Broken who's online and session information

rudolfl · **Joined:** Wed Jul 15, 2009 8:12 pm **Posts:** 16

Hi, all

CreLoaded 6.4.1a B2B
I found that who's online not working properly. It does not show if customers have shopping cart.
OK, started digging in and found that whos_online module looks in the session information for cart content. Customer session information is extracted from database. However session information does not make sense. Looks like it is an encoded blob.
At the same time, same code runs perfectly OK on a different server. And session information is plain text.

So, now I am stuck. I have no idea if there is a PHP setting that will cause session information to be encrypted. Given it is same code that runs on tw different servers, I assume problem is somewhere in PHP settings.

Anyway, any ideas are greatly appreciated.

Thanks
Rudolf

soundzgood2 · **Posted:** Wed Sep 28, 2011 12:49 pm

Probably got suhosin (hardened php) running on the server where the session data is being written encrypted to the sessions table.

suhosin.session.encrypt = on

Hosting company choice - doubt they'd switch it off. So unless you're on your own box ... that's security for yer.

Simon

rudolfl · **Joined:** Wed Jul 15, 2009 8:12 pm **Posts:** 16

Thanks,

I think you are right -- suhosinis plugin is in use. How does one decode session information when it is encrypted?

Thanks,
Rudolf

soundzgood2 · **Posted:** Thu Sep 29, 2011 2:36 am

rudolfl wrote:

Thanks,

I think you are right -- suhosinis plugin is in use. How does one decode session information when it is encrypted?

Thanks,
Rudolf

Don't think you can - your host would need to disable suhosin.session.encrypt ... as mentioned, doubt they would.

Simon

CRE Loaded Community

Broken who's online and session information

Who is online

Main Menu

Login

Forums Latest Activity

Top Listing

Members Online