Page 1 of 1

Sessions with Register Globals Off.

Posted: Tue Sep 23, 2008 12:01 am
by harryzhong
Hello All.

I recently turned off register_globals on my shared hosting site, by creating a php.ini file with the line in it to turn it off.

Everything works fine, except my session data seems to dissapear after about 2 mins!!

Here is the script I am using to test this.

Code: Select all

<?php
session_start();
 
if(session_is_registered("isSessionActive")){
echo 'session var is registered.<br><br>';
} else {
session_register("isSessionActive");
echo 'session var not registered, just registered it.<br><br>';
}
 
if(empty($_SESSION['isSessionActive'])){
    $_SESSION['isSessionActive'] = 'Session is not active!';
    echo $_SESSION['isSessionActive'];
} else {
    echo 'Session is active.';
}
 
 
?>
When I open a browser and load this page, it says, 'session not registered, just registered it.' & 'Session is not active!'. This makes sense, its the first load, so nothing has been initialized.

When I refresh, I expect to see that the session is registered and is active, which i do.

Now if I leave it for about 2-3 minutes. It goes back to being unregistered! I've tried to print the $_SESSIOn array and its empty!

I've checked my php.ini file and my timeouts for session.gcmaxlifetime is default of 1440 which is i believe 24 minutes.

If i delete the php.ini file i created to turn off register_globals, as in i turn it back on, this problem goes away.

All this is over https, btw.

Am I missing somethign here?

Thanks all.

Re: Sessions with Register Globals Off.

Posted: Tue Sep 23, 2008 3:17 am
by Maugrim_The_Reaper
session_is_registered() shouldn't be used with $_SESSION - the first checks for the existence of global variables in the sessions which are probably no longer present since you disabled register_globals. I'd stick solely to using $_SESSION for everything.

Re: Sessions with Register Globals Off.

Posted: Tue Sep 23, 2008 10:26 am
by harryzhong
Hmmm, do you mean, i don't need to register session variables before using them?

I am using $_SESSION for all my scripts.

My user login area is using $_SESSION to keep track of a login id. On every page load, it checks if that id is there in session & also checks a timestamp in session to gauge inactivity. If its been too long since last activity, it kills the session & prompts for a new login.

But since turning off register_globals, my users are getting kicked out after 2-3 minutes, instead of the 10 minutes I have scripted in my PHP.

Re: Sessions with Register Globals Off.

Posted: Tue Sep 23, 2008 10:49 am
by Maugrim_The_Reaper
You could almost say $_SESSION is a drop in replacement for session_register() especially when you are not using register_globals.

Re: Sessions with Register Globals Off.

Posted: Tue Sep 23, 2008 12:11 pm
by harryzhong
Ok, so I've changed my test code to this:

Code: Select all

<?php
session_start();
 
if(empty($_SESSION['isSessionActive'])){
    $_SESSION['isSessionActive'] = 'Session is not active!';
    echo $_SESSION['isSessionActive'];
} else {
    echo 'Session is active.';
}
 
 
?>
my session still resets after 3 mins. What could be going on?