Scenario
- User logs in (login.php) and clicks a "calculate amount due" button.
- AJAX call is made to calculate_checkout_total.php which returns a JSON object containing the total amount due (decimal) from the customer. This amount is stored in $_SESSION['vendor_checkout_total'].
- User is presented with the due amount and clicks Pay button. AJAX call is made to a pay_checkout_total.php
- pay_checkout_total.php checks $_SESSION['vendor_checkout_total'] to get the total amount due.
Problem
$_SESSION['vendor_checkout_total'] seems to never be actually saved. pay_checkout_total.php cannot find this session var (undefined index).
Yes, session_start() is being called prior to accessing/saving session vars.
All other session vars (in other PHP files) appear to be stored and accessed correctly.
What I've tried so far
- Calling exit() at the end of login.php
- Returned $_SESSION in the calculate_checkout_total.php JSON object and verified that the session var was being stored. However, when I check /var/lib/php5/sessions, none of the session files contain $_SESSION['vendor_checkout_total']. I see other session vars, but not this one. It's as if the session var only lives within this page?
- Tried setting a different session var in calculate_checkout_total.php - still not saved.
- Verified that session_id() was the same on both PHP files.
- Verified that the cookie containing PHPSESSID was being passed to the request headers.
- Changed ownership of /var/lib/php5/sessions from root to www-data with read-write-execute permissions. Verified that all files in this folder belong to www-data.
- I have following PHP.ini settings
session.save_path = "/var/lib/php5/sessions"
session.gc_probability=0
session.cookie_path = "/"
session.use_cookies = 1
Any help or ideas would be sincerely appreciated. I don't know what else to look for.
UPDATE I found a session_write_close() inside an include of an included file in my scripts. Once I removed it, session variables behaved as expected.