Recently there was a problem with a website that is still in development (That will remain unnamed). For some reason, when you logged in on the admin, everything worked, but when you refreshed the page the tabs that were loaded through ajax would somehow have you logged out (And another refresh after that you were completely logged out).
Someone else had already been trying to figure out this problem for more than a day and was breaking his head over it. Nowhere did the session get destroyed in the admin, or during the ajax requests, and the only location were it got destroyed was in the logout call and on the website when you tried to access a page that doesn’t exist.
I decided to take a look at it, with a mentality of, anything can happen, even if it doesn’t make sense. So first thing I tried was commenting out the session_destroy call in the index, which indeed seemed to resolve the problem.
But the index should never be loaded in the first place. So time to fire-up firebug and let it log all requests made by a single admin page load.
For some reason the admin was indeed loading the website for some odd reason. Now to my surprise as someone suggested, Internet Explorer (Yes you are reading that right) shows where the request originated. Turned out it was being requested through a <script> tag somehow. Coincidentally it seemed that that same script was also erroring.
So after commenting that out (And having the session_destroy enabled again) I tested it again, and yep you remained logged in. Now of course still not satisfied, I had to figure out why it was loading the front-page.
So opening the script there was nothing in there that did even attempt to make a request, so it couldn’t be in the script (This was an exception to the everything is possible rule because this really was too impossible). So then I tried opening the script in the browser, and hey I was redirected to the frontpage.
Okay, I’m getting redirected, but why. Ah yes perhaps the .htaccess will tell me. Upon opening the .htaccess file I found out that it would redirect requests to any folder or file that didn’t exist to the frontpage (With the path of the file as page to request).
So after disabling this rewrite rule the file did indeed not exist, for some reason it got deleted on the dev server. So upon re-upload it worked again. After this to prevent this in the future I also added an exception for js/css files into the htaccess so that those missing would be easier to detect.
Of course I could’ve made more rigorous changes to the project to make this problem impossible to happen, but I was asked to help debug and the way it was built was decided by a team that probably had reasons for why they did it the way they did it (I made suggestions and they’d discuss them).
- Go in with an ‘anything can happen’ mentality, even if it seems impossible it might just not be
- If you’ve been trying to figure out a bug for quite some time, ask someone else to take a look, he/she might have a different viewpoint that’ll help solve the issue
- Internet Explorer can actually be useful
- Why the fuck didn’t other browsers implement the request origin feature (Or why did they make them hard to find I might have overlooked them).
it was a fun challenge to solve this bug, and it made me learn a good deal about solving issues that you wouldn’t get if you were always working on projects you are the sole developer of.