PHP Session lost half way through buying process

2019-03-05 22:49发布

THE SET UP

I have a buying process that has the following stages:

  • results
  • customer
  • payment
  • order-conf

The results page sets a session variable with an ID from our orders database table. Each page posts data to the next one. The start of customer and payment BOTH check the existence of the ID number session variable.

As you can imagine, 99% of browsers with default cookie settings have no problem with the setting of these sessions vars and reading them.

I get an alert whenever that session var check comes back as blank. Most of these errors seem to be direct hits to the customer and payment page, so BOTS or bookmark hits which all makes sense.

Sometimes we get alerts back from the customer page, with the referring URL as results saying the session was blank and it looks like a customer who has cookies disabled. Again, this is fair enough and up to the user to accept cookies.

THE PROBLEM

We are getting a handful of alerts per week from customers who have an empty order ID session var, but on the payment page (with the referring URL as customer). So they successfully pass the customer stage with the order ID var in existence. But when I recheck it on the payment page after they submit their personal info - GONE!

It makes no sense to me. How can it be fine on the previous page, but not on the next? The domain stays the same, all URLS are on HTTPS so it's not that.

My email includes PHP to loop through all SEssion Vars - and that is always blank. (So it's not just the single session variable that is blank, the whole lots is blank).

Is there any more debug I can add to these email alerts to see if the session is in tact, or rather it isn't? Here's some code:

customer and payment both start with:

<?php
require_once "../includes/common.php";

$quoteShared        = new quoteShared();

// Check if this is a direct page hit
if (requestSession("sessionid") == "") {

    echo $quoteShared->directHit();
    die;

Common includes the obvious at the start:

session_start();

How we check sessions:

function requestSession($xParam) {
    $value = "";

    if (isset($_SESSION[$xParam]))
    {
        if ($_SESSION[$xParam] != "") {
            $value = $_SESSION[$xParam];
        }
    }

    return $value;
}

0条回答
登录 后发表回答