I am having problems with my $_SESSION values becoming unset. It all started when my host said that I had to put a PHP.INI file in the root directory of my application. I created the following PHP.ini file and put it in the root directory (/public_html) of my web server:
PHP.INI
magic_quotes_gpc = Off
magic_quotes_runtime = Off
magic_quotes_sybase = Off
display_errors = off
display_startup_errors = off
When I don't have this PHP.INI, my website works fine. When users log in, my session variables stay persistent until I kill them off using my logout function. I set a variable $_SESSION['user_id'] to determine whether someone is logged in.
But with the PHP.INI in place in my public_html directory, my sessions start falling apart.**
The peculiar thing is that it only happens when I do an AJAX call. I am using jQuery to make the ajax calls and POSTING a value to it.
I have tried many different things to try to get it to work with the PHP.INI in place, but sadly it all leads to me just having to allow error reporting and magic quotes... both of which should be disabled in a production environment!!
I'm almost certain it's not my code... how could turning errors off or magic quotes off cause my $_SESSION values to become empty?
I only set my $_SESSION['user_id']
variable once in my code and I have tried stripping out all mentions of unsetting $_SESSION, setting it to array() or destroying my session.
The session stays intact, in that the session_id() remains the same and I have a piece of code that confirms that the value was set.
I am starting all of my pages, including the ones called via AJAX in the same way, like so:
<?php
//
// This file returns data for quiz activity on yourquiz.php
//
define ('FILE_MAKE_QUIZ_ACCEPT', true);
$file_path = "../../";
$link_path = "./";
require_once ($file_path . 'func/base_classes.php');
require_once ($file_path . 'func.php');
// Must be logged in to return data back
Session::MustBeLoggedIn(false);
It is only when I remove the reference to func.php
that it will load without UNSETTING all of the $_SESSION variables.
Here is my func.php code:
<?php
// Specify the session name
session_name('maq');
session_start();
if (! defined ( 'FILE_MAKE_QUIZ_ACCEPT' )) {
echo "Possible hacking Attempt";
exit ();
}
// Define constants
/**
* The base URL of uQuiz for a trailing slash
* @var constant
*/
define("##########", '##########');
// Get the database connection
$db_con = Db::GetConnection();
// Run Session Update Function if they are logged in still
// This runs once every page load
Session::UpdateSession();
I have tried commenting out the GetConnection
and UpdateSession
from func.php
, but it still unsets my $_SESSION
variables.
It's completely bizarre. Any ideas what could cause this?
1) First I would reactivate
display_errors = on
display_startup_errors = on
debugging with errors off is almost impossible. And then check if any error is reported.
2) I've seen similar behavior in some hosts, where PHP.INI simply replaces the "system's" php.ini instead of merging. This means php goes to default configuration + your php.ini.
The best way to check this is running php_info() both with and without your php.ini in the root directory and spot the differences. If more than magic quotes and error reporting is changed, then that's probably the problem.
In that case try disabling magic quotes in htaccess, something like this:
php_flag magic_quotes_gpc Off
3) If that's not the case, then there must be a problem in your sql queries. Maybe you forgot to escape a character and php magic quotes was doing it for you.