Page 1 of 1

Session vars not lasting beyond a page

Posted: Sun Feb 25, 2007 2:50 pm
by mjseaden
Hi,

This issue may be related to my previous issue, regarding PHP creating a new session for a PHP script called via an IMG tag.

I have an admin script, called 'admin' (no PHP extension, Apache is configured to execute admin as a PHP script). When you first go to the page, the user is presented with a login page.

The login page has a 'session_start()' at the beginning. Looking at my cookies directory, when this page loads, PHP writes a cookie to my C:\Temp directory with a unique ID.

The script calls 'admin' again, which this time detects the $_POST variables sent by the login page, and accordingly writes a session variable indicating the user is logged on, with the intention of using this as a login test later on (the usual method, in other words).

However, expecting the session to be preserved between calls to the 'admin' script, PHP instead writes a new session. It correctly writes to this session, but as soon as you go off the page - for example by calling 'admin' directly again via the browser - it loses it, because it writes a whole new session again!

Why am I losing sessions between page loads - why aren't they being preserved across page calls, as you would expect? Config issue?

Many thanks

Posted: Sun Feb 25, 2007 2:59 pm
by Ambush Commander
PHP does not write "cookies" to your session directory. I would hazard maybe Windows is garbage-cleaning your sessions directory too aggressively: try putting it somewhere else. You may also want to post some code.

Posted: Sun Feb 25, 2007 3:01 pm
by mjseaden
My PHP session session.save_path is equal to C:\Temp, however my session.cookie_path is curiously just equal '\' - could this be something to do with it? What does it mean '\'?

Posted: Sun Feb 25, 2007 3:04 pm
by mjseaden
Hi Ambush Commander,

I can see the sessions being written to my directory, which I've now moved to C:\Apache\Session, and windows isn't deleting session files between pages - it's writing different session files indicating different session ids being chosen.

Posted: Sun Feb 25, 2007 3:08 pm
by Ambush Commander
It's irrelevant for our purposes, but session.cookie_path determines for what paths is the default session cookie valid for. For example, if you were to set it to /foobar, the session cookie would only get set by the browser when you were in files in the http://localhost/foobar directory, and not say a http://localhost/baz directory.

Okay, next question: is your browser accepting cookies? Try var_dump($_COOKIE); on admin, you should get a value that looks like PHPSESSID => 39842y343ja9w8ryaw38 which should be staying constant.

Posted: Sun Feb 25, 2007 4:04 pm
by mjseaden
Hi ambush commander

No, i seem to be getting 'array(0) {}' rather than any cookie id.

I'll check my browser settings.

Posted: Sun Feb 25, 2007 4:06 pm
by mjseaden
...my browser is set to accept cookies, so it doesn't look like it's a browser settings issue.

Posted: Sun Feb 25, 2007 4:16 pm
by volka
please try

Code: Select all

<?php
error_reporting(E_ALL);
ini_set('display_errors', true);
session_start();

if ( !isset($_SESSION['xyz']) || !is_array($_SESSION['xyz']) ) {
	$_SESSION['xyz'] = array();
}

$_SESSION['xyz'][] = date('H:i:s');
?>
<html>
	<head><title>session test</title></head>
	<body>
		<a href="<?php echo $_SERVER['PHP_SELF']; ?>">re-load page</a><br />
		self: <?php echo $_SERVER['PHP_SELF']; ?><br />
		session_name: <?php echo session_name(); ?><br />
		session_id: <?php echo session_id(); ?><br />
		<pre>coookie_params: <?php var_export(session_get_cookie_params()); ?></pre>
		<pre>cookies: <?php var_export($_COOKIE); ?></pre>
		<pre>session: <?php var_export($_SESSION); ?></pre>
	</body>
</html>
when you press the link and reload the page session_name and session_id shouldn't change but a new line should be appended to session: each time. Does this work? If not, please post the output.

Posted: Sun Feb 25, 2007 4:31 pm
by mjseaden
Could this be something to do with the fact that I'm using a local server and localhost?

Posted: Sun Feb 25, 2007 4:35 pm
by mjseaden
Hi, many thanks for your test script. Here's the output:

Code: Select all

re-load page
self: /cookies.php
session_name: PHPSESSID
session_id: q2nfro1b4851mp92h1m1kghj31

coookie_params: array (
  'lifetime' => 0,
  'path' => '\\',
  'domain' => '',
  'secure' => false,
)

cookies: array (
)

session: array (
  'xyz' => 
  array (
    0 => '22:35:26',
  ),
)
And then

Code: Select all

re-load page
self: /cookies.php
session_name: PHPSESSID
session_id: d5jeq24ut5tbedclk62aqgp582

coookie_params: array (
  'lifetime' => 0,
  'path' => '\\',
  'domain' => '',
  'secure' => false,
)

cookies: array (
)

session: array (
  'xyz' => 
  array (
    0 => '22:35:49',
  ),
)
There's no preservation of the session id, and there's no appending of the array - it all gets reset. At least that's established, but I don't know if this is a configuration issue or not?

Posted: Sun Feb 25, 2007 4:36 pm
by volka
Mechanism is the same.

Posted: Sun Feb 25, 2007 4:40 pm
by volka
mjseaden wrote:coookie_params: array (
'lifetime' => 0,
'path' => '\\',
'domain' => '',
'secure' => false,
)

cookies: array (
)
empty array _COOKIE means your browser did not accept the cookie.
'path' => '\\' ? Did you play with session.cookie_path? Please remove that line from your php.in then restart the webserver.

Posted: Sun Feb 25, 2007 4:47 pm
by mjseaden
Hi. I've removed the cookie_path line from my PHP.ini, and restarted Apache, and now the output is:

Code: Select all

re-load page
self: /cookies.php
session_name: PHPSESSID
session_id: vpbsjbfelrq9rev2r1q5vr0bd4

coookie_params: array (
  'lifetime' => 0,
  'path' => '/',
  'domain' => '',
  'secure' => false,
)

cookies: array (
  'PHPSESSID' => 'vpbsjbfelrq9rev2r1q5vr0bd4',
)

session: array (
  'admin_valid_user' => '3dfec677ecf45d4c3da3df311b98ea95',
  'xyz' => 
  array (
    0 => '22:45:38',
  ),
)
And then:

Code: Select all

re-load page
self: /cookies.php
session_name: PHPSESSID
session_id: vpbsjbfelrq9rev2r1q5vr0bd4

coookie_params: array (
  'lifetime' => 0,
  'path' => '/',
  'domain' => '',
  'secure' => false,
)

cookies: array (
  'PHPSESSID' => 'vpbsjbfelrq9rev2r1q5vr0bd4',
)

session: array (
  'admin_valid_user' => '3dfec677ecf45d4c3da3df311b98ea95',
  'xyz' => 
  array (
    0 => '22:45:38',
    1 => '22:47:31',
  ),
)
So it now seems to be working. I honestly don't remember changing the cookie path in my PHP ini file - I doubt very much it's the default though.

Thanks for helping out, that probably solves my other issue too I hope.

Cheers