Accessing a session variables in a php class object fails after php5.3 > php5.5.9 upgrade

0
votes

Object & session properties are not returned from the class function into the initiating script, even though the classes and objects initiate. I can see their properties with var_dump() from within the class function but they are not returned outside the class function.

I have a globally included file global.inc.php which gets called on every page which does a bunch of things. On user form Login, the include calls a custom class ('UserTools.class.php') using:

$userTools = new UserTools();

This class does 3 things:

  1. Database Check on User (some password verification/hashing comes later - omitted here):

public function login($username, $password) {
$result = mysql_query("SELECT * FROM users WHERE username = '$username'");
$row = mysql_fetch_assoc($result);

  1. Set a bunch of $_SESSION variables (session_start() already called from global.inc.php)

$_SESSION["login_time"] = time();
$_SESSION["logged_in"] = true;
$_SESSION["passwordHash"] = $passwordHash;

  1. Initialize the User class and serialize the User object to the session variable $_SESSION['user']:

$_SESSION["user"] = serialize(new User($row));

If I var_dump($_SESSION['user']) from "within" the class, I can see the serialized string representation of the User object:

var_dump($_SESSION['user']):

array (size=4)
'SESS_PARENT' => boolean true
'SESS_CHILD' => boolean true
'timezone' => int 300
'user' => string 'O:4:"User":13: {s:2:"id";s:1:"1";s:8:"username";s:5:"peter";s:14:"hashedPassword";s:60:"$2y$11.....(length=6160)

THE PROBLEM
But when the class function returns to the calling global.in.php script, the complete $_SESSION variable is:

array (size=0) . empty

Q1. What am I doing wrong here?

Q2. What has changed since php 5.3 to have this effect?

1
phpclassvariablessessionphp-5.5
What is USer class? What happens when u var_dump the User object - Itay Moav -Malimovka
Everything works in the class library function but the objects & session variables are not returned from the class function to the initiating script. To answer your question what if I var_dump the $user object from the class file (which is where it is initialised from) - I can see the properties for the $user object just fine - but I can't see the objects/session variables in the initiating script - which I used to be able to do before the php 5.3 upgrade. - Tony Barganski
I would suggest to start var dumpin the session every few lines, I think you overwrite it. You can also check the file directly to see you actually wrote to it the values you think you wrote to it. Hard to help you debug this with the actual code. Nothing significant changed in session in regard to what you ask. - Itay Moav -Malimovka

1 Answers

0
votes

Session_start()

The culprit turned out to be the $_SESSION superglobal and a complex set of includes.

session_start(); was not at the start of the include file, only some way down after some ini_set commands setting up various parameters for the $_SESSION superglobal.

Header Redirects

Header redirects were not saving session data. This is because, any changes to $_SESSION varibles are made when a script ends. A header redirect with an exit() statement is essentially interrupting a script’s execution - so the session needs to be written back to disk, database or Redis 'before' the redirect and exit() commands are called.