i have magazine, anonymous user can buy goods, i store goods in table by sessionid of user. when user login, sessionid changes and user lost his goods
any idea how to solve this?
by the way, when user logout, sessionid not changes
i have magazine, anonymous user can buy goods, i store goods in table by sessionid of user. when user login, sessionid changes and user lost his goods
any idea how to solve this?
by the way, when user logout, sessionid not changes
session_id() should not change on login:
Maybe you call ‘different’ domains (localhost, 192.168.1.1, 127.0.0.1,…) so PHP generates another session.
Try/Debug/var_dump by using the basic PHP session operations ($_SESSION, session_id()…) without Yii components.
See this topic too: Transfering data to new session
session_id() change return value after login, but $_SESSION always return the same id, even if i login different browsers\login
array(4) {
["5fe376eaaae6a0cd0417c66ec3084ce4__id"]=>
&string(1) "8"
["5fe376eaaae6a0cd0417c66ec3084ce4__name"]=>
&string(18) "a9615719@nepwk.com"
["5fe376eaaae6a0cd0417c66ec3084ce4email"]=>
&string(18) "a9615719@nepwk.com"
["5fe376eaaae6a0cd0417c66ec3084ce4__states"]=>
&array(1) {
["email"]=>
bool(true)
}
}
5fe376eaaae6a0cd0417c66ec3084ce4 is always same
5fe376eaaae6a0cd0417c66ec3084ce4 has nothing to do with the session_id().
It is the StateKeyPrefix from CWebUser always added as prefix when you use Yii::app()->user->setState(…) (for example on login);
The default StateKeyPrefix is a hash containing the Yii application id.
So it’s possible to distinguish user session values with the same key in different Yii applications on a host, when the same PHP session is used (same browser, same host).
If you want, you can set the StateKeyPrefix manually to by using: Yii::app()->user->setStateKeyPrefix(…).
This can be useful when you want to share session values between different (Yii or none Yii) applications on the same host.
See the code of CWebUser:
/**
* @return string a prefix for the name of the session variables storing user session data.
*/
public function getStateKeyPrefix()
{
if($this->_keyPrefix!==null)
return $this->_keyPrefix;
else
return $this->_keyPrefix=md5('Yii.'.get_class($this).'.'.Yii::app()->getId());
}
public function setState($key,$value,$defaultValue=null)
{
$key=$this->getStateKeyPrefix().$key;
if($value===$defaultValue)
unset($_SESSION[$key]);
else
$_SESSION[$key]=$value;
}
thx, but the main problem - after login session_id() return different id, is it normal behavior? why it happens?
No, this is not the normal behavior.
You have to investigate the login process by using
echo session_id();
on before/after authenticating, showing loginform …
For example in the blog demo the session_id is null on displaying the loginform because no session started.
I don’t know what session values you set for the guest user …
changing sessionID - it’s normal behavior. It’s in Yii core: changeIdentity
Yii::app()->getSession()->regenerateID();
when user login successfully
Yii::app()->user->login($this->_identity,$duration);
Thanks esche, I was wrong and didn’t know.
But as I can see in the sources, the guest-user states will be kept by copying the states to the new session.
So a possible solution for the problem:
Save the current sessionid to users state on selecting the goods.
if(!Yii::app()->user->hasState('goodsSessionId')
Yii::app()->user->setState('goodsSessionId',session_id())
and refer to the Yii::app()->user->getState(‘goodsSessionId’)
when building the query for the goods.
Another way is to override regenerateID() in your own session class extending CHttpSession.
But I think it’s better to use CDBSession
i tried use CDbHttpSession but it change session id too
of course i can override regenerateID, but i think it was done for some reasons(changing session id), but i can’t understand why?