Wherein I occasionally rant on various topics including, but not limited to, PHP, Music, and whatever other Topics I find interesting at the moment, including my brain tumor surgery of August 2010.

Friday, October 30, 2009

PHP, Frames, and Sessions

Any time you try to use frames and PHP sessions, you are likely to run into trouble.

It's basically a race condition just waiting to blow up in your face:

1. Frame A sends HTTP request, with no session Cookie
2. PHP/server processes request, with no session Cookie, so creates NEW session
3. Frame B sends HTTP request, with no session Cookie
4. Frame A receives response, with session Cookie from Step 2.
5. PHP/server processes request, with no session Cookie, so creates NEW session
6. Frame B receives response, with different session Cookie from Step 5.

See Step 4 the browser *gets* the cookie it needed in step 3 for there to be just ONE session?

Your best bet is to initialize the session in a frame-less landing page, and then move forward with frames. Once the user has the session Cookie, all the frames can "share" it.

You'll have to redirect a session-less user to that frame-less page and back again, however, which uses up a lot of HTTP connections, and so is resource-intensive.

Note that Frame A and Frame B steps could actually interleave in ANY order, really. Each request is completely independent of the other.

And *some* orderings are actually going to "work", so you may not find this bug until your server gets busy enough that HTTP requests/responses start to lag a little bit.

Tuesday, October 27, 2009


Being in the job market, I'd like to make a modest proposal to HR and recruiters:

Please label jobs where telecommute has geographical restrictions such as "same city" as "tethercommute".

I realize, of course, that coining such a term is no guarantee that it will be accepted in wide usage, but I doubt that anybody is going to misinterpret it.


Monday, October 26, 2009

Dear Sprint; Please update your time servers.

As you may know, I hate daylight savings. It doesn't save anything anymore, if it ever did.

And it's a royal pain.

It's particularly painful to me, since my cell phone is my alarm clock.

And apparently, Sprint / Nextel has still not clued in to the fact that the
United States Congress has changed the dates on which clocks are changed

It is particularly irksome, since I have duly informed Sprint / Nextel of this fact twice a year, every year, since 2007.

Yes, I know I could change the option to take my cell phone off of network server time, and rely on its internal time clock. Unfortunately, the cell phone then lags a minute or two eventually, since it is not synched with a reliable time source.

For $100+ a month, Sprint can find somebody with a clue to update the time zone data on their time servers!

If anybody reads this post and has any contacts at Sprint that can resolve this, please feel free to contact me.