PHP 5.2 Sessions

PHP programming forum. Ask questions or help people concerning PHP code. Don't understand a function? Need help implementing a class? Don't understand a class? Here is where to ask. Remember to do your homework!

Moderator: General Moderators

User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

Both files were changed.. and you interacted with each in the "proper" order?
audiodef
Forum Newbie
Posts: 17
Joined: Sun Dec 10, 2006 8:39 am

Post by audiodef »

feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


Yep. Well, apparently, I need to configure something in order to pass session data along without putting the SID in the query string. Straight from php.net, this example code works for the second link, but not the first. What do I need to change to make the first link work?

Code: Select all

<?php
// page1.php

session_start();

echo 'Welcome to page #1';

$_SESSION['favcolor'] = 'green';
$_SESSION['animal']  = 'cat';
$_SESSION['time']    = time();

// Works if session cookie was accepted
echo '<br /><a href="test2.php">page 2</a>';

// Or maybe pass along the session id, if needed
echo '<br /><a href="test2.php?' . SID . '">page 2</a>';
?>

Code: Select all

<?php
// page2.php

session_start();

echo 'Welcome to page #2<br />';

echo $_SESSION['favcolor']; // green
echo $_SESSION['animal'];  // cat
echo date('Y m d H:i:s', $_SESSION['time']);

// You may want to use SID here, like we did in page1.php
echo '<br /><a href="test1.php">page 1</a>';
?>

feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

The session page refers to all the applicable php.ini directives that alter behavior.

http://php.net/ref.session
audiodef
Forum Newbie
Posts: 17
Joined: Sun Dec 10, 2006 8:39 am

Post by audiodef »

It was going through my php.ini and not finding what was wrong that led me here. Here's the session section from my php.ini. Anyone who points out what it takes to get my sessions to work without having to pass the SID in the URL gets my undying thanks.

Code: Select all

[Session]
; Handler used to store/retrieve data.
session.save_handler = files

; Argument passed to save_handler.  In the case of files, this is the path
; where data files are stored. Note: Windows users have to change this
; variable in order to use PHP's session functions.
;
; As of PHP 4.0.1, you can define the path as:
;
;     session.save_path = "N;/path"
;
; where N is an integer.  Instead of storing all the session files in
; /path, what this will do is use subdirectories N-levels deep, and
; store the session data in those directories.  This is useful if you
; or your OS have problems with lots of files in one directory, and is
; a more efficient layout for servers that handle lots of sessions.
;
; NOTE 1: PHP will not create this directory structure automatically.
;         You can use the script in the ext/session dir for that purpose.
; NOTE 2: See the section on garbage collection below if you choose to
;         use subdirectories for session storage
;
; The file storage module creates files using mode 600 by default.
; You can change that by using
;
;     session.save_path = "N;MODE;/path"
;
; where MODE is the octal representation of the mode. Note that this
; does not overwrite the process's umask.
;session.save_path = "/tmp"

; Whether to use cookies.
session.use_cookies = 1

;session.cookie_secure =

; This option enables administrators to make their users invulnerable to
; attacks which involve passing session ids in URLs; defaults to 0.
; session.use_only_cookies = 1

; Name of the session (used as cookie name).
session.name = PHPSESSID

; Initialize session on request startup.
session.auto_start = 0

; Lifetime in seconds of cookie or, if 0, until browser is restarted.
session.cookie_lifetime = 0

; The path for which the cookie is valid.
session.cookie_path = /

; The domain for which the cookie is valid.
session.cookie_domain =

; Whether or not to add the httpOnly flag to the cookie, which makes it inaccessible to browser scripting languages such as JavaScript.
session.cookie_httponly = 

; Handler used to serialize data.  php is the standard serializer of PHP.
session.serialize_handler = php

; Define the probability that the 'garbage collection' process is started
; on every session initialization.
; The probability is calculated by using gc_probability/gc_divisor,
; e.g. 1/100 means there is a 1% chance that the GC process starts
; on each request.

session.gc_probability = 1
session.gc_divisor     = 1000

; After this number of seconds, stored data will be seen as 'garbage' and
; cleaned up by the garbage collection process.
session.gc_maxlifetime = 1440

; NOTE: If you are using the subdirectory option for storing session files
;       (see session.save_path above), then garbage collection does *not*
;       happen automatically.  You will need to do your own garbage
;       collection through a shell script, cron entry, or some other method.
;       For example, the following script would is the equivalent of
;       setting session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes):
;          cd /path/to/sessions; find -cmin +24 | xargs rm

; PHP 4.2 and less have an undocumented feature/bug that allows you to
; to initialize a session variable in the global scope, albeit register_globals
; is disabled.  PHP 4.3 and later will warn you, if this feature is used.
; You can disable the feature and the warning separately. At this time,
; the warning is only displayed, if bug_compat_42 is enabled.

session.bug_compat_42 = 0
session.bug_compat_warn = 1

; Check HTTP Referer to invalidate externally stored URLs containing ids.
; HTTP_REFERER has to contain this substring for the session to be
; considered as valid.
session.referer_check =

; How many bytes to read from the file.
session.entropy_length = 0

; Specified here to create the session id.
session.entropy_file =

;session.entropy_length = 16

;session.entropy_file = /dev/urandom

; Set to {nocache,private,public,} to determine HTTP caching aspects
; or leave this empty to avoid sending anti-caching headers.
session.cache_limiter = nocache

; Document expires after n minutes.
session.cache_expire = 180

; trans sid support is disabled by default.
; Use of trans sid may risk your users security.
; Use this option with caution.
; - User may send URL contains active session ID
;   to other person via. email/irc/etc.
; - URL that contains active session ID may be stored
;   in publically accessible computer.
; - User may access your site with the same session ID
;   always using URL stored in browser's history or bookmarks.
session.use_trans_sid = 0

