0

I just started a project with a new client and have run into an issue that I haven't had before.

I've moved a copy of their site to my local machine (running the latest version of mamp) and I got their database set up with no issue.

The main pages load fine, but after I log in and am taken to the admin dashboard (a custom cms), clicking on any link causes the page to hang and timeout.

I've narrowed the issue down to the initial call to session_start() on the subpages and removing it and any code that references the session data allows the pages to load.

The site did not have a php.ini file.

I've googled around and found several suggestions of using session_write_close() at the end of each file, and before redirection. I've tried this and still get the timeout.

I've noticed that when I log in the session is created without issue in the mamp/tmp/php folder on my mac, and the dashboard page that loads can be refreshed (calling session_start() again) without the page timing out.

Also, once I try to load any other page in the admin (causing the timeout) I can no longer access the dashboard page because it begins to timeout to. I then have to delete the session file to regain access to any pages that start a session.

Here is the dashboard page code, I don't see anything in there that should cause the next page to load to have a session issue (I'm not looking for best-practices suggestions, I literally just inherited this codebase).

<?php
session_start();
if(basename($_SERVER['PHP_SELF'])!="index.php") {
if(!isset($_SESSION['is_logged_in'])) {
    header("Location:index.php");
    die();  
    }
}
?>  
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"     "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">

<head>
<title>RVC Admin: Dashboard</title>
<?php
include "includes/connect.php";
include "includes/headers.php";
?>

</head>
<body>

<div id='main'>

<?php
include "includes/menu.php";
?>

<h1>RVC Admin System</h1>

<?php

$result = mysql_query("SELECT COUNT(ID) as HOWMANY FROM listings");
if(@mysql_num_rows($result)>0) {
$row = mysql_fetch_assoc($result);
$LISTINGS = number_format($row['HOWMANY']);
}
$result = mysql_query("SELECT COUNT(id) as HOWMANY FROM user");
if(@mysql_num_rows($result)>0) {
$row = mysql_fetch_assoc($result);
$ADMINS = number_format($row['HOWMANY']);
}

print "<p>There are ".$LISTINGS." listings in the system, and ".$ADMINS." admins.</p>";

$result = mysql_query("SELECT description FROM LGBTlevel ORDER BY description");
if(@mysql_num_rows($result)>0) {
print "<div style='float: left; padding-right: 30px;'><p>Levels:</p>";
print "<ul style='margin: 2px 0 5px 18px; padding: 0;'>";
while($row = mysql_fetch_row($result)) {
    print "<li style='margin-bottom: 2px;'>".$row[0]."</li>";
    }
print "</ul></div>";
}


$result = mysql_query("SELECT description FROM LGBTtype ORDER BY description");
if(@mysql_num_rows($result)>0) {
print "<div style='float: left; padding-right: 30px;'><p>Types of Listings:</p>";
print "<ul style='margin: 2px 0 5px 18px; padding: 0;'>";
while($row = mysql_fetch_row($result)) {
    print "<li style='margin-bottom: 2px;'>".$row[0]."</li>";
    }
print "</ul></div>";
}
print "<br style='clear: left;' />";

?>

<?php session_write_close(); ?>

<br style='clear: both;' /><br />
</div>

</body>
</html>

Here is the connect.php file (actual access info removed)

<?php

$testing_server = true;

if($testing_server != true){
$MYSQL_USER_NAME = "removed";
$MYSQL_PASSWORD = "removed";
$MYSQL_DATABASE_NAME = "removed";

$dbh=mysql_connect ("localhost", "$MYSQL_USER_NAME", "$MYSQL_PASSWORD") or die ('I cannot connect to the database because: ' . mysql_error());
mysql_select_db ("$MYSQL_DATABASE_NAME");


$db = new mysqli('localhost', "$MYSQL_USER_NAME", "$MYSQL_PASSWORD", "$MYSQL_DATABASE_NAME");
if($db->connect_errno > 0){
    die('Unable to connect to database [' . $db->connect_error . ']');
    }
} // if testing server != true
else{
$MYSQL_USER_NAME = "removed";
$MYSQL_PASSWORD = "removed";
$MYSQL_DATABASE_NAME = "removed";

$dbh=mysql_connect ("localhost", "$MYSQL_USER_NAME", "$MYSQL_PASSWORD") or die ('I     cannot connect to the database because: ' . mysql_error());
mysql_select_db ("$MYSQL_DATABASE_NAME");


