Latest News: (loading..)
Issue information
-
#000434
-
0 - None Assigned
-
New
-
2.3.1
-
-
Issue Confirmations
-
Yes (0)No (1)
1
Hi all friends!
Session table value is overflowed!
known issues when mySql session value overflowed:
- to long numbers
- to many products in cart
- non recomended charset
POSSIBLE RESULTS
- admin cant login
- customers cant login
and so many problem if logged.
Source http://hu.php.net/%20session_set_save_handler
Probably oscommerce code which has problem:
Suggest to edited code:
Other informations:
Debug codes:
session_test.zip 14.81K
1 downloads
see in attached sql file.
field_length = 107353
mySQL result: 0 row(s) affected
Regards,
Gergely
Session table value is overflowed!
known issues when mySql session value overflowed:
- to long numbers
- to many products in cart
- non recomended charset
POSSIBLE RESULTS
- admin cant login
- customers cant login
and so many problem if logged.
Source http://hu.php.net/%20session_set_save_handler
session_set_save_handler('_sess_open', '_sess_close', '_sess_read', '_sess_write', '_sess_destroy', '_sess_gc')
Returns TRUE on success or FALSE on failureProbably oscommerce code which has problem:
if ($check['total'] > 0) {
return tep_db_query("update " . TABLE_SESSIONS . " set expiry = '" . tep_db_input($expiry) . "', value = '" . tep_db_input($value) . "' where sesskey = '" . tep_db_input($key) . "'");
} else {
return tep_db_query("insert into " . TABLE_SESSIONS . " values ('" . tep_db_input($key) . "', '" . tep_db_input($expiry) . "', '" . tep_db_input($value) . "')");
}
Suggest to edited code:
if ($check['total'] > 0) {
$mysql_session_result = tep_db_query("update " . TABLE_SESSIONS . " set expiry = '" . tep_db_input($expiry) . "', value = '" . tep_db_input($value) . "' where sesskey = '" . tep_db_input($key) . "'");
} else {
$mysql_session_result = tep_db_query("insert into " . TABLE_SESSIONS . " values ('" . tep_db_input($key) . "', '" . tep_db_input($expiry) . "', '" . tep_db_input($value) . "')");
}
if (tep_db_num_rows($mysql_session_result) == '1') {
return $row_result;
} else {
tep_db_error("mySQL SESSION ERROR", "Possible session overflowed", "");
}
Other informations:
Quote
TINYTEXT 256 bytes
TEXT 65,535 bytes ~64kb
MEDIUMTEXT 16,777,215 bytes ~16MB
LONGTEXT 4,294,967,295 bytes ~4GB
TEXT 65,535 bytes ~64kb
MEDIUMTEXT 16,777,215 bytes ~16MB
LONGTEXT 4,294,967,295 bytes ~4GB
Debug codes:
session_test.zip 14.81K
1 downloadssee in attached sql file.
field_length = 107353
mySQL result: 0 row(s) affected
update sessions SET value='' where sesskey ='e1ku2cho4vtj20b0ghmceag796'; 1 row(s) affected
Regards,
Gergely
Hoops this is important!
SELECT length(`value`) FROM `osc_sessions` order by length(`value`);
Hi again!
Note: the first overflow update was success and the field fill fulled.
MySql result was:
1 row(s) affected
The second update results
0 row(s) affected
So we need to control tep_db_input($value) first
Note: the first overflow update was success and the field fill fulled.
MySql result was:
1 row(s) affected
The second update results
0 row(s) affected
So we need to control tep_db_input($value) first
if (strlen(tep_db_input($value)) > 65535) {
tep_db_error("mySQL SESSION ERROR", "Possible session overflowed", "");
}
Hi again!
I tried "full fill" the session with a large variable. The result was that the next session variables was missed. The mySQL session was break but not full filled!
So there are different results.
-The mySQL test generates real full filled value field
-The real store test break session string only.
The error handler code
caused 502 Error Page Reques, but the session prevented!
The next issue solved in V3.
The charset has effects to this problem
UTF8 string use double length variables, so Harald use base64 encoded values in osCommerce V3 which reduce the estimated length.
Examples:
SQL results of string lengths
-- result utf8 charset = 36 length (öüóőúéáűíÖÜÓŐÚÉÁŰÍ)
-- result latin2 charset = 18 length (öüóőúéáűíÖÜÓŐÚÉÁŰÍ)
I tried "full fill" the session with a large variable. The result was that the next session variables was missed. The mySQL session was break but not full filled!
So there are different results.
-The mySQL test generates real full filled value field
-The real store test break session string only.
The error handler code
if (strlen(tep_db_input($value)) > 65535) {
tep_db_error("mySQL SESSION ERROR", "Possible the session overflowed", strlen(tep_db_input($value)) );
}
caused 502 Error Page Reques, but the session prevented!
Quote
Proxy Error
The proxy server received an invalid response from an upstream server.
The proxy server could not handle the request POST /checkout_shipping.php.
Reason: Error reading from remote server Apache/2.2.16 (Debian) Server at ******** Port 80
The proxy server received an invalid response from an upstream server.
The proxy server could not handle the request POST /checkout_shipping.php.
Reason: Error reading from remote server Apache/2.2.16 (Debian) Server at ******** Port 80
The next issue solved in V3.
The charset has effects to this problem
UTF8 string use double length variables, so Harald use base64 encoded values in osCommerce V3 which reduce the estimated length.
Examples:
echo base64_encode('öüóőúéáűíÖÜÓŐÚÉÁŰÍ') . PHP_EOL;
echo base64_encode('ouooueauiOUOOUEAUI');
-- PHP result the same 24 character
SQL results of string lengths
-- result utf8 charset = 36 length (öüóőúéáűíÖÜÓŐÚÉÁŰÍ)
-- result latin2 charset = 18 length (öüóőúéáűíÖÜÓŐÚÉÁŰÍ)
Testing Process Steps
(Note: this problem maybe cause on large shops or well enhanced shops. Need a lot of products. The problem maybe not caused by shopping cart only)
1. Go shopping
2. Put a lot of products into the cart
3. Finaly try to Log in
4. If you can login Select Cuopon Code Payment methos or other session variable effects to Checkout Process or logout and put more products to cart. Try again to login.
5. If suddenly break the sesion you find the problem
Note: the session crash will be prevent actions (login, pay or move in chechkout process or other problems)
POSSIBLE ISSUES:
- cant login
- cant pay
- cant select
- cant use forms
(Note: this problem maybe cause on large shops or well enhanced shops. Need a lot of products. The problem maybe not caused by shopping cart only)
1. Go shopping
2. Put a lot of products into the cart
3. Finaly try to Log in
4. If you can login Select Cuopon Code Payment methos or other session variable effects to Checkout Process or logout and put more products to cart. Try again to login.
5. If suddenly break the sesion you find the problem
Note: the session crash will be prevent actions (login, pay or move in chechkout process or other problems)
POSSIBLE ISSUES:
- cant login
- cant pay
- cant select
- cant use forms
0 user(s) are reading this issue
0 members, 0 guests, 0 anonymous users
