Session confusion

[babzog]

Hi folks,

I'm trying to figure out how the session expiry stuff works and am having a bit of a time with it... hope someone can shed some light.

I have a third party payment module that I've hacked to store processing results data. It generates a transaction number from a new DB table with an auto-increment field and uses that as the "order number" for the payment module (since order numbers aren't actually generated until payment is received). All this works fine... it might sound weird to some, but it does precisely what we need it to.

What I want to do though, is to delete the db table entry if the session expires and the user needs to log in again. I can't seem to find the area of code which basically does:

Is the session expired?
Yes?
Change the page reference to 'login' and go to the login page.
No?
Carry on with payment processing.

I have added "require('includes/application_top.php');" to my module to do the initialization for DB access, etc, and added some error_log statements to application_top to try and trace the flow, but am confused as to the output.

First, I set DEBUG_AUTOLOAD to true (and changed the code in autoload_func.php to use error_log rather than echo for printing the output - with a tail -f on my webserver error log I can watch the debug statements while the application runs.

Further down in application_top, I added some error_logs:

/**
* load the autoloader interpreter code.
*/
error_log("here1");
require('includes/autoload_func.php');
error_log("here2");

So, I create an order, proceed to checkout, enter the CC info and right before the stage three confirmation, I wait (I lowered the session timeout for testing too in php.ini). After the timeout, I clicked confirm and took a look at the error_log (pasted below as it's long).

Of note though, it that after it loads init_sessions.php, it "sees" that two session variables no longer exist and loads new instances of them. Later, around actionpoint 130, it loads a new messageStack object at which point, the program flow changes and reenters application_top, which then reloads autoload_func which runs through this time (note that it skips the loading of those two session vars it loaded the first time), returning to application_top and obviously continuing on.

So, I am quite puzzled by this... why would the loading of the messageStack cause the flow to be interrupted and where is it jumping to? Where would be the best place to put my logic to delete a table row created during cart checkout if a session has expired?

Many thanks for reading this far and for any thoughts you may offer!

Cheers!
Jon

error_log snippet:
[Mon May 29 15:15:20 2006] [error] START
[Mon May 29 15:15:20 2006] [error] here1
[Mon May 29 15:15:20 2006] [error] actionPoint=>0 include('/usr1/vdxtools/apache/htdocs/vdxcrs/includes/classes/class.base.php');</br>
...
[Mon May 29 15:15:20 2006] [error] actionPoint=>70 include('includes/init_includes/init_sessions.php');</br>
[Mon May 29 15:15:20 2006] [error] actionPoint=>80 if (!$_SESSION[cart]) { $_SESSION[cart] = new shoppingCart(); }<br />
[Mon May 29 15:15:20 2006] [error] actionPoint=>80 if (!$_SESSION[navigation]) { $_SESSION[navigation] = new navigationHistory(); }<br />
...
[Mon May 29 15:15:20 2006] [error] actionPoint=>130 $messageStack = new messageStack();</br>


<spacing added here for emphasis>


[Mon May 29 15:15:20 2006] [error] here1
[Mon May 29 15:15:20 2006] [error] actionPoint=>0 include('/usr1/vdxtools/apache/htdocs/vdxcrs/includes/classes/class.base.php');</br>
...
[Mon May 29 15:15:20 2006] [error] actionPoint=>70 include('includes/init_includes/init_sessions.php');</br>
[Mon May 29 15:15:20 2006] [error] actionPoint=>80
[Mon May 29 15:15:20 2006] [error] actionPoint=>80
...
[Mon May 29 15:15:20 2006] [error] actionPoint=>130 $messageStack = new messageStack();</br>
...
[Mon May 29 15:15:20 2006] [error] actionPoint=>180 include('includes/init_includes/init_header.php');</br>
[Mon May 29 15:15:20 2006] [error] here2
[Mon May 29 15:15:20 2006] [error] here3
[Mon May 29 15:15:20 2006] [error] main_page:login
[Mon May 29 15:15:20 2006] [error] code_page_directory:includes/modules/pages/login

[babzog]

Getting there on my own.

Put some more debugging into autoload_func.php and turned up a call to init_customer_auth.php which does a redirect to the login page if the customer id session var doesn't exist.

[DrByte]

$_SESSION['customer_id'] is set to a real value (ie: > 0) if the customer is logged in.