php can recreate the object properly) and then either directly use a $_SESSION variable to hold the instance of the class (i.e. $_SESSION['an_object'] = new class_name();) or you make an instance in a scaler variable and assign that to a session variable (i.e. $object = new class_name(); $_SESSION['an_object']=$object;). To reference the object, you can either directly use the session variable  $_SESSION['an_object']->method(); or $_SESSION['an_object']->property; or you can assign the object back to a scaler variable $object = $_SESSION['an_object']; and reference the methods and properties as $object->method(); or $object->property;

 

The browser's session and the session id cookie you are propagating when using curl to access a page(s) don't have anything to do with each other. There would be no need to do any of the things you suggest.

 

I have suppressed such warnings

 

^^^ Hiding errors messages doesn't fix the problem. The error is still occurring and your code still doesn't work, but you have hidden the message that is telling you what error is preventing your code form working.

 

You need to rework your code taking into account the information I have supplied.

Link to comment
Share on other sites

Hi PFMaBiSmAd,

 

Thank you for your reply. If PHP handles class objects automatically, then that's great and it's less work for me.

 

The browser's session and the session id cookie you are propagating when using curl to access a page(s) don't have anything to do with each other. There would be no need to do any of the things you suggest.

 

I would like to respectfully disagree. I've tried it out and I encountered problems while not using the specific methods I said. I tried printing out the session id generated from curl and the browser, and they were different -- so they were using different sessions when I needed them to use the same one. I am using PHP 5.3 by the way.

 

But why isn't it working the first time but working from the second time onwards. What situation would warrant such behavior?

 

Thanks for your reply once again,

Link to comment
Share on other sites

Curl is used to make requests to (generally other) servers.

 

If you are using it to make a request to a server different from your own server (the normal case), there is no connection or relationship between the session on your server that was started by the browser and a session the curl request establishes on the other server.

 

If you are using curl to make a request back to the same server your script is running on, you are doing something the hardest and slowest way possible. You should be directly accessing code or data on your server through the file system, not by making http requests back to your own server.

 

What situation would warrant such behavior?

 

Among other things, an incorrect understanding of how something your code is using works or an assumption about an initial condition that isn't being satisfied. It's impossible to tell without seeing the code that reproduces the symptom. In programming, due to its general purpose nature and multiple ways of accomplishing any task, there is not a one to one relationship between any symptom and what is causing it. Six different people could have written code that implements the same application and they could all be getting the same exact symptom, but the actual cause could be different in each case because of differences in their actual code, data, and methodology used to implement the application.

Link to comment
Share on other sites

This thread is more than a year old. Please don't revive it unless you have something important to add.

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Restore formatting

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...

Important Information

We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.