losing a php $_SESSION variable

Question

I helped someone create a online study. The survey consists of different surveys and games strung together. At the beginning of the study, I inserted the person's info into a participant database and assigned him a unique serial number. For each other survey/game, I passed the serial along in a php session variable and inserted it into each survey/game database table along with the other information.

However, in some cases the session variable is lost and is NULL, which messes things up. What types of things can cause this? Would refreshing the page clear session variables? Is there any way for me to ensure that the user doesn't lose a session variable?

How are you storing that information in your user's session? Can you show us some code? — Pedro Cordeiro, Mar 18 '13 at 20:44
Don't forget to call `session_start();` at the top of each page — Chris Forrence, Mar 18 '13 at 20:45
Yes, I made sure to do that, and it works fine for most people. — user1015214, Mar 18 '13 at 20:52

score 0 · Accepted Answer · edited May 23 '17 at 12:21

0

Sessions can time out.
Users can clear their cookies.
You may have bugs in your code clearing session data.

You cannot guarantee that a session will never be lost, but you can change the timeout period for your sessions to allow them to live longer. See also: How do I expire a PHP session after 30 minutes?

edited May 23 '17 at 12:21

Community

1
1

answered Mar 18 '13 at 20:45

Brad

159,648
54
349
530

Should I really be using session variables if they could be subject to be lost? Is there a better alternative? – user1015214 Mar 18 '13 at 20:49
Looking further at the database table, it seems that the user's serial shows up once fine and then there is a NULL record after that. How could this happen and how might it effect the session variable? The user said they did not refresh the screen. – user1015214 Mar 18 '13 at 20:53
@user1015214, Yes, you should be using session variables for anything that needs to be in a session. Sessions are (usually) based on cookies. There is no other way to identify that browser from page to page. For anything that needs to be persistent, beyond a single session, that data should be stored in a database somewhere. Refreshing has nothing to do with it. I have no idea what you are talking about as far as `null` fields in your database, as you have told us nothing of your database. – Brad Mar 18 '13 at 21:02
Basically, when the user opens the first page, it takes a session variable (serial #)and stores it in a database table. It also stores other info, such as the user's ip address. Most people store in the database fine, but one user's serial # stored fine, as well as the ip address. The next row had null for the serial and the same ip address (meaning, it was the same user). After that row, other's peoples data stored fine. – user1015214 Mar 18 '13 at 21:27
@user1015214, It is impossible to help you without source code. You probably have a bug somewhere. Close out this question, try to debug the problem, post a new question with a reproducible code example. – Brad Mar 18 '13 at 21:30

losing a php $_SESSION variable

1 Answers1