Menu
I paid a programmer to make a shop basket script to work with Spreadshirt API. Everything is working perfectly, except that the basket keeps emptying itself. I think the session is lost at some point so the script creates another BasketId.
I tried to find if there was a specific reason it was happening, without any success... I can't reproduce the bug. It just happens randomly without any reason. Closing the browser, resetting apache or even the whole webserver won't provoke session lost.
I've got two different scripts working with cookies on the same domain and they don't have any problem (one is a cookie for the admin login session and the other cookie is to save the user's last viewed articles on the shop)
I tried all solutions found on google without any success : editing php.ini , forcing ini settings through php, tried the htaccess way, ...
Here's the "sessions" part of my phpinfo: http://gyazo.com/168e2144ddd9ee368a05754dfd463021
shop-ajax.php (session handling @ line 18)
ini_set('session.cookie_domain', '.mywebsite.com' );
header("Pragma: no-cache");
header("Cache-Control: no-store, no-cache, max-age=0, must-revalidate");
$language = addslashes($_GET['l']);
$shopid = addslashes($_GET['shop']);
// if($_SERVER['HTTP_X_REQUESTED_WITH'] != 'XMLHttpRequest') {
// die("no direct access allowed");
// }
if(!session_id()) {
$lifetime=60 * 60 * 24 * 365;
$domain = ".mywebsite.com";
session_set_cookie_params($lifetime,"/",$domain);
@session_start();
}
// Configuration
$config['ShopSource'] = "com";
$config['ShopId'] = $shopid;
$config['ShopKey'] = "*****";
$config['ShopSecret'] = "*****";
/*
* add an article to the basket
*/
if (isset($_POST['size']) && isset($_POST['appearance']) && isset($_POST['quantity'])) {
/*
* create an new basket if not exist
*/
if (!isset($_SESSION['basketUrl'])) {
/*
* get shop xml
*/
$stringApiUrl = 'http://api.spreadshirt.'.$config['ShopSource'].'/api/v1/shops/' . $config['ShopId'];
$stringXmlShop = oldHttpRequest($stringApiUrl, null, 'GET');
if ($stringXmlShop[0]!='<') die($stringXmlShop);
$objShop = new SimpleXmlElement($stringXmlShop);
if (!is_object($objShop)) die('Basket not loaded');
/*
* create the basket
*/
$namespaces = $objShop->getNamespaces(true);
$basketUrl = createBasket('net', $objShop, $namespaces);
$_SESSION['basketUrl'] = $basketUrl;
$_SESSION['namespaces'] = $namespaces;
/*
* get the checkout url
*/
$checkoutUrl = checkout($_SESSION['basketUrl'], $_SESSION['namespaces']);
// basket language workaround
if ($language=="fr") {
if (!strstr($checkoutUrl,'/fr')) {
$checkoutUrl = str_replace("spreadshirt.com","spreadshirt.com/fr",$checkoutUrl);
}
}
$_SESSION['checkoutUrl'] = $checkoutUrl;
}
/*
Workaround for not having the appearance id :(
*/
if ($_POST['appearance']==0) {
$stringApiArticleUrl = 'http://api.spreadshirt.'.$config['ShopSource'].'/api/v1/shops/' . $config['ShopId'].'/articles/'.intval($_POST['article']).'?fullData=true';
$stringXmlArticle = oldHttpRequest($stringApiArticleUrl, null, 'GET');
if ($stringXmlArticle[0]!='<') die($stringXmlArticle);
$objArticleShop = new SimpleXmlElement($stringXmlArticle);
if (!is_object($objArticleShop)) die('Article not loaded');
$_POST['appearance'] = intval($objArticleShop->product->appearance['id']);
}
/*
* article data to be sent to the basket resource
*/
$data = array(
'articleId' => intval($_POST['article']),
'size' => intval($_POST['size']),
'appearance' => intval($_POST['appearance']),
'quantity' => intval($_POST['quantity']),
'shopId' => $config['ShopId']
);
/*
* add to basket
*/
addBasketItem($_SESSION['basketUrl'] , $_SESSION['namespaces'] , $data);
$basketData = prepareBasket();
echo json_encode(array("c" => array("u" => $_SESSION['checkoutUrl'],"q" => $basketData[0],"l" => $basketData[1])));
}
// no call, just read basket if not empty
if (isset($_GET['basket'])) {
if (array_key_exists('basketUrl',$_SESSION) && !empty($_SESSION['basketUrl'])) {
$basketData = prepareBasket();
echo json_encode(array("c" => array("u" => $_SESSION['checkoutUrl'],"q" => $basketData[0],"l" => $basketData[1])));
} else {
echo json_encode(array("c" => array("u" => "","q" => 0,"l" => "")));
}
}
function prepareBasket() {
$intInBasket=0;
if (isset($_SESSION['basketUrl'])) {
$basketItems=getBasket($_SESSION['basketUrl']);
if(!empty($basketItems)) {
