tags:

views:

111

answers:

4
+2  Q: 

PHP session variable changes between pages

I have a session variable that I set like this:

<?php
$token = md5(uniqid(rand(), true));
session_start();
$_SESSION['token'] = $token;
print $_SESSION['token'];
?>

Then on another page I have this:

<?php
session_start();
print $_SESSION['token'];
?>

The problem is that they don't match. I get two completely different strings. register_globals is off. I did notice that when I set md5(....) to a constant string eg: md5('example') that it works as expected and the two strings match. But that shouldn't matter. Any ideas on what's going on here?

EDIT: Apache Acces Log:

127.0.0.1 - - [18/Sep/2010:17:46:09 -0500] "GET /index.php HTTP/1.1" 200 3182 "-" "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_4; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.472.59 Safari/534.3"
127.0.0.1 - - [18/Sep/2010:17:46:09 -0500] "GET /style/style.css HTTP/1.1" 304 - "http://cmb.local:8888/index.php" "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_4; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.472.59 Safari/534.3"
127.0.0.1 - - [18/Sep/2010:17:46:09 -0500] "GET /js/signup.js HTTP/1.1" 304 - "http://cmb.local:8888/index.php" "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_4; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.472.59 Safari/534.3"
127.0.0.1 - - [18/Sep/2010:17:46:09 -0500] "GET /index.php HTTP/1.1" 200 3182 "http://cmb.local:8888/index.php" "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_4; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.472.59 Safari/534.3"
127.0.0.1 - - [18/Sep/2010:17:46:10 -0500] "GET /index.php HTTP/1.1" 200 3182 "http://cmb.local:8888/index.php" "Mozilla/5.0 (Macintosh; U; Intel Mac OS X 10_6_4; en-US) AppleWebKit/534.3 (KHTML, like Gecko) Chrome/6.0.472.59 Safari/534.3"

I'm not quite sure how to read that but it looks to me that my file (index.php which I assume is the '/') is being called three times. Am I reading that right? What's going on there?

+1  A: 

Looks weird. That first chunk of code that resets the token must have been run again somehow.

vassilis  2010-09-18 21:56:57
+1  A: 

The only solution I can think of is that you are making a second request to the first page without knowing it. You should probably check your apache access log for this second access...

Making a simple request counter would be another solution to check this:

$_SESSION['counter'] = isset($_SESSION['counter'])? $_SESSION['counter'] +1 : 0;
greg0ire  2010-09-18 21:57:06
Yep...that's the problem. When I put this code in there I get 2. I can't figure out why though... It's a static page except for the token part. No looping, updating content, etc...
WillyG  2010-09-18 22:08:37
I posted my Apache Access log above.
WillyG  2010-09-18 22:20:35
you mean each time you refresh the page, 2 is added instead of one? You see 2, 4, 6, etc ? Do you have any special extension in your browser? Like HTML validator for firefox?
greg0ire  2010-09-18 22:25:58
Actually it goes up by 3 (3, 6, 9...) No extensions that I know of...plain old Chrome.
WillyG  2010-09-18 22:30:19
See here how to add the referer and User-agent to your access log : http://httpd.apache.org/docs/2.0/logs.html#page-header (might be useful)
greg0ire  2010-09-18 22:38:06
Updated access log above with header and user-agent info, but I still don't get why the page is being requested 3 times.
WillyG  2010-09-18 22:50:19
No difference between the user-agents, this means all request are issued from your browser... how about testing with another browser to see if the problem comes from Chrome?
greg0ire  2010-09-18 23:00:30
Already tried that, and I got the same results.
WillyG  2010-09-18 23:09:54
really?!? I guess it must be your js script then... could you post its content? Perhaps it makes some ajax calls or something.
greg0ire  2010-09-19 10:07:38
+1  A: 

You will notice that every time you revisit the first page, your session variable will change. Since it works for a constant string, 'example', I will assume that you revisit page 1 to view what is stored there.

A fix could be checking to ensure that that session variable is not set before you set it again. i.e.

<?php
session_start();
if(!empty($_SESSION['token'])){
    $token = md5(uniqid(rand(), true));
    $_SESSION['token'] = $token;
}
print $_SESSION['token'];
?>

This chunk of code should work as expected.

partoa  2010-09-18 22:03:39
Nope, same problem, but thanks for trying!
WillyG  2010-09-18 22:08:56
A: 

Completely stupid mistake on my part. I had some empty <img> tags in there that were causing the extra requests. facepalm Sorry everyone, problem solved. Thanks for your help!!

WillyG  2010-09-19 00:14:21

related questions

IDE suggestions: Eclipse IDE vs. Zend Studio ( confused )
MySQL/Apache Error in PHP MySQL query
Lightweight IDE for Linux
What PHP framework would you choose for a new application and why?
Why is my ternary expression not working?
How can I get at the matches when using preg_replace in PHP?
Mechanisms for tracking DB schema changes
Wordpress theme development offline tools
Using object property as default for method property
How can I get the authenticated user name under Apache using plain HTTP authentication and PHP?
Make XAMPP/Apache serve file outside of htdocs
How do you debug PHP scripts?
PHP Variables passed by value or by reference?
Best way to implement unit testing in PHP
Connect PHP to an AS/400
Best way to access Exchange using PHP?
PHP Session Security
How do I access a remote form in php?
What's the best way to generate a tag cloud from an array? (using h1 through h6 for sizing)
Apache/PHP: error_log per Virtual Host?
How do I track file downloads with apache/PHP
How would you access Object properties from within an object method?
Flat File Databases in PHP
Best way to allow plugins for a PHP application
Latest information on PHP upcoming releases