I have a php site I wrote that stores some information retrieved from forms for eventual input into backend as session variables. Here are the simple steps for each 'transaction':
Here is the problem: it works for me every time on my development site which is a copy of the live site. It works only some of the time for users of live site.
Here are some ideas I have:
Session config :
session.auto_start Off Off
session.cache_expire 180 180
session.cache_limiter nocache nocache
session.cookie_domain no value no value
session.cookie_httponly Off Off
session.cookie_lifetime 0 0
session.cookie_path / /
session.cookie_secure Off Off
session.entropy_file no value no value
session.entropy_length 0 0
session.gc_divisor 100 100
session.gc_maxlifetime 1440 1440
session.gc_probability 1 1
session.hash_bits_per_character 4 4
session.hash_function 0 0
session.name PHPSESSID PHPSESSID
session.referer_check no value no value
session.save_handler files files
session.save_path /tmp /tmp
session.serialize_handler php php
session.upload_progress.cleanup On On
session.upload_progress.enabled On On
session.upload_progress.freq 1% 1%
session.upload_progress.min_freq 1 1
session.upload_progress.name PHP_SESSION_UPLOAD_PROGRESS PHP_SESSION_UPLOAD_PROGRESS
session.upload_progress.prefix upload_progress_ upload_progress_
session.use_cookies On On
session.use_only_cookies On On
session.use_strict_mode Off Off
session.use_trans_sid 0 0
I'm at a loss as I cannot replicate this issue. I know transactions are taking place as they are present 'on the bank side'...just no data being written to our backend tables indicating a break when users are sent back to the website to my file that writes the data (please see an abbreviated version below)
<?php
session_start();
include('lib/phpmailer/PHPMailerAutoload.php');
require_once('functions.php');
require_once('db/configdb.php');
$amount = $_POST['x_amount'];
$authCode = $_POST['x_auth_code'];
$bank_email = $_POST['x_email'];
$bank_name = $_POST['CardHoldersName'];
$responseCode = $_POST['Bank_Resp_Code'];
$responseMessage = $_POST['Bank_Message'];
if(isset($_SESSION['cart'][0]['description'])){
$description = $_SESSION['cart'][0]['description'];
} else {
$description = $_SESSION['description'];
}
$item = $_SESSION['cart'][0]['item'];
$firstName = $_SESSION['firstName'];
$lastName = $_SESSION['lastName'];
$address1 = $_SESSION['address1'];
$address2 = $_SESSION['address2'];
$city = $_SESSION['city'];
$zip = $_SESSION['zip'];
$state = $_SESSION['state'];
$email = $_SESSION['email'];
if($responseMessage!="Approved"){
$sessionKey = "username";
foreach($_SESSION as $key => $value){
if($key == $sessionKey) continue;
unset($_SESSION[$key]);
}
header("location:payment-issue.php?reason=".$responseMessage."");
exit();
} else {
switch ($item) {
case $item=="train":
$reason = "train";
$sqlUpdate = $db->query("INSERT INTO payments (data) VALUES (data)");
$sqlTrain = $db->query("INSERT INTO training (data) VALUES (data)");
break;
case $item=="renew":
$reason = "renew";
$sqlUpdate = $db->query("INSERT INTO payments (data) VALUES (data)");
break;
case $item=="donate":
$reason = "donate";
$sqlUpdate = $db->query("INSERT INTO payments (data) VALUES (data)");
break;
case $item=="new member":
$reason = "new member";
$sqlAdd = $db->query("INSERT INTO newMembers (data) VALUES (data)");
$sqlUpdate = $db->query("INSERT INTO payments (data) VALUES (data)");
break;
default:
$sqlUpdate = $db->query("INSERT INTO payments (data) VALUES (data)");
break;
}
}
$sessionKey = "username";
foreach($_SESSION as $key => $value){
if($key == $sessionKey) continue;
unset($_SESSION[$key]);
}
die(header("location:thank-you.php?reason=$reason"));
?>