Session variable empty after page reload

Question

Only one of my many session variables on the cart page of my e-commerce application is getting destroyed somehow. When i add the product to the cart along with a session id, it creates an order_id(using some hash and salt logic) and puts it in session variable and when i go to the cart page it queries the DB based on both order_id and session id to fetch the products in the cart. For the first time it fetches the records, but immediately after it if i reload the page it gets an empty order_id. I'm pulling my hair on this as to how only one of the session variables is getting flushed.

It is happening on the web-server only but works totally fine on localhost

My add_to_cart.php (Session Logic)

if(empty($_SESSION['sessid'])){
    $_SESSION['sessid'] = session_id();
}

    $user_sessid = $_SESSION['sessid'];

  $ip = get_ip_address();



 if(empty($_SESSION['order_id'])){

    $ip = get_ip_address();
    $with_time = strtotime("now");
    $addsalt = substr(md5($ip.uniqid($with_time,true)),0,15);
    $_SESSION['order_id'] = $addsalt;
}

 $order_id = $_SESSION['order_id'];

My cart.php (Session Logic Only)

 $user_sessid = $_SESSION['sessid'];
 $order_id = $_SESSION['order_id'];

 $userid = $_SESSION['user_id'];

 if(empty($userid)){

 $r_type = 1;   

 $q1=<<<SQL
select od.ipaddress, od.modified_ts, od.product_id,od.discount,od.quantity,p.id,p.name,p.price, p.img_dir,p.img_name from orders od, products p where od.order_id='$order_id' and od.user_sessid='$user_sessid' and od.product_id = p.id
 SQL;

} else {
$r_type = 2;

  $q1=<<<SQL
select uc.modified_ts, uc.product_id,uc.discount,uc.quantity,p.id,p.name,p.price, p.img_dir,p.img_name from user_cart uc, products p where uc.userid='$userid' and uc.product_id = p.id
  SQL;


}

 $r1=$db->query($q1);
 $num1 = $r1->num_rows;

When i'm echoing out the query on immediate reload of the cart page it is getting an empty order_id.

I'm wondering my head off as to how this weird thing is happening. Please help...

Update I am including a file on top of both the pages which has session_start on top of it and therefore it explains the user_sessid being created and used.

`session_start()` is missing on every page. - http://php.net/manual/de/function.session-start.php — Realitätsverlust, Jan 22 '14 at 08:19
Is this problem in every browser or only in Chrome? If it is related to chrome make sure you include the favicon. — Perry, Jan 22 '14 at 08:21
@Perry i thought of this but it is giving the same thing in firefox as well. — coder101, Jan 22 '14 at 08:22
@Perry favicon?? eh?? how could that create a problem if at all that's the case — coder101, Jan 22 '14 at 08:23
Could we possibly see the contents of the file you're including that starts your sessions? Is it the same file executing in the same way for both pages? — dartacus, Jan 22 '14 at 08:28
@coder101 I had once a problem with session to, the thing was it only happend in chrome.Chrome couldn't find the favicon and because of that the response was a 404. see this post for more information http://stackoverflow.com/questions/8247842/session-data-lost-in-chrome-only — Perry, Jan 22 '14 at 08:28
@dartacus In the `add_to_cart.php` a file named `functions.php` is included which has `session_start` and in `cart.php`, a file named `header.php` is included which in turn has `functions.php` included in it. And, i'm wondering why everyone is asking the same thing when i've clearly mentioned that only one variable is beings flushed, others i can use very normally. — coder101, Jan 22 '14 at 08:30
@coder101 can you add this to your code: `echo session_id(); print_r($_SESSION)` — Perry, Jan 22 '14 at 08:31
@coder101 We're all asking the same thing because it's good practice to look at *all* of the code involved in an issue. It could be something as simple as a typo - I've had that happen dozens of times. We want to help but can't if we can't see the whole thing. — dartacus, Jan 22 '14 at 08:33
@coder101 I know it was just a explantion why the favicon was the problem in chrome. — Perry, Jan 22 '14 at 08:34
@Perry I added the code that you gave and printed out the session array, so the immediate access of the cart page after adding a product gives order_id in the session array but then when i refresh the page it is removed from the array but other session variables are well within the array — coder101, Jan 22 '14 at 08:39
@coder101 that is strange, it looks like your are resetting the order_id some how. Do you have some were in your code unset or something like that? — Perry, Jan 22 '14 at 09:33
I'm only unsetting the order_id on the logout page but not when the user is not logged in. And as i said, the only flow is adding to cart and after that viewing the cart page which destroys the orderid on reload. — coder101, Jan 22 '14 at 09:54

codeaddict · Answer 1 · 2014-01-22T08:33:09.737

1

You may need to add session_start() to the top of the file.

Edit: You said you were querying on the session id and order id, but you also have

and od.product_id = p.id

at the end of your query. Where is this logic? I'm guessing that you are using a $_GET request or something similar to determine the product ID. Maybe this has something to do with your issue, possibly just remove it from the query? You should only need to use 1 unique key for your SQL query, especially as unique as the hash you're creating.

edited Jan 22 '14 at 08:33

answered Jan 22 '14 at 08:18

codeaddict

879
5
14

Well, no offence but i do know that and i'm including the functions file on both the pages which has `session_start` on top of it and which explains the session_id not emptying. – coder101 Jan 22 '14 at 08:20
@coder101 I wasn't thinking that you didn't know, I just didn't see it as part of the code. – codeaddict Jan 22 '14 at 08:27
`and od.product_id = p.id` is being used to group the products in the results fetched and i'm simply joining the two tables with the product_id hence this part. but how do you explain that only one session variable is getting destroyed and not all of them – coder101 Jan 22 '14 at 08:42

score 0 · Answer 2 · answered Jan 22 '14 at 08:19

0

An obvious point, but check you're definitely calling session_start() on both pages?

answered Jan 22 '14 at 08:19

dartacus

654
1
5
16

Session variable empty after page reload

2 Answers2

Linked