Page 1 of 1

Lost session problem

Posted: Sat Aug 23, 2008 6:41 am
by mvijfwinkel
Hello everybody!

I'm banging my head against this for a long while now, so it's time to throw it in the group (if only to share the pain :wink: ).

I have a website which is basically an image gallery. For some users (less than 1%) the session is not remembered when a new window is opened, which leads to the login being lost.

I'm passing the session data in the url with PHPSESSID=, but Apaches error log is full of the following errors (also for my own IP).

Code: Select all

PHP Warning:  Unknown: The session id contains illegal characters, valid characters are a-z, A-Z, 0-9 and '-,' in Unknown on line 0, referer: http://server1.cgtextures.com/texview.p ... b63127aeed
PHP Warning:  Unknown: Failed to write session data (files). Please verify that the current setting of session.save_path is correct (/var/lib/php/session) in Unknown on line 0, referer: http://server1.cgtextures.com/texview.p ... b63127aeed
As you can see the session doesn't seem to contain any illegal characters, is there another reason why it would log such an error?
Even though the error logs state that the session data cannot be written, they are still sucessfully written in /var/lib/php/session, with the correct data in the file.

I get the session data with: $session_propagator = '&PHPSESSID=' . session_id(); and simple glue it to the end of the URL in the link. (I have tried getting the session name as well, in case the browser has a custom session name, but this doesn't solve the problem).

Re: Lost session problem

Posted: Sat Aug 23, 2008 3:06 pm
by jaoudestudios
Why do you send it through the url?

use session_start(); and you can do it all behind the scenes.

Re: Lost session problem

Posted: Sun Aug 24, 2008 1:45 am
by mvijfwinkel
I'm also using session_start(), but this is not a reliable method when images are opened in a new window. If I wouldn't pass it with the URL also an even bigger percentage of the user would loose its login.

Re: Lost session problem

Posted: Sun Aug 24, 2008 3:27 am
by jaoudestudios
I do not pass it through the url and have never had a problem with users loosing login or popups. Though try to use popups as little as possible as people have these blocked. If you want to show an enlarged image use JS lightbox, it has the same effect (actually better) but it wont be considered a popup by the browser.

You must have session_start on every page! Otherwise it will be lost.

Re: Lost session problem

Posted: Mon Aug 25, 2008 3:34 am
by mvijfwinkel
The problem has been solved, I had a iframe in my page which picked up the session in an incorrect manner. (I totally forgot about this IFrame, and the referrer in the error log was not giving the correct address!)

Thanks for the help!