foreach($basketItems->basketItems->basketItem as $item) {
$intInBasket += $item->quantity;
}
}
}
$l = "";
$pQ = parse_url($_SESSION['checkoutUrl']);
if (preg_match("#^basketId\=([0-9a-f\-])*$#i", $pQ['query'])) {
$l = $pQ['query'];
}
return array($intInBasket,$l);
}
// Additional functions
function addBasketItem($basketUrl, $namespaces, $data) {
global $config;
$basketItemsUrl = $basketUrl . "/items";
$basketItem = new SimpleXmlElement('<?xml version="1.0" encoding="UTF-8" standalone="yes"?>
<basketItem xmlns:xlink="http://www.w3.org/1999/xlink" xmlns="http://api.spreadshirt.net">
<quantity>' . $data['quantity'] . '</quantity>
<element id="' . $data['articleId'] . '" type="sprd:article" xlink:href="http://api.spreadshirt.'.$config['ShopSource'].'/api/v1/shops/' . $data['shopId'] . '/articles/' . $data['articleId'] . '">
<properties>
<property key="appearance">' . $data['appearance'] . '</property>
<property key="size">' . $data['size'] . '</property>
</properties>
</element>
<links>
<link type="edit" xlink:href="http://' . $data['shopId'] .'.spreadshirt.' .$config['ShopSource'].'/-A' . $data['articleId'] . '"/>
<link type="continueShopping" xlink:href="http://' . $data['shopId'].'.spreadshirt.'.$config['ShopSource'].'"/>
</links>
</basketItem>');
$header = array();
$header[] = createAuthHeader("POST", $basketItemsUrl);
$header[] = "Content-Type: application/xml";
$result = oldHttpRequest($basketItemsUrl, $header, 'POST', $basketItem->asXML());
}
function createBasket($platform, $shop, $namespaces) {
$basket = new SimpleXmlElement('<basket xmlns:xlink="http://www.w3.org/1999/xlink" xmlns="http://api.spreadshirt.net">
<shop id="' . $shop['id'] . '"/>
</basket>');
$attributes = $shop->baskets->attributes($namespaces['xlink']);
$basketsUrl = $attributes->href;
$header = array();
$header[] = createAuthHeader("POST", $basketsUrl);
$header[] = "Content-Type: application/xml";
$result = oldHttpRequest($basketsUrl, $header, 'POST', $basket->asXML());
$basketUrl = parseHttpHeaders($result, "Location");
return $basketUrl;
}
function checkout($basketUrl, $namespaces) {
$basketCheckoutUrl = $basketUrl . "/checkout";
$header = array();
$header[] = createAuthHeader("GET", $basketCheckoutUrl);
$header[] = "Content-Type: application/xml";
$result = oldHttpRequest($basketCheckoutUrl, $header, 'GET');
$checkoutRef = new SimpleXMLElement($result);
$refAttributes = $checkoutRef->attributes($namespaces['xlink']);
$checkoutUrl = (string)$refAttributes->href;
return $checkoutUrl;
}
/*
* functions to build headers
*/
function createAuthHeader($method, $url) {
global $config;
$time = time() *1000;
$data = "$method $url $time";
$sig = sha1("$data ".$config['ShopSecret']);
return "Authorization: SprdAuth apiKey=\"".$config['ShopKey']."\", data=\"$data\", sig=\"$sig\"";
}
function parseHttpHeaders($header, $headername) {
$retVal = array();
$fields = explode("\r\n", preg_replace('/\x0D\x0A[\x09\x20]+/', ' ', $header));
foreach($fields as $field) {
if (preg_match('/(' . $headername . '): (.+)/m', $field, $match)) {
return $match[2];
}
}
return $retVal;
}
function getBasket($basketUrl) {
$header = array();
$basket = "";
if (!empty($basketUrl)) {
$header[] = createAuthHeader("GET", $basketUrl);
$header[] = "Content-Type: application/xml";
$result = oldHttpRequest($basketUrl, $header, 'GET');
$basket = new SimpleXMLElement($result);
}
return $basket;
}
function oldHttpRequest($url, $header = null, $method = 'GET', $data = null, $len = null) {
switch ($method) {
case 'GET':
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HEADER, false);
if (!is_null($header)) curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
break;
case 'POST':
$ch = curl_init($url);
curl_setopt($ch, CURLOPT_HTTP_VERSION, CURL_HTTP_VERSION_1_1);
curl_setopt($ch, CURLOPT_RETURNTRANSFER, true);
curl_setopt($ch, CURLOPT_HEADER, true);
curl_setopt($ch, CURLOPT_HTTPHEADER, $header);
curl_setopt($ch, CURLOPT_POST, true); //not createBasket but addBasketItem
curl_setopt($ch, CURLOPT_POSTFIELDS, $data);
break;
}
$result = curl_exec($ch);
curl_close($ch);
return $result;
}
?>
There's also 2 other parts of the script : a form to add a sample tshirt to the basket (example.php) and a script to call the ajax (shop-controller.js). Can post it if needed but there's no session handling stuff.
