[Techtalk] Weird PHP session variable problem

Almut Behrens almut-behrens at gmx.net
Wed Feb 12 22:47:20 EST 2003


On Wed, Feb 12, 2003 at 09:07:12AM -0600, Vera Childs wrote:
> (...)
> -----
> function1:
> 
> session_register('GLOBAL_OBJECTS');
> $GLOBAL_OBJECTS['chpass']['step'] = 1;
> 
> function2:
> 
> if
> ((isset($GLOBAL_OBJECTS['chpass']['step']))and($GLOBAL_OBJECTS['chpass']['st
> ep']==1)) {
>   // Do stuff
>   // Eventually set step to 2 same way as done in function 1
> }
> -----
> 
> The above works. Now here's the weird thing... If I change 'chpass' in the
> above to 'chemail' (in all places, so that the password function is just
> using a different variable name, but still doing all the same things), it
> doesn't work! Change it back to 'chpass' and it works. I'm stumped!
> 
> I've rebooted the server (my desktop, used for development), but I still
> get the same results. I think it is a problem with the server (Mandrake
> Linux 9.0 with Apache 1.3.26 and PHP 4.2.3 installed from MDK rpms). I just
> don't know where to begin in resolving this issue.


I haven't done much serious PHP programming, so I'm definitely not an
expert for the PHP-specific details of the problem. In particular, I'm
not sure how much "magic" there's in PHP's session handling. Anyway,
maybe some more general comments help to put you on the right track.

To get a clearer idea of what's going on, I'd follow the variable step
by step to see where it gets lost somewhere along its path from
webserver to browser and back.

Basically, there are three methods of transfering session-ids and other
variables between webserver and browser in order to maintain state
information across individual HTTP requests.

(1) Cookies

Here, you'd have to investigate HTTP headers ("Set-Cookie" for webserver
-> browser direction, and "Cookie" for browser -> webserver) to find
out whether webserver and browser are communicationg in the desired
way. (Sometimes, the values are encoded in one way or another - which
could complicate debugging.)

(2) URL-munging

Variables and their values are embedded somewhere within the URL,
either as CGI parameters, e.g.

  http://www.mysite.org/path/to/page?sessid=1234567890&othervar=anyvalue

or in the path itself, e.g.

  http://www.mysite.org/1234567890/path/to/page?othervar=anyvalue

(3) Hidden HTML form variables

Variables are passed around through HTML forms with tags like

<form>
<input type=hidden name="sess" value="1234567890">
(...)
</form>

When the form is submitted the values of the hidden input fields are
being sent to the server.

The latter two are fairly easy to debug by looking at the HTML source,
the URLs and the webserver logs.


Independently of how fancy the server-side technology is, the basic
paradigm always boils down to one of those options, or a combination
thereof. The HTTP/HTML framework doesn't offer any other possibilites.

So, your first step would be to find out which method is being used
in your case. And then, trace the variable step by step in all the
places you'd expect it to appear.

Hope this helps,

Almut




More information about the Techtalk mailing list