1

I use session_set_save_handler in a custom session class to use database storage. I have used database session storage for over a year. This has always worked fine and so has the captcha code that I wrote also almost a year ago. Problem I am having now is that the captcha code is no longer outputting the image. If I remove the require_once to the session class the image is outputted but the code is saved as if using session_start alone and not with the custom class. If I require the session class the image is not shown but the code is written as expected. I have used the same code for almost a year with no problems. I am at a total loss as to what is going on. 

<?php

require_once('database.php');
require_once('config.php');

class FileSessionHandler
{

private $database;
private $life_time;

public function FileSessionHandler(){

$this->life_time = get_cfg_var("session.gc_maxlifetime");
$this->database = new database();
$this->database->newConnection        (db_host,db_users_name,db_users_pass,db_users_prefix . db_users);

session_set_save_handler(
array(&$this,'open'),
array(&$this,'close'),
array(&$this,'read'),
array(&$this,'write'),
array(&$this,'destroy'),
array(&$this,'gc')
);

register_shutdown_function('session_write_close');
session_start();

}


function open($savePath,$sessionName){
    return TRUE;
}
function close(){
    return TRUE;
}


function read($id){
    $data = "";
    $time = time();
    $newid =  $this->database->sanitizeData($id);
    $sql = "SELECT `session_data` FROM `" . tb_site_sessions . "` 
            WHERE `session_id`='{$newid}' AND `expires`>{$time}";

    $this->database->executeQuery($sql);    

    if($this->database->numRows() > 0) {
        $row = $this->database->getRows();
        $data = $row['session_data'];
    }

    return $data;
}


function write($id,$data){

$newid = $this->database->sanitizeData($id);
$newdata = $this->database->sanitizeData($data);
$time = time() + $this->life_time;

$sql = "INSERT INTO `" . tb_site_sessions . "`    
              (`session_id`,`session_data`,`expires`) 
        VALUES('{$newid}','{$newdata}',{$time}) ON DUPLICATE KEY UPDATE 
             session_data='{$newdata}',expires={$time}";

$this->database->executeQuery($sql);

return TRUE;

 }


function destroy($id){

$newid = $this->database->sanitizeData($id);
$sql = "DELETE FROM `" . tb_site_sessions . "` WHERE `session_id`='{$newid}'";
$this->database->executeQuery($sql);

return TRUE;

}


function gc($maxlifetime){
$time = time();

$sql = "DELETE FROM `" . tb_site_sessions . "` WHERE `expires`<'{$time}'";
$this->database->executeQuery($sql);

return TRUE;
}

}



?>

method of calling:

require_once('site-sessions.php');
$handler = new FileSessionHandler();

image headers:

 header("Expires: Mon, 26 Jul 1997 05:00:00 GMT");
 header("Last-Modified: " . gmdate("D, d M Y H:i:s") . "GMT");
 header("Cache-Control: no-store, no-cache, must-revalidate");
 header("Cache-Control: post-check=0, pre-check=0", false);
 header("Pragma: no-cache");
RiggsFolly
  • 93,638
  • 21
  • 103
  • 149
  • Better, if you can show some of your codes! – Tᴀʀᴇǫ Mᴀʜᴍᴏᴏᴅ Jan 10 '16 at 10:45
  • Have you changed webhost? Is this on live site or in dev? Has there been an upgrade to php version? – Professor Abronsius Jan 10 '16 at 10:46
  • I did upgrade PHP versions. The site is currently down now due to upgrades. I am currently running it on localhost until I open the firewall back up. The sessions are written fine to the database as always but now image headers are not being displayed when the custom session is included. –  Jan 10 '16 at 10:52
  • Works now that I call the session handler AFTER the image headers. The session handler does not output anything to the browser so it shouldn't have a problem coming first. It has always been my practice to call the session handler BEFORE anything else and in the past it has never been an issue. Anyone know why this is creating problems all of a sudden? –  Jan 10 '16 at 12:36

1 Answers1

0

Found the problem and it was simple. In the config file there was a blank line before the php tag. The blank line was messing with the headers and session calling. I didn't even think about looking in the config file since it hadn't been altered in a while. Just including the answer in case anyone else comes across a similar situation.