1. Home
  2. Forums Index
  3. Server Side / Apache Web Server 6:10 am May 2, 2026

Forum Moderators: phranque

Message Too Old, No Replies

Why sometimes PHP doesn't get any input at all?

         

ArtemG

1:26 pm on Apr 6, 2010 (gmt 0)

10+ Year Member



Hi!

I have interesting problem which I can't figure out for a long time.

Our website uses its own session handling module. It provides a unique ID to a user i.e. SID. Copy of a SID is stored in the database.

Each link must have this SID as one of the parameters as well as each form should have it too. Otherwise, the website will think that a user is not logged in and it will keep generating a new SID.

Also, I just noticed that the website stores cookies with SID, however, the website works perfectly without cookies. I tested in on highest security settings in IE and I blocked all cookies.

The problem is that sometimes a user is getting logged out.

We investigated the issue and found out that when it happens PHP does't get any input at all.

No $_POST, no $_COOKIE, no php://input ... Nothing!

However, the log files clearly shows that URL contains SID.

This issue was not a big deal until recenly - when we started to use AJAX for some forms - we started to receive a lot of complains. It seems that AJAX requests increased the rate of getting this issue. It is very anoying for a user, when he/she losts all the data in the middle of entering it (we started to use AJAX in some forms).

We have like 20-40 users daily using the website. AJAX forms might generate 1-3 requests per 1-2 secons - it is maximum. So Apache might will get 100 requests in one second - that's the maximum.

Our webserver uses SSL. We use mod_rewrite to redirect all requests to [....] Can it be the problem with mod_rewrite ?

I'm already desperate with this issue.:(

I will really appreciate any help on this.

jdMorgan

3:13 pm on Apr 6, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member



First step is to put some "monitoring and logging" into your PHP script to see if you can identify any factors in common between the failed requests.

Also investigate how URL requests get "mapped" to your PHP files -- mod_rewrite? AcceptPathInfo? DirectoryIndex?

And a couple of comments: Long-term, you will not want your entire site to be SSL. This is slow and inefficient. Use SSL only for pages which require it.

Also, if the visitor has cookies enabled, do not include the SID in the links on your pages. Instead, just get it from the cookie. And beware of serving either cookies or SID-URLs to search engines -- this will not work well in many, many ways. Instead, after validating their IP addresses, reverse-DNS, and HTTP request headers to eliminate search-robot-spoofers, allow genuine search robots to navigate the site normally as if they were actually logged-in.

If this turns out to be some PHP-configuration-related problem, you may want to ask in our PHP forum as well.

Jim

londrum

3:27 pm on Apr 6, 2010 (gmt 0)

WebmasterWorld Senior Member 10+ Year Member Top Contributors Of The Month



if every link on your page has a SID attached, maybe that is your problem. because their browser might serve up an old copy of the page with outdated SIDs which don't match the one in their cookie. when they try and click through to a URL with an outdated SID, i'd imagine that they'll get logged out.

i would check that all the pages have the right expiry headers set, so they get a fresh page every time.

ArtemG

3:32 pm on Apr 6, 2010 (gmt 0)

10+ Year Member



Thank you for your reply.

I showed the topic to our Team Leader and he told me that I wrote it wrongly. Sorry for disinformation.

Problem 1 is that sometimes in AJAX requests $_POST doesn't have any data, however, $_GET cointains SID. As a result everything that a user is entered is getting lost. User enters the products into the form line by line. In 99% cases everyhing is okay, and just sometimes $_POST is empty, and sometimes a few times in a row. We use only IE8 (with Compatibility mode), IE7 and IE6 only. Maybe it is connected to the load on the server?

Problem 2, which is most interesting (and I think it is connected with 1) is a random logout of users from random pages. We will add a log on this to see if there is anything in $_GET, and I will post the results here.

ArtemG

5:48 pm on Apr 6, 2010 (gmt 0)

10+ Year Member 



<IfModule mod_rewrite.c>
 Options +FollowSymLinks
 Options +Indexes
 RewriteEngine On
 RewriteCond %{SERVER_PORT} !^443$ 
 RewriteRule ^(.*)$ https://#*$!.#*$!.com/$1 [R,L]
</IfModule>


However, in httpd.conf, DirectoryIndex is used to redirect requests for directories to a blank page: 

<IfModule dir_module>
 DirectoryIndex index.php index.html index.htm
</IfModule>


Further, in the directory of the subdomain in question, we use ErrorDocument to redirect any false requests to the homepage: 

<Directory "#*$!x">
 SSLRequireSSL
 SSLRequire %{HTTP_HOST} eq "#*$!.#*$!.com"
 ErrorDocument 403 https://#*$!.#*$!.com
 Options None
 Order deny,allow
 Allow from all
</Directory>

ArtemG

6:38 pm on Apr 6, 2010 (gmt 0)

10+ Year Member



I forgot to mention that the first part is configured in the .htaccess and the rest in httpd.conf
 

Join The Conversation

Moderators and Top Contributors

Hot Threads This Week

  1. Home
  2. Forums Index
  3. Server Side / Apache Web Server 6:10 am May 2, 2026