4 replies to this topic

[*A1*]

Since I'm not so familiar with sessions I really can use some help with this.

When I run whos_online.php in admin/ it doesn't show the contents of visitors/customers baskets.
I tested it local and it works fine.

With phpmyadmin i checked the content of table_sessions of the live-shop and found something weird.
the value of my session looks all scrambled like


e27RNf1c33tvwImBJHdxc77ZdIXOXaILTO_ho3GnehrG38YeKzlOvI47Ifsq4qBVjSmswfMHPh2Ur8DnTwhxTldbnV9K11TnozZry4DJsquadj-LItXl0jIvh26Iql-Zvuvg-xZ8lNhcaNkYd4-f74fVmK0ZmX8H_R9zkkSdnpdueszO6ach8O3kg-PVcrsi0lOEX85Xt-CjkZ2iI-ztm1YkPkc55XWLEwTS2z0A2Ij7FhIqr_gbdRzk_IhdiJTrZe58kDY0Ng0Nq24bg0uZxvh994WqjqyWru_DDzRbEX-wuGOAO1omtrlTb_pq7pgmUwT5LHwXN3lSMKU1Gx78pqKuDai7FjJN_-Qwa12hBtQq-iPJj8kp-bnKDMAE1nygTHuUqKkU6jXF1vWX4BW2gnMPA8PoakYLYYanisdan1rUQqR5vbbPt1gRZ0OOd4Is2SRtX-vdcofZnATBvCyAE0ItWptLLDXNEWZl4mogGkcnrev5CZiCwZX8g3vv2ERZh3zYyArGRheL3LBfUmScrUQ3eXvpcyGbIm5dS1G4C4445XAVSXrdqGqQM2aFKthWlnBUWUzCpWJywiUw_VpFTWdHkl78iamVRNiIe2NhFfW3GgpSA5czW7gusTXRFohDjnJ8f8xoufPJyaBAGySETxD2dobp5onsDL4ZCo5o5T9Iw_thDrLH-TKOdilSmnHb1MSIj43j9VMVbpD10DEKkrE_79gvo4fNMkdM3xiHMx3ZxTJYqARMLttitRYATpneLsf8-YHVGncJhA9jloYGexNKl_qRRJDEz5-eIQtqV_JVLA9G7HB0JtbiGKr48diKSjHhlJch_BMWZD6P3MgdBjaJGiVVum911ad3PQhCdPxQU9Oj4JZVF7NGXtH_BwjyyYGu2QoAJObvw5iZer__uJ0NV6iimE3V0zdL7NwPDd7qfVIE3FxzojAx__KrZszLLO1iIhs7ACNwCOrmsbZ0yRK4b8Qf_mQfSLmLFMMdTFbeeFi3cksQ9pOH5PRob3a1hXLnuaYgXdEtGVPIaTTJKHInRSgkApzzrJUFuALUPKeT03kjUauwLi53sq_acpnNM8v7dsDmgMk8OFI_2uTirnZ3cDsUwJWQEeYBKF7uJ0R2Waxc2nI9HHST21n85lt2mXLOmujwIy-UMTO_wrtTk6qmHDuKAZhbDWfw-OruQWMbCG5Egyn9ikkdGsOzk5dk8uMDqLcVRT62cTp820mYMR5WDDsJk_JHf_iPyHAadQBzuuWMLKBKY10-NmL-dd5BBsnIXVpeDrsQnYHLMALId7wLPwSnP_s77xODE8umbL99D14uvEqTbRviZVD3um7IgSDUwEPKTCw0bd7rdWjlGdIDaAA_49g8MfTz1JtCvGyOlUKqI5Sip-sSp8x5tVD6SkSJ4rcp_jb8ImtmNQY4xh3TCyb4ipgqpuFSKIOYXnFjIBvwRtNmXGzqTZgr1HOWZzddJU4rBuca5K7mJbQJMOcQ7jBu1AEhRfNhmraBIV9aKk-Cu90Pn4HQixNe4ko9

instead of:
a:16:{s:18:"SESSION_IP_ADDRESS";s:13:"xx.xxx.xxx.xx";s:4:"cart";O:12:"shoppingCart":6:{s:8:"contents";a:1:{i:1450;a:2:{s:3:"qty";i:7;s:22:"discount_categories_id";N;}}s:5:"total";d:144.06000000000000227373675443232059478759765625;s:6:"weight";d:1.6100000000000000976996261670137755572795867919921875;s:6:"cartID";s:5:"51412";s:12:"content_type";b:0;s:5:"cg_id";s:1:"1";}s:8:"language";s:5:"dutch";s:12:"languages_id";s:1:"4";s:8:"currency";s:3:"EUR";s:10:"navigation";O:17:"navigationHistory":2:{s:4:"path";a:1:{i:0;a:4:{s:4:"page";s:9:"blank.php";s:4:"mode";s:6:"NONSSL";s:3:"get";a:0:{}s:4:"post";a:0:{}}}s:8:"snapshot";a:0:{}}s:18:"sess_discount_code";N;s:11:"customer_id";s:6:"500064";s:27:"customer_default_address_id";s:2:"72";s:19:"customer_first_name";s:4:"Test";s:18:"customer_last_name";s:7:"Account";s:22:"sppc_customer_group_id";s:1:"1";s:28:"sppc_customer_group_show_tax";i:0;s:30:"sppc_customer_group_tax_exempt";i:0;s:19:"customer_country_id";s:3:"150";s:16:"customer_zone_id";s:3:"189";}

(for security reasons I changed the ip-address to xx.xxx.xxx.xx)

I checked if the software was the same local and remote and the programs seems to be the same.

Live-shop Server specs:
PHP Version 5.3.3-7+squeeze3
MySQL 5.1.49-3-log
Linux 2.6.32-5-686-bigmem

Local server specs:
xampp-win32-1.7.7-VC9
PHP Version 5.3.8
MySQL 5.5.16


Does anyone has a clue why there is a difference in how the values in table_sessions are written and
how I can make the live-shop write the value correctly?

[germ]

g00gle the term "suhosin.session.encrypt".

That might be the problem.

[*A1*]

germ, on 16 December 2011, 11:26, said:

g00gle the term "suhosin.session.encrypt".

That might be the problem.

Thanks Jim.

I checked my server_info.php and the setting for suhosin.session.encrypt is ON.

I understand now that this protects against insecure php coding.

So now I need to make whos_online.php working properly again.
I read I can do it by overruling the server setting but I think it ain't save to do.
There must be another solution to decode the table_sessions value.
any idea how?

[germ]

Turn it off.

There are tens or hundreds of thousands of stores that function safely and securely without it.

[*A1*]

germ, on 16 December 2011, 12:44, said:

Turn it off.

There are tens or hundreds of thousands of stores that function safely and securely without it.

I'll make the neccessary changes.
Thanks again for your assistance in this.