$db = new mysqli('localhost', "$MYSQL_USER_NAME", "$MYSQL_PASSWORD",     "$MYSQL_DATABASE_NAME");
if($db->connect_errno > 0){
    die('Unable to connect to database [' . $db->connect_error . ']');
    }

}//else, testing server credentials

?>

Here is the headers file

<meta name='robots' content='noindex,nofollow' />
<meta name='author' content='removed' />
<meta http-equiv='Content-Type' content='text/html; charset=utf-8' />
<meta name='MSSmartTagsPreventParsing' content='TRUE' />
<meta http-equiv='imagetoolbar' content='no' />

<link rel='stylesheet' type='text/css' href='css/styles.css' />
<link type="text/css" href="css/custom-theme/jquery-ui-1.9.1.custom.css" rel="stylesheet" />

<script type='text/javascript' src='includes/javascript/jquery-1.8.1.min.js'></script>
<script type="text/javascript" src="includes/javascript/jquery-ui-1.9.1.custom.min.js">    </script>

<link href='https://fonts.googleapis.com/css?family=Cantora+One' rel='stylesheet' type='text/css'>
<link href='https://fonts.googleapis.com/css?family=Source+Sans+Pro' rel='stylesheet'     type='text/css'>
<link href='https://fonts.googleapis.com/css?family=Cabin+Condensed' rel='stylesheet' type='text/css'>
<link href='https://fonts.googleapis.com/css?family=Roboto+Condensed' rel='stylesheet' type='text/css'>

Aaand here is the menu file

<?php
#MENU
?>

<form method='post' action='index.php' style='float: right; margin: 0 0 0 10px;'><input type='hidden' name='RVC_LOGOUT' value='TRUE' /><input type='image' title='Logout' src='images/icon-logout.png' /></form>
<a href='admin-users.php' title='Manage Users'><img src='images/icon-users.png' border='0' alt='Manage Users' style='float: right; margin: 0 0 0 10px;' /></a>
<a href='listings.php' title='Edit Listings'><img src='images/icon-listings.png' border='0' alt='Edit Listings' style='float: right; margin: 0 0 0 10px;' /></a>
<a href='dashboard.php' title='Home'><img src='images/icon-home.png' border='0' alt='Home' style='float: right; margin: 0 0 0 10px;' /></a>

If anyone can see any reason that this page should load fine the after logging in and then cause every page that uses a session to timeout after trying to leave it, your help would be appreciated.

clicking any link in the menu file causes the page to timeout at the first line, which as I said is the session_start();

EDIT:

I reduced one of the sub pages to just the session_start call and it still causes the browser to time out.

rmmoul
  • 3,147
  • 3
  • 27
  • 35
  • Take a look at this: http://stackoverflow.com/questions/252907/why-does-session-start-cause-a-timeout-when-one-script-calls-another-script-usin – Cybrix Sep 02 '13 at 20:44
  • You have a PHP process that has taken a lock on the session data and has not exited yet blocking all other requests when they attempt to lock the session. This could be any long-running script, perhaps invoked with AJAX, but the description makes me think that somewhere you have a script trying to connect to something not accessible from your local machine, causing a network timeout (and blocking everything else until then). Ultimately you need to look at the requests being made and/or the PHP processes active at the time to determine what has happened. – Jon Sep 02 '13 at 20:45
  • This project isn't using curl anywhere in the admin, and I've tried both the session_write_close and session_commit as possible fixes to no avail. – rmmoul Sep 02 '13 at 20:47
  • Can you briefly point me in the right direction for viewing what php is doing after I click a link? – rmmoul Sep 02 '13 at 20:49
  • Also, I've gone through the login scripts and inital index and nothing is calling ajax requests, or using curl. Once on the dashboard I can refersh the page as many times as I'd like without the page timing out. The dashboard both calls session_start() and checks session variables when it refreshes each time, so any potential lock on the session file isn't affecting the page I posted the source for, and the files it's calling are included above. None of them use curl or ajax. – rmmoul Sep 02 '13 at 20:52
  • Have you disassembled the session after the page hangs? Simply doing a var_dump($_SESSION) should give you a lot of clues of some of the hidden things that could be lurking and seizing things. I don't really see anything in the code that could be jamming stuff up. Edit: Yeah, there's only 3 session calls in everything you've shown us, and nothing's being set. Does index.php set anything to the session? Are you having any problems accessing the site in a non-admin capacity? – SITDGNymall Sep 02 '13 at 21:03
  • Can I dump the session var without an active session? I'll give it a shot. I'm getting Xdebug set up now with MacGDBp to see what I can see. – rmmoul Sep 02 '13 at 21:05

0 Answers0