PHP Session data lost after submitting form but only on production environment, test environment works -


so have test environment i'm developing , production environment deploying code to. code have right works on test environment not on production environment. seems environment problem, if have no idea setting change.

right i'm trying test simple contact page has short form , captcha image. contact page sets session variable containing security_code displayed in captcha image on next page, called contactsanitize, can read variable session , verify user entered right code.

again, works fine on test environment. however, in production environment can fill out form , submit @ point session data lost , contactsanitize page sends me contact page because doesn't see code entered.

i not have session_destroy call anywhere in these pages , i'm not accidentally setting $_session variable empty array or else matter (i double , triple checked - works on test env, can't that)

below snippets log - each line contains timestamp and, if available, session id in addition comments. can see in fact contactsanitize have same session id it's session empty reason.

this contact.php page: 

debug  2013-04-04 18:23:07 (varsandsecuritycheck.php:74) page requires security, checking see if authenticated user. debug c744b62f483d1eb02fafbbd11f9e9bdb 2013-04-04 18:23:07 (varsandsecuritycheck.php:82) authenticated = false debug c744b62f483d1eb02fafbbd11f9e9bdb 2013-04-04 18:23:09 (contact.php:130) before security image debug c744b62f483d1eb02fafbbd11f9e9bdb 2013-04-04 18:23:09 (contact.php:134) invoking security image functions debug c744b62f483d1eb02fafbbd11f9e9bdb 2013-04-04 18:23:09 (captchasecurityimages.php:42) code: hwjdtvw7 debug c744b62f483d1eb02fafbbd11f9e9bdb 2013-04-04 18:23:09 (contact.php:137) after security image functions, session: array (     [security_code] => hwjdtvw7 ) debug c744b62f483d1eb02fafbbd11f9e9bdb 2013-04-04 18:23:09 (contact.php:152) after security image

i submit form , go contactsanitize.php validate user input:

debug  2013-04-04 18:23:24 (varsandsecuritycheck.php:74) page requires security, checking see if authenticated user. debug c744b62f483d1eb02fafbbd11f9e9bdb 2013-04-04 18:23:24 (varsandsecuritycheck.php:82) authenticated = false debug c744b62f483d1eb02fafbbd11f9e9bdb 2013-04-04 18:23:26 (contactsanitize.php:8) session: array ( )

as can see above session empty validation fails:

debug c744b62f483d1eb02fafbbd11f9e9bdb 2013-04-04 18:23:26 (contactsanitize.php:26) no security code , not authenticated, sending contact page. debug  2013-04-04 18:23:26 (varsandsecuritycheck.php:74) page requires security, checking see if authenticated user. debug c744b62f483d1eb02fafbbd11f9e9bdb 2013-04-04 18:23:26 (varsandsecuritycheck.php:82) authenticated = false

i sent contact.php page new security code generated:

debug c744b62f483d1eb02fafbbd11f9e9bdb 2013-04-04 18:23:29 (contact.php:130) before security image debug c744b62f483d1eb02fafbbd11f9e9bdb 2013-04-04 18:23:29 (contact.php:134) invoking security image functions debug c744b62f483d1eb02fafbbd11f9e9bdb 2013-04-04 18:23:29 (captchasecurityimages.php:42) code: xb66q6jy debug c744b62f483d1eb02fafbbd11f9e9bdb 2013-04-04 18:23:29 (contact.php:137) after security image functions, session: array (     [security_code] => xb66q6jy ) debug c744b62f483d1eb02fafbbd11f9e9bdb 2013-04-04 18:23:29 (contact.php:152) after security image

edit

i added additional logging show session_start call happens @ beginning of both pages. following lines appear @ beginning of contact , contactsanitize pages: 

debug  2013-04-04 19:26:15 (varsandsecuritycheck.php:74) page requires security, checking see if authenticated user. debug  2013-04-04 19:26:15 (varsandsecuritycheck.php:78) page secure, starting session now.

this small snippet varsandsecuritycheck.php page show log comes says "starting session":

$log->debug("page secure, starting session now."); session_start();

the following relevant parts of code contact.php: 

