研究和调试的日子...... PHP会话var仍未保存

Scenario

  1. User logs in (login.php) and clicks a "calculate amount due" button.
  2. AJAX call is made to calculate_checkout_total.php which returns a JSON object containing the total amount due (decimal) from the customer. This amount is stored in $_SESSION['vendor_checkout_total'].
  3. User is presented with the due amount and clicks Pay button. AJAX call is made to a pay_checkout_total.php
  4. pay_checkout_total.php checks $_SESSION['vendor_checkout_total'] to get the total amount due.

Problem

$_SESSION['vendor_checkout_total'] seems to never be actually saved. pay_checkout_total.php cannot find this session var (undefined index).

Yes, session_start() is being called prior to accessing/saving session vars.

All other session vars (in other PHP files) appear to be stored and accessed correctly.

What I've tried so far

  • Calling exit() at the end of login.php
  • Returned $_SESSION in the calculate_checkout_total.php JSON object and verified that the session var was being stored. However, when I check /var/lib/php5/sessions, none of the session files contain $_SESSION['vendor_checkout_total']. I see other session vars, but not this one. It's as if the session var only lives within this page?
  • Tried setting a different session var in calculate_checkout_total.php - still not saved.
  • Verified that session_id() was the same on both PHP files.
  • Verified that the cookie containing PHPSESSID was being passed to the request headers.
  • Changed ownership of /var/lib/php5/sessions from root to www-data with read-write-execute permissions. Verified that all files in this folder belong to www-data.
  • I have following PHP.ini settings

session.save_path = "/var/lib/php5/sessions"

session.gc_probability=0

session.cookie_path = "/"

session.use_cookies = 1

Any help or ideas would be sincerely appreciated. I don't know what else to look for.

UPDATE I found a session_write_close() inside an include of an included file in my scripts. Once I removed it, session variables behaved as expected.

(this is a comment, not an answer, but its a bit long).

Sounds like you are trying to debug an entire application in one go. The first thing you should be doing is building a very simple test rig to evaluate the session problem:

<?php
error_reporting(E_ALL);
session_start();

print "Iteration: " . ++$_SESSION['counter'];

And find out why your sessions aren't behaving as you expect.

You say that the cookie is being populated and returned correctly. This implies that there is a bug in the code you've not shown us or that the session data is not being written due to a configuration / permissions issue.

Check your session.save_path (assuming you're using the default handler)