update - Maybe the problem is not related to sessions. The BasketId is lost, but PHPSESSID stays the same in the browser cookies.
I did the following tests for the last 3 days (tested with diferent computers and browsers):
Empty browser cookies then start a new session during the afternoon
Add 1 item to basket, i write down the BasketId and check the browsers cookies to write down the PHPSESSID
Usually always around midnight, the basket empty itself
PHPSESSID stays the same in my browser cookies, even after basket empty itself
However the BASKETID is not the same, the one used during the afternoon is lost and a new one is regenerated
Server is CentOS 5.9 - PHP Version 5.2.9 (from OVH). Dedicated server on a dedicated IP.
683
Description ¶ session_destroy() destroys all of the data associated with the current session. It does not unset any of the global variables associated with the session, or unset the session cookie. To use the session variables again, session_start() has to be called.
Session in PHP is a way of temporarily storing and making data accessible across all the website pages. It will create a temporary file that stores various session variables and their values. This will be destroyed when you close the website.
Sessions are NOT serverside, they are stored on the clients local machine (you can go in your cookies and look for a cookie called phpssid under your domain name). Yes they can be hacked, and this is in fact a very common method of hacking.
The alternative to sessions is cookies (in fact, sessions are usually implemented using cookies). But cookies should only be used if you want to store small amounts of data.
First you need to find if the problem is in session's garbage collection or a logical error within the code. For that, you can:
// Add this right after session_start()
if (!isset($_SESSION['mySessionCheck'])) {
$_SESSION['mySessionCheck'] = "This session (" . session_id() . ") started " . date("Y-m-d H:i:s");
}
// For HTML pages, add this:
echo '<!-- ' . $_SESSION['mySessionCheck'] . ' -->';
// For AJAX pages, add "mySessionCheck" to the JSON response:
echo json_encode(
array(
"c" => array(
"u" => $_SESSION['checkoutUrl'],
"q" => $basketData[0],
"l" => $basketData[1]
),
"mySessionCheck" => $_SESSION['mySessionCheck']
)
);
If this message changes at the same time the basket empties, then you'll know for sure it's a problem with PHP sessions.
In that case, there are a few things you can try:
1) You are doing
$lifetime=60 * 60 * 24 * 365;
$domain = ".mywebsite.com";
session_set_cookie_params($lifetime,"/",$domain);
@session_start();
But according to a user contributed note from PHP.net docs:
PHP's Session Control does not handle session lifetimes correctly when using
session_set_cookie_params().
So you may try using setcookie() instead:
$lifetime=60 * 60 * 24 * 365;
session_start();
setcookie(session_name(),session_id(),time()+$lifetime);
Even though it's a 4 year old note as pointed in the comments, I tested it and it still happens (I'm on PHP 5.5.7, Windows Server 2008, IIS/7.5). Only setcookie() produced the HTTP headers to change the expiring date (example setting $lifetime to 600):
Set-Cookie: PHPSESSID=(the id); expires=Mon, 22-Jun-2015 15:03:17 GMT; Max-Age=600
2) If you're using a Debian servers or some derivative, they use a cron job to clear out PHP sessions, so you might try:
maxlifetime;3) To find out if there is some process clearing your sessions, you can place a watch on the directory where the session files are stored (actual path varies from server to server, use session_save_path to find out the location on yours). I'm no server admin, but I've read you can use auditctl for that, just make sure you log who made the changes to your files.
4) If you don't have access to server configuration, or don't want to depend on server config (good if you switch hosts), you can implement your own session handler. Check out this example by Pedro Gimeno.
161
If you love us? You can donate to us via Paypal or buy me a coffee so we can maintain and grow! Thank you!
Donate Us With