; Select a hash function
; 0: MD5   (128 bits)
; 1: SHA-1 (160 bits)
session.hash_function = 0

; Define how many bits are stored in each character when converting
; the binary hash data to something readable.
;
; 4 bits: 0-9, a-f
; 5 bits: 0-9, a-v
; 6 bits: 0-9, a-z, A-Z, "-", ","
session.hash_bits_per_character = 5
audiodef
Forum Newbie
Posts: 17
Joined: Sun Dec 10, 2006 8:39 am

Reported as possible bug

Post by audiodef »

Submitted a bug report to bugs.php.net. If anyone sees something obviously wrong with my setup, please let me know and I'll cancel the bug report. Otherwise you can check it out at http://bugs.php.net/bug.php?id=39790.
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

It's not a bug most likely. If it were, we'd have more threads of the same I'd bet. :)

Have you made sure to clear all your cache, history all that jazz to rule out a developer's browser problem? Have you looked at the live headers again to verify that the cookie is attempted to be set?

If all else fails, you can turn on use_trans_sid.
audiodef
Forum Newbie
Posts: 17
Joined: Sun Dec 10, 2006 8:39 am

Post by audiodef »

Yep. Tried it with different browsers too. Nothing I do with browsers, firewall settings and php.ini allows PHP to use sessions without passing the SID. I'm hoping it isn't in fact a bug, but it just seems more and more like there is a particular condition under which this server software version combination keeps PHP sessions from happening, and that somehow on my machine this condition exists. I just wish I were more of a hacker to figure it out.
User avatar
aaronhall
DevNet Resident
Posts: 1040
Joined: Tue Aug 13, 2002 5:10 pm
Location: Back in Phoenix, missing the microbrews
Contact:

Post by aaronhall »

Have you tried setting a cookie with setcookie() and seeing if that persist?
audiodef
Forum Newbie
Posts: 17
Joined: Sun Dec 10, 2006 8:39 am

Post by audiodef »

I setcookie'd one page, name and value only, so it would persist as long as the browser is open, then print_r($_COOKIE) on the next page. I got Array(), meaning it's not persisting. What would I need to do to make that work?
User avatar
aaronhall
DevNet Resident
Posts: 1040
Joined: Tue Aug 13, 2002 5:10 pm
Location: Back in Phoenix, missing the microbrews
Contact:

Post by aaronhall »

Put this into a script, refresh the page a couple of times, and see if you get any output

Code: Select all

<?php
setcookie("TestCookie", "Here is my value for testcookie", time()+3600);

echo $_COOKIE['TestCookie'];
?>
Remember, no white space at the top of the file. Also, check the response headers with livehttpheaders and see if the 'SetCookie' header exists.
audiodef
Forum Newbie
Posts: 17
Joined: Sun Dec 10, 2006 8:39 am

Post by audiodef »

This is getting weird. I got a Notice: Undefined index: TestCookie error. I have cookies from many other sites and use sites that require cookies all the time. So it's not a problem with my browser settings. Apache is allowed by my firewall to do anything - greenlighted across the board (PHP is an apache module on my server). I'm stumped. LiveHTTPHeaders shows no info at all about cookies.
audiodef
Forum Newbie
Posts: 17
Joined: Sun Dec 10, 2006 8:39 am

Post by audiodef »

feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]


I wonder if this has anything to do with it. I tested a file write operation, which failed. $php_errormsg is also unknown, even though track errors is on. However, when I use the commented-out fopen near the top, it works. Somehow it fails the is_writable check, but if you open before checking, it passes. Maybe it's for the same reason cookies aren't being set.

Code: Select all

<?php
$filename = 'test.txt';
$somecontent = "Add this to the file\n";

//fopen($filename,'a') or die($php_errormsg);

// Let's make sure the file exists and is writable first.
if (is_writable($filename)) {

   // In our example we're opening $filename in append mode.
   // The file pointer is at the bottom of the file hence
   // that's where $somecontent will go when we fwrite() it.
   if (!$handle = fopen($filename, 'a')) {
         echo "Cannot open file ($filename)";
         exit;
   }

   // Write $somecontent to our opened file.
   if (fwrite($handle, $somecontent) === FALSE) {
       echo "Cannot write to file ($filename)";
       exit;
   }
  
   echo "Success, wrote ($somecontent) to file ($filename)";
  
   fclose($handle);

} else {
   echo "The file $filename is not writable because: ".$php_errormsg;
}
?>

feyd | Please use

Code: Select all

,

Code: Select all

and [syntax="..."] tags where appropriate when posting code. Your post has been edited to reflect how we'd like it posted. Please read:  [url=http://forums.devnetwork.net/viewtopic.php?t=21171]Posting Code in the Forums[/url] to learn how to do it too.[/color]
User avatar
feyd
Neighborhood Spidermoddy
Posts: 31559
Joined: Mon Mar 29, 2004 3:24 pm
Location: Bothell, Washington, USA

Post by feyd »

With the fopen() line commented, there's no error for PHP to fill the variable with.
User avatar
aaronhall
DevNet Resident
Posts: 1040
Joined: Tue Aug 13, 2002 5:10 pm
Location: Back in Phoenix, missing the microbrews
Contact:

Post by aaronhall »

Have you tried uncommenting session.save_path in php.ini?
audiodef
Forum Newbie
Posts: 17
Joined: Sun Dec 10, 2006 8:39 am

Post by audiodef »

That one one of the first things I did a few days ago, so I've ruled that out. save_path is currently set and appears to be working correctly. Session files are being created in the save_path dir.
Post Reply