PHP sessions and session_start()
Question
Sorry if this is a silly question but lately I've been designing a site for a client and something strange has been happening with my sessions.
The site has a PayPal button which redirects the user to PayPal so they can confirm a payment, before being redirected to the site again.
Before the user is redirected, a load of session variables are saved. Some of them are to do with PayPal, others are to do with things on my site such as a variable to determine which user is logged in, their shopping cart items, etc.
Now, here's where things have been going wrong...
The user is redirected from checkout.php to PayPal. Before they're redirected, all session variables for the site are present (shown by var_dump and print_r). This is fine.
The user returns from PayPal to orderreview.php, but var_dump and print_r now show that the site session variables are missing, but all PayPal ones are there.
I fixed this problem by removing "session_start();" from the top of orderreview.php.
So my question is, why did removing that line fix the issue? Why wouldn't it work before?
I thought I understood PHP sessions but clearly I don't understand them as well as I thought.
I'd read this somewhere:
"As of PHP 4.3.3, calling session_start() while the session has already been started will result in an error of level E_NOTICE. Also, the second session start will simply be ignored."
So I was under the assumption that calling session_start at the top of the script wouldn't affect anything if a session was already started earlier.
Thanks for any answers, once again I apologise if this is a silly question.
1 answers
solution1
1 ACCPTED 2012-08-03 22:16:18
That's may be because that you have been redirected to another site during the process. And while you return from Paypal to your website, session_start() generated a new session id which your previously stored session variables are not linked to.
And when you removed session_start() (I don't think session should work without this on top), it used the old session id and never got regenerated. Hence, old session data are back!
This is just my assumption.
The technical post webpages of this site follow the CC BY-SA 4.0 protocol. If you need to reprint, please indicate the site URL or the original address.Any question please contact:yoyou2525@163.com.