1

I am stuck in a frustrating rut here. I have an authentication system (built from scratch) that makes use of a singleton object.

The singleton object basically manages the security of sessions and has functions that safeguard against session hijacking and other malicious activities.

These functions depend on member data.

Now the issue is that PHP seems to discard these singleton objects every time the user refreshes or moves to a new page.

Here is a prototype of the sessions class:

class session extends login{
    public   $sessionid;
    private  $fingerprint;
    public  static $temp=0;
    public  static $s_instance = NULL;

    public static function s_getinstance(){

        if (!isset(session::$s_instance) || !isset(session::$sessionid)) {
           $c = __CLASS__;
           if(isset(session::$s_instance)) {
               session::$s_instance = 0;
           }

           session::$s_instance = new $c;
           self::regenerate_id_name();                    
           self::$temp +=1;                
        }

        return session::$s_instance;
    }
}

The last function checks the data member ($s_insntance), if it is NULL it creates an object and throws it back along with managing the activities related to creating a new session.

If the data member is not null, it returns the existing object.

Or in theory, that is what it is supposed to do. However, every time I visit a new page and call upon the s_getinstance function, it tries creating a brand new object for some reason and the old data is lost. Please help me out here.

Michael Berkowski
  • 267,341
  • 46
  • 444
  • 390
captainspi
  • 445
  • 2
  • 15
  • What about some proper indentation to make your code readable? – ThiefMaster Jun 23 '11 at 12:42
  • *(related)* [Who needs Singletons](http://stackoverflow.com/questions/4595964/who-needs-singletons/4596323#4596323) and [The Clean Code Talks](http://www.youtube.com/watch?v=-FRm3VPhseI) – Gordon Jun 23 '11 at 12:46
  • 1
    `public static $s_instance = NULL;` ..your instance can be changed from **anywhere**! – Wesley van Opdorp Jun 23 '11 at 12:46
  • "Now the issue is that PHP seems to discard these singleton objects every time the user refreshes or moves to a new page." Of course it does! You need to save it if you want it to persist. – phant0m Jun 23 '11 at 12:48

1 Answers1

6

What we don't see here is at any point you save the contents of your session object into the $_SESSION. Without doing so, it cannot persist across a page load.

You need a method to save the session instance into the PHP $_SESSION and then your s_getinstance() needs to check if already exists in $_SESSION and retrieve it from there, or retrieve it from memory, or create it from scratch if it doesn't exist anywhere.

Start reading here... (Docs on PHP session handling)

// assuming you've already called session_start()...
public function storeinstance()
{
  $_SESSION['session'] = self::s_getinstance();
}

public static function s_getinstance(){

    if (!isset(session::$s_instance) || !isset(session::$sessionid)) {
       $c = __CLASS__;

       // Check if it's already sitting in $_SESSION
       // Load it from $_SESSION if it's there, and then unset the $_SESSION var
       if (!isset(session::$s_instance) && isset($_SESSION['session'])) {
           session::$s_instance = $_SESSION['session'];
           unset($_SESSION['session']);
       }
       else if(isset(session::$s_instance)) {
           session::$s_instance = 0;
       }

       session::$s_instance = new $c;
       self::regenerate_id_name();                    
       self::$temp +=1;                
    }

    return session::$s_instance;
}
Michael Berkowski
  • 267,341
  • 46
  • 444
  • 390
  • 1
    In other words, every time the user loads a new page or reloads the current one, it could be compared (in C/C++, Java, ...) to running a new `main`. Everything is lost. Storing things in a `$_SESSION` prevents that! – SteeveDroz Jun 23 '11 at 12:49
  • Alright, I will try storing the object in a session. This is weird though, I rebooted the pc and suddenly everything's working. There is some undefined funny business going on in the background. I will do as you guys say though. Thanks again. – captainspi Jun 23 '11 at 13:22
  • Also, I made it public to make debugging easier. Don't worry, I won't go live with this code. – captainspi Jun 23 '11 at 13:23