<?php     ...     //session started first include when secure connection verified     include_once "../includes/varsandsecuritycheck.php";     //this connects database, no session manipulation here     include_once "../includes/dbconnect.php";     //this includes functions generating captcha image     include_once "../captcha/captchasecurityimages.php";      //this including basic styling , navigation       include '../includes/header.php'; ?> ...     <form method="post" action="contactsanitize.php">     ...             $log->debug("just before security image");         ?>             <div class="centertext">                 <?php                     $log->debug("invoking security image functions");                     $_session['security_code'] = generatecode(8);                     $log->debug("after security image functions, session: ".print_r($_session,true));                 ?>                   <?=captchasecurityimages($_session['security_code'],320,70)?>              </div>             ...             <div class="centertext">                 <input id="security_code" name="security_code" type="text" maxlength="8" />                 <br><br>                 <input type="submit" name="submit" value="send message" class='generalformbutton' />             </div>         <?             $log->debug("just after security image");         }          ?>

this first part of contactsanitize page, can see fails @ first condition:

<?php  //this starts session when secure connection made include_once "../includes/varsandsecuritycheck.php"; //this connects database, no session manipulation here include_once "../includes/dbconnect.php"; //this includes e-mail functions, no session manipulation include_once '../includes/mail.php';  $log->debug("session: ".print_r($_session,true));   $_session['formdata'] = array('visitor_name' => $_post['visitor_name'],                 'visitor_email' => $_post['visitor_email'],                 'reasonforcontacting' => $_post['reasonforcontacting'],                 'message_body' => $_post['message_body']             );  if(!isset($_session['security_code']) && !$authenticated) {     $log->debug("no security code , not authenticated, sending contact page.");     $_session['contacterror'] = "you must type security code before sending message.";     header("location: contact.php");     exit(); } ...

as per last comment "session save path" not correctly set , has been corrected hosting provider.


Comments

Post a Comment

Popular posts from this blog

monitor web browser programmatically in Android? -

i've got tricky question here. need users make payment bank (namely barclaycard) in uk. so, have https url , add parameters (such amount pay, order reference, etc) url, start http connection intent.actionview, redirect user browser can enter credit card details on bank's webpage , make payment our account successfully. far ? the code use below (i changed values privacy reasons) problem is, need app when user has completed/failed/cancelled payment. barclaycardautomatically redirects particular url when payment has succeeded, 1 if failed. there no way of knowing when barclaycard payment has succeeded go android app somehow ? button cardbutton = (button) findviewbyid(r.id.card_button); cardbutton.setonclicklistener(new view.onclicklistener() { @override public void onclick(view arg0) { string prehashstring = new string(); string prohashstring = new string(); string shapassphrase = new string(); shapassphrase = "gsvth£h70zkh...
Read more

Shrink a YouTube video to responsive width -

i have youtube video embedded on our website , when shrink screen tablet or phone sizes stops shrinking @ around 560px in width. standard youtube videos or there can add code make go smaller? you can make youtube videos responsive css. wrap iframe in div class of "videowrapper" , apply following styles: .videowrapper { float: none; clear: both; width: 100%; position: relative; padding-bottom: 56.25%; padding-top: 25px; height: 0; } .videowrapper iframe { position: absolute; top: 0; left: 0; width: 100%; height: 100%; } the .videowrapper div should inside responsive element. padding on .videowrapper necessary keep video collapsing. may have tweak numbers depending upon layout.
Read more

wpf - PdfWriter.GetInstance throws System.NullReferenceException -

i'm trying create pdf document using itextsharp 5.3.4 using following document document = new document(); filestream stm = new filestream(filename, filemode.create); pdfwriter writer = pdfwriter.getinstance(document, stm); i'm getting system.nullreferenceexception following stack trace: system.nullreferenceexception occurred hresult=-2147467261 message=la référence d'objet n'est pas définie à une instance d'un objet. source=itextsharp stacktrace: à itextsharp.text.version.getinstance() innerexception: i've verified neither document nor stm null, , if select "continue" in vs12 document created - exception thrown. updated itextsharp 5.4.0 , it's still occurring. can't find information on anywhere - got ideas? make sure not catching exceptions. nullreferenceexception can 1 caught , handled inside itextsharp, don't care it. fact can continue supports theory. change following setting verify: debug -> exceptions ...
Read more