Jump to content
Larry Ullman's Book Forums

Session cookie not getting set reliably

Recommended Posts

Hi Larry,

I have encountered a really weird problem (well weird to me) re the server not being able to write a session cookie reliably but it always gets set first go in localhost.  I had to include a do-while loop in the production version until the session data were available but I don't know how many times the loop gets executed before the session cookie gets set.

Can you offer any guidance on how to debug this?  Am using IE11 and Firefox 62.0

Thanks as always, Necuima

Link to comment
Share on other sites

Thanks for getting back to me.  I think it is something to do with timing - maybe some JS code that runs at the bottom of the module interfering with the setting of the $_SESSION variables.

But before I send you a whole bunch of code, can you please help me to understand why $GLOBALS array variables are not getting passed from script to script even though the PHP manual seems to indicate that $GLOBLS are super-globals?  In the second script, still within the same domain, I do a dump of the variables but the ones I have set are not in there.


The ones following are not there.

Here's the setting code:

$GLOBALS['MEMBER_KEY'] = $member_key;
$GLOBALS['MEMBER_NUMBER'] = $member_number;
$GLOBALS['MEMBER_FN'] = $member_first_name;
$GLOBALS['MEMBER_LN'] = $member_last_name;

Again, any advice will be most appreciated.

Thanks, Necuima

Link to comment
Share on other sites

Okay, so, first, $_SESSION and $GLOBALS aren't passed from script to script. They always exist and are read from the environment. But I'm not sure why you're using $GLOBALS at all. I don't think I've ever used that. Why aren't you setting values in the $_SESSION array like normal?

Link to comment
Share on other sites

Hi Larry, because I keep getting no session data when I test for its presence (the first time) I thought that I could use $GLOBALS instead.  I am setting the values in $_SESSION, checking that they are set immediately afterwards, but in the second script my !isset test on the $_SESSION data says that the data are not set the first time I try to log in.  But, without closing the browser down, the second time I try to log in I always get in - i.e., the second time the !isset test indicates that the $_SESSION data are indeed set and I can use them OK.

I don't understand this at all!

Again, your thoughts will be welcomed.

Link to comment
Share on other sites

Re your other suggestion, I can see that the session cookie is getting set on the first try and is still there on the second try and gets deleted properly when I log out. And a new session gets set OK when I then log in again after logging out.  A new session cookie is getting set OK without the problem as in this case I have not re-started the browser.

Link to comment
Share on other sites

In the end I followed some advice you have given, no doubt many times. 

I set up a new (temporary) test website using the same hosting folks as the production site.

I pared the code right back and implemented it step by step and the problem has 'gone away'!

I wish I knew though what the root cause of the problem was, but I've not finished my step-by-step process yet so as I add more and more modules the problem may recur. But at least then I'll know which module was causing the problem.

Thanks as always for your advice.


P.S., I am using your model-view-controller architecture as per your 'advanced' book.

Edited by Necuima
Added a P.S.
Link to comment
Share on other sites

Hi Larry,

I eventually found the root cause.  If the initial URL uses the www prefix, the MVC redirect (via index.php) redirects without the www and the issue shows.  If the initial URL does not use the www prefix, then all works OK.

I think will use .htaccess to remove any wwws if they are there in the initial URL.

Looking forward to your insights.

Cheers from Oz, Necuima


Link to comment
Share on other sites

Ah, that totally makes sense! Because the subdomain was changing (from www. example.com to example.com), the session cookie wasn't available. This means a new session would be started each time and you'd lose access to the previously stored data. 

Link to comment
Share on other sites

Yes, I did not know that the 'with www' and 'without www' environments are separate. What initially threw me was that the session cookie was there in the browser in both situations.

I have added some code in the site's .htaccess to remove the www if one is there.

Thanks as always for your insights.

Cheers from Oz.

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now

  • Create New...