Session_decode issue in admin

[rudolfl]

Hi all,

 

Recently I started to have an issue in whos_online. I am talking about store that was running normally for a long time before problem occured. E.q. this is not a new install.

 

Error I get is as follow:

Warning: session_decode(): Failed to decode session object. Session has been destroyed in <skip>/whos_online.php on line 794 (please ignore actual line number, as file can have local modifications)

 

The line in file reads:  session_decode($session_data_cart);

 

Issue possibly started after re-building PHP, changing minor version and adding mbstring module.

 

PHP version: 5.4.45

OsComerse version 2.3.3

sessions are stored in mysql

 

So far I tried to restart mysql service, restarted whole server and manually cleared session data from "sessions" table.

 

Any ideas what is happening?

 

Thanks,

[Thelostfleet]

Greetings rudolfl,

 

I saw something like this before.

 

Do you have Server API==FPM/FastCGI ?

[MrPhil]

You "rebuilt" PHP. Are you now running on a later PHP version than you were before? osC 2.3.3 is fairly long of tooth, and might not play well with your [updated] PHP version. If you did not change the PHP version, perhaps you accidentally changed some setting in PHP and broke it (such as the FastCGI business). What happens if you roll back to your original PHP build -- does it work then? (exclusive of multibyte data added) I find it hard to believe that installing multibyte support would, by itself, break session handling; so I suspect you either accidentally bumped up your PHP level or just plain broke something in the process.

 

By the way, if you're running on your own server, beware: hackers know more about security issues than you do. It's false economy to save a few dollars on hosting by doing it yourself, as it's much more likely you'll be hacked than on a professionally managed server. Just sayin'.

[Thelostfleet]

Hello MrPhil,

 

With some specific server configuration and PHP version, some weird things can happen.

 

With php 5.4.45 and Server API==FPM/FastCGI the session_decode may not work properly and one can get the very same message rudolfl get.

[MrPhil]

That would mean that the OP did actually change something besides just adding multibyte support, and that broke the Server API business. If you're not an expert in this kind of stuff, I would not be trying to manage my own server. Too many things can go wrong (besides leaving security holes).

[Thelostfleet]

I encountered the problem with my hosting company, and as far as I can tell they know what they are doing :D . However there are so many parameters , so many apache, PHP, etc ... versions that one can't never be sure such things can't happen :)

[rudolfl]

I had to upgrade minor PHP version as original one was no longer supported. I can not see the option anymore. I believe it was 5.4.43 and I moved to 5.4.45

 

Server API is set to CGI/Fast CGI.  What should it be set to?

Sorry, this is one parameter I am not familiar with.

 

Thanks,

Rudolf

[Thelostfleet]

Server API is set to CGI/Fast CGI.  What should it be set to?

Sorry, this is one parameter I am not familiar with.

 

Not sure with Server API set to CGI/Fast CGI ; however for some of us with php 5.4.45, sessions stored in mysql and Server API==FPM/FastCGI the session_decode did not work properly anymore and we got the same error message when looking whos_online.

 

When this error occurs, are you sent back to the admin login page ?

[rudolfl]

Yes, usually I am sent back to login page.

 

Do you know if later PHP versions have same issue?

 

Rudolf

[Thelostfleet]

I do not know if later PHP versions have same issue. However on this post http://www.oscommerce-fr.info/forum/index.php?showtopic=71495&st=0&p=371262entry371262 there is a solution for this problem wich works with your version of php. It's in French, but not difficult to understand.

[phi148]

I do not know if later PHP versions have same issue. However on this post http://www.oscommerce-fr.info/forum/index.php?showtopic=71495&st=0&p=371262entry371262 there is a solution for this problem wich works with your version of php. It's in French, but not difficult to understand.

 

Could you possibly provide some more information on this?  I'm also getting the problem, and I'm having trouble with the French code.

[phi148]

Could you possibly provide some more information on this?  I'm also getting the problem, and I'm having trouble with the French code.

 

Actually I just figured it out.  You can see the code I commented out below, and in turn, what it was replaced with.  Thanks!

 

//session_decode($session_data_cart);

//session_decode($session_data_currency);

$session_data_id = unserializesession($session_data_id);

$session_data_currency = unserializesession($session_data_currency);

$session_data_country = unserializesession($session_data_country);

$session_data_zone = unserializesession($session_data_zone);

$session_data_cart = unserializesession($session_data_cart);

 

////$cart = $_SESSION['cart'];

//$currency = $_SESSION['currency'];

$_SESSION['currency'] = $session_data_currency;

$_SESSION['cart'] = $session_data_cart;

 

//if (is_object($cart)) {

// $products = $cart->get_products();

// for ($i = 0, $n = sizeof($products); $i < $n; $i++) {

// $contents[] = array('text' => $products[$i]['quantity'] . ' x ' . $products[$i]['name']);

// }

// if (sizeof($products) > 0) {

// $contents[] = array('text' => tep_draw_separator('pixel_black.gif', '100%', '1'));

//$contents[] = array('align' => 'right', 'text' => TEXT_SHOPPING_CART_SUBTOTAL . ' ' . $currencies->format($cart->show_total(), true, $currency));

// $contents[] = array('align' => 'right', 'text' => TEXT_SHOPPING_CART_SUBTOTAL . ' ' . $currencies->format($_SESSION['cart']['cart']->show_total(), true, $_SESSION['currency']['currency']));

 

if (is_object($_SESSION['cart']['cart'])) {

$products = $_SESSION['cart']['cart']->get_products();

for ($i = 0, $n = sizeof($products); $i < $n; $i++) {

$contents[] = array('text' => $products[$i]['quantity'] . ' x ' . $products[$i]['name']);

}

 

if (sizeof($products) > 0) {

$contents[] = array('text' => tep_draw_separator('pixel_black.gif', '100%', '1'));

$contents[] = array('align' => 'right', 'text' => TEXT_SHOPPING_CART_SUBTOTAL . ' ' . $currencies->format($_SESSION['cart']['cart']->show_total(), true, $_SESSION['currency']['currency']));

 

[Evinrude9.5]

Hello MrPhil,

 

With some specific server configuration and PHP version, some weird things can happen.

 

With php 5.4.45 and Server API==FPM/FastCGI the session_decode may not work properly and one can get the very same message rudolfl get.

 

I have got the exactly same problem as from rudolfl. But the error was only reffered to the line: " session_decode($session_data_cart);" , all other lines were gone through. My question is, if you said it is the server problem causing the session_decode may not work properly, why did that only happen with "session_decode($session_data_cart);" but not with:

       session_decode($session_data_id);

      session_decode($session_data_currency);

      session_decode($session_data_country);

      session_decode($session_data_zone);

 

I did the test with one browser as a visitor and I am the admin check on the "whos_online", when I checked on the data base "session" table, I did see the session value containing the shopping cart information, but it just could not pass through "whos_online" page, the "whos_online" page only showed the ip address, last url, session_yes, could not display http referer url, the most important thing is, could not show shopping cart informaiton. 

 

Similar to rudolfl, I moved my site (version 2.2 but keep changing code)to a new server with higher php version(5.624) and register_globals Off, I have changed some deprecated variables to get all pages work properly besides "whos_online" shopping cart dispaly. I used to add some codes on this page so I could see excatly what visitor added to cart including the attribute, for example, shoe style name and color and size and quantiy. But now this function is not working.

 

any idea will be appreicated.