PHP Session headache

software development

#1

I am in the habit of storing a class object in the session for members only areas and checking for the existence of that object to validate a user’s access to a particular page. This has worked great for me until now. I have one domain hosted by Dreamhost where this does not work. When I retrieve the object from the $_SESSION it is null. I have two other domains hosted by Dreamhost currently using this validation method and have used it on other domains that are now defunct. I am at a loss to explain why this is not working. If I retrieve the object on the same page that I first register the variable, it returns the object as I expect. Every page after that returns null. Has anyone else run into this? Does anyone have any suggestions? I have spend hours trying to debug this and I am at my wit’s end.

Any help is greatly appreciated.

-Sean


#2

I had a similar problem with sessions recently and when I disabled the new ‘extra web security’ option it went away. I also only had the problem with sessions with the domain when I was running php as Apache. It was fine when I ran php as cgi with the new security stuff.

You can disable the extra web security option by going into the control panel - domains > web > then select the edit link by the domain you want to change. (You might also consider running php as cgi if you don’t have a reason for doing so - the option is right above ‘extra web security’.) Obviously, leaving the extra web security would be preferable if someone else knows another way to address the issue.

Must stress that I am new to php - I just had a similar experience so I thought I would chime in.


#3

Is it possible to post code from your pages?
Usual problems are you’re missing session_start() by accident from some pages?
Stuff done in sessions won’t change till the next time you load a page so you can’t use it elsewhere on the same page or something (or is that just cookies)?
Have you used serialize and deserialize to store your class information?
Use a print_r($_SESSION) below session_start() so you can see what’s in the session.


#4

I found the problem, though I’m still at a loss to explain it. I had been doing the following:

[code]$parishoner = null;
if( array_key_exists( ‘parishoner’, $_SESSION ) )
$parishoner = $_SESSION[“parishoner”];

if( $parishoner == null )
// bail
[/code]I don’t understand why setting $parishoner to null first would interfere with the later assignment, but it does.

Now the code is:

if( array_key_exists( 'parishoner', $_SESSION ) ) $parishoner = $_SESSION["parishoner"]; else // bail It works fine. Go figure.

-Sean


#5

Just as a note, you should use {} around your if statements, even if you only use one one statement in the if, it’s good programming practice.
If you use

$parishoner = null;
if( array_key_exists( ‘parishoner’, $_SESSION ) ){
$parishoner = $_SESSION[“parishoner”];
echo “Set parishoner
”;
}
if( $parishoner == null ){
// bail
}

You can check if it is actually setting the session when it’s not supposed to… if you know what I mean?
You could always use as well

$parishoner = “”;
if( array_key_exists( ‘parishoner’, $_SESSION ) ){
$parishoner = $_SESSION[“parishoner”];
echo “Set parishoner
”;
}
if( !empty($parishoner)){
// bail
}

but else is the better way… I guess it all depends on how you learn PHP. If/else combinations are better than checking to see if something is set to default values.