Duplicate Session IDs? !

I realize that while testing I'm using the same browser on the same day, but I have added session destroy and setcookie behaviors to the SUCCESS pages, however, I am seeing that in spite of that, eCart is putting in duplicate OrderReferenceID's based upon the session ID of the eCart: a3783893b8761d5110a107a043d4801a is used for 2 transactions made hours apart....

Any suggestions?

Here is the code at the bottom of the success pages:
<?php if (session_id != "" || isset($_COOKIE[session_name()])); session_destroy(); ?>

Do you have session_start() on the success page somewhere (or the cart object which includes that line)? It is possible that the session isn't cleared because it isn't ever properly started.

Originally Said By: Ray Borduin

  Do you have session_start() on the success page somewhere (or the cart object which includes that line)? It is possible that the session isn't cleared because it isn't ever properly started.  

I don't as yet have session start, I tried that but it didn't seem to work... Where are you suggesting on the cart object? Like for every Add to Cart button, (which would empty the cart of other items no? ) or somewhere else?

Try just using:

<?php
// Initialize the session.
session_start();

// Unset all of the session variables.
$_SESSION = array();

// If it's desired to kill the session, also delete the session cookie.
// Note: This will destroy the session, and not just the session data!
if (isset($_COOKIE[session_name()])) {
setcookie(session_name(), '', time()-42000, '/');
}

// Finally, destroy the session.
session_destroy();
?>


instead of what you have. (I got this directly from the session_destroy page at php.net)

to the top of the success page before the clear cart code.

Okay, I'll try it. I thought if you added it to the top of the success page it would destroy the cart data before it is posted ..?

When I put it before the closing body tag I get this error:


Warning: Cannot modify header information - headers already sent by (output started at /usr/www/users/lhunter/checkout_success.php:21) in /usr/www/users/lhunter/checkout_success.php on line 311

Add the session_start line to the top of the page, but add the rest below. That should prevent the error. You may also have to move the setcookie IF statement to the top.

Hi -

I am getting the same error message, ie. "Warning: session_start(): Cannot send session cache limiter - headers already sent (output started at /home/content/M/a/d/Madison1Forms/html/employee/Picnic_2008/index.php:1) in /home/content/M/a/d/Madison1Forms/html/WA_SecurityAssist/Helper_PHP.php on line 5"

and I've googled it and it says to make sure session start command is at the top, and it is. At least, this is what's at the top right now:

<?php require_once( "../../WA_SecurityAssist/Helper_PHP.php" ); ?>
And in that page - this is what is at the top of it:
<?php require_once( "HelperGroupsRulesPHP.php" ); ?>
<?php require_once( "Mail_PHP.php" ); ?>
<?php
if (!isset($_SESSION)) {
session_start();
}

And I've tried moveing these lines: <?php
if (!isset($_SESSION)) {
session_start();
}

above the others and it doesn't help.

Also - I'm not sure why but when using Security Assist - it shows all these pages (in the pages access manager thing) as needing to be a "USER" security - but not all of them have the php functions on top like (what I described above) - so some of those pages don't error out, and I thought I would be able to compare them to see where they're different, and it's because they don't have any user restrictions whatsoever - so of course theres no error message on some of them because there's no code to screw them up. I know this is confusing. So the first problem is that header error message on some of my pages and the other problem is that security assist is showing some pages that require the user to be a "registered USER" but it's not adding the necessary code - and no, they weren't open when I assigned it.

Thanks!

Originally Said By: Ray Borduin

  Add the session_start line to the top of the page, but add the rest below. That should prevent the error. You may also have to move the setcookie IF statement to the top.  

Please post a support incident and include your phone number and a copy of the pages involved. We will probably have to help you debug it.

That did it Ray, thanks. Both If and session start had to be moved to the top to make it work. But the sessions are clearing now. Thanks again.
Jeff