Sessions reset on page load

[baxterd]

I'm looking after two CMSMS sites, both with the same host, both with similar problems.

The first site is an ecommerce site running the rather excellent CGEcommerce suite of modules

----------------------------------------------

Cms Version: 1.11.9

Installed Modules:

CMSMailer: 5.2.2
FileManager: 1.4.3
MenuManager: 1.8.6
ModuleManager: 1.5.5
News: 2.14.1
Printing: 1.1.2
Search: 1.7.11
ThemeManager: 1.1.8
PriceBasedShipping: 1.1.3
CGSimpleSmarty: 1.7
CGExtensions: 1.37.3
SelfRegistration: 1.6.14
PaymentMadeSimple: 1.0.5
ShopMadeSimple: 0.3.2
NMS: 2.7.4
FormBuilder: 0.7.4
Captcha: 0.4.6
PaypalGateway: 2.3.11
CGEcommerceBase: 1.4.3
Products: 2.20
Cart: 1.10
CustomContent: 1.9
Orders: 1.15.2
JQueryTools: 1.2.5
CGPaymentGatewayBase: 1.2.2
FCKeditorX: 1.1.0
Promotions: 1.1.10
FrontEndUsers: 1.22.1
TinyMCE: 2.9.12
Album: 1.10.3
CMSPrinting: 1.0.5
MicroTiny: 1.2.5
CGJobMgr: 1.2.16
Cart2: 1.0.7


Config Information:

php_memory_limit:
process_whole_template:
max_upload_size: 20000000
url_rewriting: mod_rewrite
page_extension:
query_var: page
image_manipulation_prog: GD
auto_alias_content: true
locale:
default_encoding: utf-8
admin_encoding: utf-8
set_names: true


Php Information:

phpversion: 5.3.27
md5_function: On (True)
gd_version: 2
tempnam_function: On (True)
magic_quotes_runtime: Off (False)
E_STRICT: 0
E_DEPRECATED: 0
memory_limit: 128M
max_execution_time: 60
output_buffering: On
safe_mode: Off (False)
file_uploads: On (True)
post_max_size: 10M
upload_max_filesize: 20M
session_save_path: /tmp (1777)
session_use_cookies: On (True)
xml_function: On (True)
xmlreader_class: On (True)


Server Information:

Server Api: cgi-fcgi
Server Db Type: MySQL (mysql)
Server Db Version: 5.5.32
Server Db Grants: Could not find a suitable "GRANT ALL" permission. This may mean you could have problems installing or removing modules. Or even adding and deleting items, including pages
Server Time Diff: No filesystem time difference found


----------------------------------------------

The problem is that once you press Add to Cart and the Cart page loads, the session appears to reset and the cart is empty.

The other site, uses Custom Content and FEUsers for users to login to a secure area. Once they click "Logout" they are unable to log back in as the CMS says they are already logged in - but they're not.

----------------------------------------------

Cms Version: 1.11.4

Installed Modules:

CMSMailer: 5.2.1
CMSPrinting: 1.0.3
FileManager: 1.4.3
MenuManager: 1.8.5
MicroTiny: 1.2.5
ModuleManager: 1.5.5
News: 2.12.10
Search: 1.7.7
ThemeManager: 1.1.7
CGExtensions: 1.32.4
CGCalendar: 1.10.4
Gallery: 1.6.1
FrontEndUsers: 1.21.10
CustomContent: 1.8.3


Config Information:

php_memory_limit:
process_whole_template:
output_compression:
max_upload_size: 20000000
url_rewriting: none
page_extension:
query_var: page
image_manipulation_prog: GD
auto_alias_content: true
locale:
default_encoding: utf-8
admin_encoding: utf-8
set_names: true


Php Information:

phpversion: 5.3.27
md5_function: On (True)
gd_version: 2
tempnam_function: On (True)
magic_quotes_runtime: Off (False)
E_STRICT: 0
E_DEPRECATED: 0
memory_limit: 128M
max_execution_time: 60
output_buffering: On
safe_mode: Off (False)
file_uploads: On (True)
post_max_size: 10M
upload_max_filesize: 20M
session_save_path: /tmp (1777)
session_use_cookies: On (True)
xml_function: On (True)
xmlreader_class: On (True)


Server Information:

Server Api: cgi-fcgi
Server Db Type: MySQL (mysqli)
Server Db Version: 5.5.32
Server Db Grants: Found a "GRANT ALL" statement that appears to be suitable


----------------------------------------------

I'm guessing its a session cookie issue, but with similarly related issues on two sites I'm wondering if it is the host - any ideas what I could ask them to change?

Many thanks in advance.

[calguy1000]

If you are having session problems (which it sounds like you are) then it could be caused by numerous things.

a: client side firewall software / proxies / browser settings
This could cause the CMSSESSID cookie to not be saved in with the request
which would cause the php server to create a new session.

This would be diagnosable by using a different browser, different PC, and different
ISP.

b: server configuration
(session save path not writable, session timeout set to some silly value)
This is testable by retrieving some of the php.ini settings and displayable.

c: intermediate proxies
Proxy servers may not be transmitting properly the CMSSESSID cookie which
identifies the session.

i.e: is your server or ISP using a proxy server to cache requests.

Sometimes you can check this by looking at the $_SERVER php variables
<pre>{$smarty.server|@print_r}</pre> and look for stuff like X_FORWARDED_FOR.

Here is a simple UDT that will test session behavior:

Code: Select all

$val = get_parameter_value($_SESSION,'test');
$val++;
$_SESSION['test'] = $val;

echo "<p>SESSION TEST VALUE IS $val</p>";

Place it on a new page like:
{session_test}
<h4>Server</h4>
<pre>{$smarty.server|@print_r}</pre>
<h4>Cookies</h4>
<pre>{$smarty.cookies|@print_r}</pre>
<h4>Session</h4>
<pre>{$smarty.session|@print_r}</pre>

Now submit, and navigate to that new page. After each reload the session test value should increment. If it does not, look for the CMSSESSID cookie in the cookies section, and if that is not present then you have a problem with the sessionid cookie not being saved, and/or not reaching the server.

If it isn't a problem with your local PC, then you may have to contact the host to solve the problem.

If the CMSSESSID cookie is there, then you probably have a problem with the php settings on that host. You may have to contact your host to resolve them.

[baxterd]

Thanks for your reply - I've created the UDT and added the call to a page - the session number sometimes goes up, sometimes doesn't - I'm guessing that's something to do with the way PHP.INI is handling sessions?

Any idea what I should ask the host to change?

I can PM you a link if that's any help?


Many thanks again