Welcome Guest! You need to login or register to make posts.

Notification

Icon
Error

Options
Go to last post Go to first unread
sapperdeflap  
#1 Posted : Monday, August 31, 2009 2:14:11 AM(UTC)
sapperdeflap

Rank: Newbie

Groups: Member
Joined: 6/3/2009(UTC)
Posts: 6

I've got a curious problem occurring on only one of my apache/php servers:
While uploading with UI the session-vars are deleted. This occurs both with the java- and activex version, and only on one server. All other session-related things work smoothly on this server, just the upload by IU triggers the deletion of the vars. The session_id() maintains it's value. Naturally i checked the php.ini and other server-settings (especially session-related stuff), but i can't find an explanation.

This is a test.php script i use, it posts back to itself, ignoring the upload:
====================
<?php
session_start();
$_SESSION[date('Y-m-d h-m-s')] = 'test'; //adds a new session-var named 'current time' with value 'test' on each request
var_dump($_SESSION);
$site_domain = "http://www.somedomain.eu/";
?>
<br />
<script src="<?php echo($site_domain); ?>iu/Scripts/iuembed.js" type="text/javascript"></script>
<script type="text/javascript">
var iu = new ImageUploaderWriter("ImageUploader1", 650, 400);
iu.activeXControlEnabled = true;
iu.javaAppletEnabled = false;
iu.activeXControlCodeBase = "<?php echo($site_domain); ?>iu/Scripts/ImageUploader6.cab";
iu.addParam("LicenseKey", "XXXXX-XXXXX-XXXXX-XXXXX-XXXXX");
iu.addParam("Action", "");
iu.addParam("RedirectUrl","<?php echo($site_domain); ?>temp/test.php");
iu.writeHtml();
</script>
====================

Note that the expected behaviour is that every call on this script a new session-var $_SESSION['yyyy-mm-dd hh-mm-ss'] with value 'test' is added, and this works as expected with a F5 refresh on all servers, but when i upload an image with IU all session-vars are gone on only 1 specific server.

I hope someone has any clue what might be causing this session-loss? (both activex- and java version result in the session-loss on this server).
Dmitry  
#2 Posted : Tuesday, September 1, 2009 4:54:01 PM(UTC)
Dmitry

Rank: Advanced Member

Groups: Member, Administration, Moderator
Joined: 8/3/2003(UTC)
Posts: 1,070

Thanks: 1 times
Was thanked: 12 time(s) in 12 post(s)
Hello,

How do you pass Session ID, using cookies or URL parameter? Could you give me a link to a page where you experience the problem?
Sincerely yours,
Dmitry Sevostyanov

UserPostedImage Follow Aurigma on Twitter!
sapperdeflap  
#3 Posted : Tuesday, September 1, 2009 4:59:32 PM(UTC)
sapperdeflap

Rank: Newbie

Groups: Member
Joined: 6/3/2009(UTC)
Posts: 6

Still no solution found for this weird problem.
A bit more details: PHP 5.2.9 on Apache/2.2.10 (Linux/SUSE) Server.
The website has multiple upload-systems (i mean forms with POST and FILE upload), and the other ones work as expected.
While uploading the session is maintained. When upload is finished the line session_start() in the recieving file is called and at that moment the session-vars get cleared (while maintaining the session_id). When i remove this session_start() on the receiving file the session is maintained (but i can't use the session-vars in this script naturally).
Also there is a suhosin protection (0.9.27) installed on the server, but disabling it (by suhosin.simulation = "on") doesn't help either.
I've checked the headers too, and changed the IE-header into 'Image Uploader' so this value isn't changed on upload (might something check this against session-hijacking) but this...doesn't help too.
Because this behaviour doesn't happen on my other servers, and both ActiveX and Java have this problem, and i've spent way too much time on this problem, i think there is a glitch in the Matrix and my only option is to re-install this server...
sapperdeflap  
#4 Posted : Tuesday, September 1, 2009 5:03:42 PM(UTC)
sapperdeflap

Rank: Newbie

Groups: Member
Joined: 6/3/2009(UTC)
Posts: 6

Dmitry wrote:
Hello,

How do you pass Session ID, using cookies or URL parameter? Could you give me a link to a page where you experience the problem?


Thanks for your reply. The session-id is maintained by cookie. I'll PM you the link now.
Dmitry  
#5 Posted : Tuesday, September 1, 2009 10:11:57 PM(UTC)
Dmitry

Rank: Advanced Member

Groups: Member, Administration, Moderator
Joined: 8/3/2003(UTC)
Posts: 1,070

Thanks: 1 times
Was thanked: 12 time(s) in 12 post(s)
Hello,

In your phpinfo I see that the name of session cookie is PHPSESSID. I tried to load your test page and saved request dump. I see that the only cookie passed to this request from your server is one with empty name (see the screenshot attached to this post). It seems that the problem is in session id cookie.

