Session variable is empty even if session’s file contains the content

I’ve encountered this wierd error with session in PHP: sometimes (after 30-40 page refreshes and very rarely after just 1 page refresh) the session variable (filled in the previous page properly – I’ve checked it there that it’s set) is empty like: array(0){ }, but the file of that session that is accessed (I’ve checked that session ids are realy the same on both pages) contains that content and it takes one more page refresh to load that session data. Does anyone know why this is happening? And most importantly: what to do to avoid this “empty array blink”?

Please consider following:

  • Yes, the session_start(); is in the beginning of files

  • I use pure PHP session mechanism (with simple aplication logic: only saving a string under the session variable and retrieving it on the next page)

  • I use local server, so no accidental deletion in /temp folder by scripts of others

  • I tried to set up: session.gc_probability = 1 and session.gc_divisor = 100, but it didn’t help; different session’s lifetimes didn’t help as well and I also tried: session.use_cookies = 1 with session.use_only_cookies = 1
  • Yes, it realy looks like something is going on when the session_start(); is called and the garbage collector tries do it’s job, but why the same session file with the exactly the same session id is used than when one more (the succesfull one) refresh is performed?


Source: stackoverflow-php

Setting a PHP cookie value to be intentionally vulnerable

First of all, I’m new to PHP and coding in general.

I’m currently creating a web application which is intentionally vulnerable to teach students about web based vulnerabilities. The web app consists of levels with each level containing a different vulnerability.

On the current level, I am trying to set a cookie name “Authenticated” with a value of “0” when a user successfully logs into the level. When they reach the page, they receive a PHP error that they are not authenticated. I want them to be able to intercept the page request, change the value to “1”, and then as a result of this changed value, receive a PHP echo containing the password for the next level.

Here is my main page (level6.php):

 <?php
 session_start();
 if(!isset($_SESSION['user'])){
    header("Location:../level5/login6.php");
 }
 include("authentication.php");
 ?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
    "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
 <html xmlns="http://www.w3.org/1999/xhtml" xml:lang="en" lang="en">
<head>
   <meta charset='utf-8'>
   <meta http-equiv="X-UA-Compatible" content="IE=edge">
   <meta name="viewport" content="width=device-width, initial-scale=1">
   <link rel="stylesheet" href="../css/wargames.css">
   http://code.jquery.com/jquery-latest.min.js
   http://js/script.js
   <title>Generic Web App Title</title>
   
</head> <body background="../images/background.jpg"> <br />

Welcome to Level 6!


<br />

Aura Session 2.x – CSRF

I have a question if anyone had the opportunity to use Aura Session 2.x? If so, I need help …

My problem is that I have no idea what I’m supposed to call (?) For the CSRF to work. Unfortunately, but from the example I didn’t learn anything. I can’t apply it in practice.

Link to the example: Aura Session 2.x CSRF

Thanks in advance for any reply.


Source: stackoverflow-php

How To Free My site to lost useless SESSION Stored in PHP

Hello everyone i have a site anytime i make any change like changing image or any picture or anything it will not change instantly until lik some hours before change please assist me i have some codes here that i think that is the problem

     <?php ini_set('session.use_cookies', true);
     ini_set('session.use_trans_sid', true);
     ini_set('arg_separator.output', '&amp;');
      ignore_user_abort(true);
      ini_set('default_charset','UTF-8');
      session_set_cookie_params(31556926); // 31556926 FOr 1year
      ini_set('session.gc_divisor',1);
     ini_set('session.cookie_domain', $_SERVER['HTTP_HOST']);

     $currentTimeout= ini_get('session.gc_maxlifetime');

      ini_set('session.gc_maxlifetime', 31556926); // 1 Year
      error_reporting(1); 
      ob_start();
    session_start(); ?>

is the problem
ob_start(); ?
please help me thanks


Source: stackoverflow-php

using session in wordpress to get template only once

Hi I am using session in wordpress to get template part in the session. I am new to php and don’t know how to fix.

Using below code to pull the template part once and use only the first one for the session.
It pulls only once but when I refresh the page it returns blank
How can I fix it?

            session_start(); 
            if(!isset($_SESSION['function_ran'])){ 
            // get_empplate_part
            $_SESSION['function_ran'] = true; 
            } 


Source: stackoverflow-php

Yii2 creates new session instead of opening existing

I am working on a simple logic of storing my shopping cart in session using Yii2 native yiiwebSession.
Every time I add an item to a cart I call a method:

public function actionAdd( ) {

    $id = Yii::$app->request->get('id');
    $product = Product::findOne($id);

    $session = Yii::$app->session;
    $session->open();

    $cart = new Cart();
    $cart->addToCart($product);

    $this->layout = false;
    return $this->render('cart-modal', compact('session'));
}

this method works with a Cart model and adds my item to the session:

public function addToCart($product, $qty = 1) {

    if(isset($_SESSION['cart'][$product->id])) {
        $_SESSION['cart'][$product->id]['qty'] += $qty;
    } else {
        $_SESSION['cart'][$product->id] = [
            'qty' => $qty,
            'title' => $product->title,
            'price' => $product->price,
            'image' => $product->image,
        ];
    }
}

and all goes well until I try add another item.
Then Yii instead of opening existing session creates a new one with this last item I’ve add. What can be the reason of this kind of behavior?

I’m working on a local web server OpenServer and haven’t changed any setting that might be related to sessions.


Source: stackoverflow-php