tags:

views:

122

answers:

1
+1  Q: 

Inconsistent Session data from IE - cached sessions???

I'm trying to prevent some basic click-fraud on my site, and am building links based on session time data.

Everything works in FF, but in IE the information I'm storing in the session is somehow being changed.

When I load up the main page, I set my session variables like this

session_start();
$_SESSION['time']=time();

I'm out putting the session value into the page, so I get something like 1275512393.

When the user clicks on a link, I send an ajax request, and that page is returning the session which I am putting into an alert.

session_start();
echo $_SESSION['time'];
die();

The alert is returning 1275512422.

Only in IE is the $_SESSION['time'] being returned different from the original $_SESSION['time']

It doesn't appear that this is a caching issue, as the times are always VERY near each other, and the second one is always after the first, but I'm not positive.

--------update - issue caused by facebook javascript . no solution yet --------------

As i was stripping out code to post as recommended per MANCHUCK, I started to wonder if this bit of Facebook code was somehow causing the problem

FB.ini({appId: 'myappid', status: true, cookie: true, xfbml: true });

so I stripped that out and ran the page again, and now the $_SESSION times matched!!

So I found the problem. I thought maybe somehow that FB javascript was creating a session (note I'm only useing FB javascript, not the PHP api) that was somehow overwritting the values of my previous session.

I put the offending javascript back, and I tried changing the name of my session to $_SESSION['mytime'] or $_SESSION['time2'], but the problem still existed. I tried using other time functions like date('Y-m-d G:h:s'), or date('Y-m-d G:h:s').'test' but the time is always incremented by a few seconds when retrieving the $_SESSION from the second page.

I am amazed that something like this can happen, and can't imagine how it is possible, but I've gone back to it 4 times now, and every time I take out that one line of Javascript, everything works!

Unfortunately, not using facebook connect isn't really an option for this project.

+1  A: 

My guess is that the main page is being executed twice, which is causing the session to restart with a new value assigned to $_SESSION['time']. That is why it is always slightly incremented. Look at your web server logs, or use Fiddler to see if the page is being requested twice. If so, this may help.

Gary  2010-06-03 14:25:04

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases