Cookie And Session Problem

[johannsnr]

Hi I am having trouble with setcookie and php sessions. In the file cart.php it creates or checks for a cookie. That works fine and I can find the same cookie id in phpmyadmin in carts table. The problem is when I click on 'checkout' the next page shows emptycart.html and redirect to cart.php. In the browser a new cookie id was generated and sometimes a new phpsession as well that does not match up with the cookie id in carts table. HELP!

[JayAtHome]

This probably doesn't help at all, but I have had a website working for over a year, and just recently it broke because it can't start the session.  It seems something changed from my hosting service, that affected the sessions.  I have seen some posts that indicate the problem was that the session write directory was non-existent, or that there were no write permissions to that directory.

I haven't investigated enough to fix my problem.  I have decided to start building a machine to host my web site from my home.  It will probably take a month or more for me to get everything set up correctly.  But at least it will be cheaper for a better machine, and I won't have any surprises from some back-end change.  (In all fairness, my hosting company has been pretty good, and if I spent a little time on the issue I could probably get it working again, but I am working on creating a build from source LAMP system, that will create /j5c/p001 (my production directory) and when I change something, I will create /j5c/p002 etc.  So that I will always have a fallback within seconds.  The j5c is part of my company name.

Anyhow, I am going to create this so that other people can use the tool I create to create their own LAMP system from source.  If this is something that you would be interested in please send an email to jay.a.carlson@gmail.com

[johannsnr]

I have built and tested more than one website using Larry's model and the new site was working to a point, I think up to billing.php and then it stopped.

If I remember correctly there was a update from Microsoft for edge, but I have tried the website in Firefox and Chrome with the same problem.

I have a running server with Ubuntu and Nginx. It does create the sessions just not the same one, so for every php file and view page a different session is created and when you close the browser, delete history and cookies and then open the browser again it will bring up the original cookie up to cart.php. 

 

From what I can see and tested as soon as you go to checkout.php it checks for the cookie and can't find it so it redirects the user back to cart.php which then creates a new cookie and then obviously the cartempty view is displayed because there is nothing in the cart because of a new cookie.

[johannsnr]

found the culprit, but don't understand why. In cart.php on line 17

 

// Send the cookie:
setcookie('SESSION', $uid, time()+(60*60*24*30), '/' );

 

and changed it to

 

// Send the cookie:
setcookie('SESSION', $uid, time()+(60*60*24*30));

 

which solved the problem, if I add my domain nothing works.

 

Larry maybe you can shed some light here. Am I making a noob mistake or am I missing something from php.ini because my path is set to root in php for cookies.

[johannsnr]

This morning the problem is back. Could anyone perhaps give some insight to this problem, because it does not make any sense whatsoever. 

 

 

[johannsnr]

A little help would be appreciated on this  problem, please. I had another stab at it and as far as I can figure out is that at the start of pages leading up to billing.php somewhere I have a problem. That is that, I think there is a problem in the code in the way I display the products where a customer can select a product and add it to his cart. Reason I figured is if I add a product to a cart everything works until I proceed to checkout, but if I update quantities before checkout it works fine. Hope my explanation makes sense.

 

Please anyone??

[johannsnr]

I am very disappointed in this forum which is supposed to be to help with question. I have posted on this topic more than once asking for help with not a single response from the writer. I have bought no less than 5 of your books, Larry and now I am struggling with no response from you. Perhaps it is time for me to seek another writer.

 

I am sure I am making a beginner mistake but need a little help in finding the solution. Your response will be greatly appreciated.

[Larry]

What are the URLs involved? Changing a domain, subdomain, or folder, could be the cause. 

[johannsnr]

Hi Larry

I have to a point given up on understanding what the problem is because the code simply don't work. I have spent more than a week 14 to 16 hours a day trying to figure out where the problem is and I got nowhere. Looks like using cookies and sessions in browsers are just impossible and the results are never what you expect. Another way should be found! 

 

I have tried changing the code to something simple like just returning the session id and that does not even work, so I have no clue where to go from here which means my whole website project is in the water, together with my business.  Searching the web for answers is pointless. I have been working on this project for 2 years all together and this simple thing of sessions is destroying it and I have trying numerous browsers.

 

I have changed my server setting to only use the domain without the www part and that does not work either thinking that the problem was in the url. I have tried different session values, different cookies every possible angle I could think of.

 

Obviously without a session id on the site none of the code and database works so the whole thing is dead and nothing more than pages of code doing nothing. Not a happy camper at this stage!  Not to mention the tons of books I have read up on this subject and none of them discuss sessions, cookie, browser behaviour and so on in detail. It is like building a car but there is no road to drive on.

 

Can I perhaps mail you the code for my site, where the session issue start or maybe can you refer me to more info on sessions something practical that one can actually use, maybe you can write another books just on browser behaviour because it seems to be a real issue.

 

I have even tried code separately checking for the current session id and that does not work either on multiple browsers, Firefox, Chrome, Edge none of them work. I can see the session from page to page, with your original code the cookie simply changes everytime the browser is refreshed. In the database the wrong value is recorded, usually the previous session id or new generated value. On the pages source view I can see the values of the cookie and session but other than that, the history or previous sessions I can't so I have no idea what is happening. The first couple of lines in cart.php where it checks for the COOKIE that simply ignores it and generates a new value so when checkout is selected the cookie values don't match and all you get is the emptycart.html.

 

ANY HELP or IDEA?

[Larry]

Using cookies and sessions is not only impossible, it's predictable, expected, and normal! In fact, I know the code from the book works as I tested it while writing the book. I understand you've been having a lot of problems with this, but it's really not a terrible mystery and I'll help you work through it.

 

To begin, let's focus on cookies, which is probably where the problem is. Sessions often use cookies to store the session ID but there are otherwise separate areas of concern. 

 

First, know that cookies are restricted as to where they are accessible. This starts with the domain name. For example, a cookie sent by example.com cannot be read by a page on example.net or larryullman.com. This continues into subdomains. So a cookie set by www.example.com cannot be read by a page on shop.example.com unless you take special steps. Further, a cookie set by a page within example.com/folder cannot be read by pages within example.com unless you take special steps. 

 

It sounds like you're doing the right thing in checking the cookie values. If you wanted, you could play around with non-session cookies to see how they behave, particularly how to make them universally available. 

 

Returning to sessions, by default sessions store the session ID in a cookie. And by default, if PHP cannot find a current session ID to continue an existing session, it begins a new session with a new session ID and a new cookie. So that seems to be what's happening here and it's almost certainly because of the URLs involved, which is why I asked what those are. If you would share that information, that would confirm or deny the most common cause of the problem. 

[johannsnr]

Hi Larry,

 

Thanks for your reply. I struggled with the code for another 24hours and then decided to chuck the original cookie code. I also changed my server to redirect www.example.com to example.com as the server read served both and the site configuration is only example.com. Even with the server configuration changed the original code still did not work correctly. 

 

Then the PHPSESSID cookie as in the original code I could not get to work so I changed the code as follows

 

//check for session
if (isset($_SESSION['user']) && (strlen($_SESSION['user']) === 32)) {
 $uid = $_SESSION['user'];
 
} else {
 $uid = openssl_random_pseudo_bytes(16);
 $uid = bin2hex($uid);
 $_SESSION['user'] = $uid;

 

Then on the checkout.php redirect user back to cart.php if no session is stored. This worked.

 

I clearly still don't understand COOKIES and SESSION values like I should and it is a huge problem for me because I have currently 25 sites I am working on and all use sessions and cookies in some way or form. Do you know of books available on the subject, because I would like to know and understand this better.

 

Thanks

Johann Snr

[Larry]

Hey Johann,

 

Unfortunately I don't know of any books that talk about cookies or sessions in any detail. And, again to be clear, it sounds like you're having cookie problems, not session problems. 

 

Pretty crazy/impressive that you're working on 25 sites!

[johannsnr]

Since last I spent days playing around with COOKIES and SESSIONS, trying to break the system so to speak to teach myself. I understand it better now.

PS The 25 sites are scaled down to 1, I almost gave up and then gave it another go and another and another and another..... Nearly ended in divorce, but in the end a bit of success. Changed a lot of code and a lot of trial and error. Learned that with web development it is ongoing changes and using feedback making small changes. Check it out http://7daygardens.com.au I'll appreciate critisism

[Larry]

Kudos for resolving it and thanks for letting us know. The site looks nice!