Help! - Corrupt-like string stored on value session on DB

[jamartin]

Hello to everyone.

 

I searched on the forum, but I couldn't find anything about it.

Sorry If I got into the wrong forum.

Thanks for all your support.

 

My problem is that suddenly the session value (not the session id, just the value) started to be stored in a wrong format (at least, that is what I think). In the DB, the session value is not longer being stored in its traditional format (in my webhosting):

 

cart|O:12:"shoppingCart":4:{s:8:"contents";a:0:{}s:5:"total";i:0;s:6:"weight";i:0;s:12:"content_type";b:0;}language|s:7:"espanol";languages_id|s:1:"3";currency|s:2:"CL";navigation|O:17:"navigationHistory":2:{s:4:"path";a:1:{i:0;a:4:{s:4:"page";s:11:"get_cat.php";s:4:"mode";s:6:"NONSSL";s:3:"get";a:2:{s:3:"cid";s:2:"43";s:1:"p";s:4:"7490";}s:4:"post";a:0:{}}}s:8:"snapshot";a:0:{}}wishList|O:8:"wishlist":0:{}referer_url|s:76:"";

 

and is being stored in this ugly format (in my webhosting):

 

f7SqkTwV-NSingxByOCbW9-8eYh_yakJvdNT-CysqxZzy_qX8w-himEW1uDylWJoBEFrYHdPrD9mw3oZRoF9tWlWxjXfGISd6OvZhgX_acj580bE5IkCUQlEUuDs869S4VI
TSA_-u0BRCr9RiiO9Ytiv4xssMnfGlvX3SfXyJ40lvisiFQpFtA_p9lMgr7oi65LS8TuqUoqeRRl2OtwBspnV
zBR9S6sEMwfNVTGBLJ4f3DzETdECaU62C273SojvPvyaKljbF9oyVytAJjvY43FC0LUm-QATLTY4rZ4DsefrtrdE7Neq-NURSsxcrBzS1EG0Rf0W3CNuuIwn5Rp_F8tFNS_eF85_Q98HlSxXVtpMLP9Clc4QZMokdnf3KPu0amRlW
tLIhiBH68wXrwU4mH5V2ZkoQn31C-WV3fyShMXkswQo68KhIN38RQsdkh2jADRD8bmy_LKx0NTXJnkRe8BxwI_3NbUFgpMR4iOL626l08V71H
LigMwlU2FN6vnacg2HmO1NVG-Cv8y8muFg-mQpKTZRQP_56fiFgxZUc1-YXQw1nk7CfvgHciWkmX2KN1Dc42maN6sqo3xGlb2b20wW2bmnLGdzVRT1cTIjuy7wMlyEeitukaEyfHt
gtEJJRwokdBcrvJ37X9rbn

(all in one single line. don't know why, but this codebox is wrapping the line in some way)

for example.

 

This causes that the admin/whos_online.php page is not showing properly. Maybe, some customers of mine are unable to buy properly too. I mean, I noticed the problem in the whos_online page, but I think this could also affect my customers' shopping experience.

 

Searching on php.net, I find out the serialize() function. As long as this error is occurring in my localhost's copy of the store, I tried to echo serialize($_SESSION) and then echo $val (found in catalog/includes/functions/session.php in _sess_write() function), but the values are different, almost the same but different from each other, so I don´t think I could serialize($_SESSION) as an alternative to solve my problem.

 

This is what I get when echo-ing serialize($_SESSION) (in my localhost):

 

a:6:{s:4:"cart";O:12:"shoppingcart":5:{s:8:"contents";a:0:{}s:5:"total";i:0;s:6:"weight";i:0;s:6:"cartID";N;s:12:"content_type";b:0;}s:8:"language";s:7:"espanol";s:12:"languages_id";s:1:"3";s:8:"currency";s:2:"CL";s:10:"navigation";O:17:"navigationhistory":2:{s:4:"path";a:1:{i:0;a:4:{s:4:"page";s:9:"index.php";s:4:"mode";s:6:"NONSSL";s:3:"get";a:0:{}s:4:"post";a:0:{}}}s:8:"snapshot";a:0:{}}s:8:"wishList";O:8:"wishlist":1:{s:6:"wishID";N;}}

 

and this is what I get when echo-ing $val (in my localhost):

 

cart|O:12:"shoppingcart":5:{s:8:"contents";a:0:{}s:5:"total";i:0;s:6:"weight";i:0;s:6:"cartID";N;s:12:"content_type";b:0;}language|s:7:"espanol";languages_id|s:1:"3";currency|s:2:"CL";navigation|O:17:"navigationhistory":2:{s:4:"path";a:1:{i:0;a:4:{s:4:"page";s:9:"index.php";s:4:"mode";s:6:"NONSSL";s:3:"get";a:0:{}s:4:"post";a:0:{}}}s:8:"snapshot";a:0:{}}wishList|O:8:"wishlist":1:{s:6:"wishID";N;}

 

 

So, I need to know how to store the value in the correct format, or how to pass from the serialize($_SESSION) format to the right format above.

 

 

The problem is occurring in the online store, hosted in a LAMP server.

I run osCommerce 2.2 RC1 over an Apache 2, MySQL 5, PHP 5 server.

 

I suspect my hosting company has upgraded something, but their support is gonna take a bit long.

 

Please!... Help me... If you need any additional information, please let me know.

 

Excuse my english :blink:

 

Thanks a lot in advance.

 

Best,

JmG

[user99999999]

I guess you have hardened php installed. If the encrypted session is causing problems you might have to turn it off.

 

suhosin.session.encrypt

 

http://www.hardened-php.net/suhosin/configuration.html

[jamartin]

Yes user99999999

 

Thanks a lot for your information. You guess right.

 

I tried

 

<?php
echo ini_get('suhosin.session.encrypt'); 
?>

 

 

and printed 1 (so the suhosin.session.encrypt is enabled).

 

Now I'm trying to turn it off , or decode it. Do you know how to decode it?

 

I tried the ini_set to turn it off for the current script, bu it didn't work. I tried the following:

 

<?
echo ini_get('suhosin.session.encrypt');

ini_set('suhosin.session.encrypt', '0');

echo ini_get('suhosin.session.encrypt');
?>

 

But it printed 1 un each echo. (it seems that the hosting company is disabling ini_set() and php_value in .htaccess)

 

If you know something new, please let me know.

 

Thanks a lot again.

 

Best Regards,

[loginid]

Hi there,

 

I am having exactly the same problem :^(

 

Did you get a resolution to this issue?

 

 

 

Thank you!

[martbean]

Hi,

 

I'm having the same problem too - did anyone manage to solve it?

 

Thanks,

 

Martin.

[rups_osc]

Post no 6 in http://www.zen-cart.com/forum/showthread.php?t=88301

(yes its the same code as OSC if you compare it)

Makes the whos online not timeout though it doesnt decode the suhosin session data.

 

I got my host to disable suhosin and it still doesnt store sessions properly (how it used to).

 

does anyone have any ideas how to make osc work with suhosin enabled ?