Edited by user Tuesday, September 1, 2009 10:13:46 PM(UTC)  | Reason: Not specified

Dmitry attached the following image(s):
Capture.PNG
Sincerely yours,
Dmitry Sevostyanov

UserPostedImage Follow Aurigma on Twitter!
Tamila  
#6 Posted : Sunday, September 6, 2009 9:25:13 PM(UTC)
Tamila

Rank: Advanced Member

Groups:
Joined: 3/9/2008(UTC)
Posts: 554

Was thanked: 1 time(s) in 1 post(s)
Hello,

Dmitry provided me with necessary information. I just visited your site and I saw that your cookie is not configured yet. Please make sure that you have correct session settings.

Edited by user Sunday, September 6, 2009 9:29:20 PM(UTC)  | Reason: Not specified

Tamila attached the following image(s):
1.PNG
Aurigma Support Team

UserPostedImage Follow Aurigma on Twitter!
sapperdeflap  
#7 Posted : Wednesday, September 9, 2009 8:42:59 PM(UTC)
sapperdeflap

Rank: Newbie

Groups: Member
Joined: 6/3/2009(UTC)
Posts: 6

Thanks Tamila, but i'm afraid this is not the problem.

I see in your screenshot it is the first visit (new session). On first visit the session-value is never sent in the calling header (mine named PHPSESSID, on the aurigma site it is called ASP.NET_SessionId). This is only on the second and following visits from the browser. This behaviour on my site is identical to the aurigma site.

The big question remains why my session-data is lost after the upload with IU on some sites. Ive tested some things and know that the session is maintained while uploading, but on finishing uploading (or cancelling) the session-data is lost. The session-data is maintained in all other functions on my sites (including uploading binary files).

Re-installing the server from scratch did not have a positive result. I also had the script tested on a server owned by the local university, same result: session-data lost.

Since it took me a bit too long i've programmed around this, but am still curious what setting might be causing this. Older servers (apache 2.0, PHP 5.0) don't seem to have this problem, and some newer servers don't have this problem too. Of course i've compared the php.ini and apache settings on working vs not working servers, but have not found a solution other then sending the ID not by cookie but by URL (which is less safe and should be avoided).
Tamila  
#8 Posted : Thursday, September 10, 2009 9:09:00 PM(UTC)
Tamila

Rank: Advanced Member

Groups:
Joined: 3/9/2008(UTC)
Posts: 554

Was thanked: 1 time(s) in 1 post(s)
Hi,

I have an idea. Probably you have verification of User Agent on your server. It can be a problem because user agent of browser differs from user agent of Image Uploader.
Try to switch off this feature on your server and try again.
Aurigma Support Team

UserPostedImage Follow Aurigma on Twitter!
sapperdeflap  
#9 Posted : Monday, September 14, 2009 5:41:12 PM(UTC)
sapperdeflap

Rank: Newbie

Groups: Member
Joined: 6/3/2009(UTC)
Posts: 6

Thanks for the reply.
Although this is not even checked by my server, and my session-data is maintained with different user-agents in one session, i have tried this. I used a custom User-agent header in the script (so all request-headers, from both IE and IU, read 'Image Uploader'), this didn't help too... sniff...
Dmitry  
#10 Posted : Tuesday, September 15, 2009 7:03:32 PM(UTC)
Dmitry

Rank: Advanced Member

Groups: Member, Administration, Moderator
Joined: 8/3/2003(UTC)
Posts: 1,070

Thanks: 1 times
Was thanked: 12 time(s) in 12 post(s)
Hello,

We did some testing on your site today (it seems you removed test2.php page from your server but I found test3.php that worked). Now we are sure that the problem is in different user agent strings.

We just changed user agent string in FireFox browser (read the Changing User Agent in Firefox topic) to "Aurigma Image Uploader JE" (user agent string sent by Image Uploader). In this case user agent string of the browser equals to Image Uploader one. After that your test3.php started to work correctly.

You need to adjust your server settings to disable these checks.

Edited by user Tuesday, September 15, 2009 7:15:25 PM(UTC)  | Reason: Not specified

Sincerely yours,
Dmitry Sevostyanov

UserPostedImage Follow Aurigma on Twitter!
Users browsing this topic
Forum Jump  
You cannot post new topics in this forum.
You cannot reply to topics in this forum.
You cannot delete your posts in this forum.
You cannot edit your posts in this forum.
You cannot create polls in this forum.
You cannot vote in polls in this forum.