Hi Jochen, thanks, suhosin does indeed seem to be the issue. Now if I can just find a way to disable it without having to put a php.ini in every affected subdirectory...
Fortunately - but even more confusingly - this problem doesn't seem to be occurring in other sites on the same server. Still, small mercies and all that. Thanks Michael and David for your replies as well :) Robert U. On Sep 8, 2:38 pm, Jochen Daum <[email protected]> wrote: > Hi, > > do you have suhosin installed? If yes, turn off session encryption, > either totally or some of the parameters. In short, it will use > - remote IP address > - browser signature > - docroot > > to encrypt your session values, so they can't be accessed by any other > script. I had numerous problems with this including one instance where > Docroot somehow wasn't set when using https vs http. > > HTH > > Jochen Daum > > "There is no shortcut to anywhere worth going" - Beverly Sills > > P.S.: Have you recently changed or set a password? Read > this:http://krunchd.com/goodpasswords > > Automatem Ltd > Phone: 09 630 3425 > Mobile: 021 567 853 > Email: [email protected] > Website:www.automatem.co.nzhttp://nz.linkedin.com/in/automatemhttp://twitter.com/automatem > > On 8 September 2011 10:38, Robert Urquhart <[email protected]> wrote: > > > > > > > > > I have a php curler which has stumped me. > > > Data being stored in $_SESSION by a script in a sub-directory is not > > available to scripts in the webroot directory. It can be passed > > between and across any subdirectories of the webroot just fine (so my > > short-term solution is to move some functionality to a subdirectory > > but this is not ideal). > > > - the webroot scripts are correctly using the same session id. > > > - webroot scripts don't appear to be preserving session data beyond > > their own page load either - it doesn't appear on a refresh or on > > other pages whether also in webroot or in subdirectories > > > - most of the content on webroot pages is output by the exact same > > code as on subdirectory pages - the page files themselves only contain > > some flags and then an include (session_start() is down in the > > include). > > > I'm guessing it's some sort of scoping issue, but I've checked for > > www / not-www switches and suchlike. > > > Anyone run into anything like this before? We recently changed servers > > - I've yet to test on other sites to see if the problem occurs there > > as well (could be a lot of work involved if it does :( ). > > > Robert Urquhart > > > -- > > NZ PHP Users Group:http://groups.google.com/group/nzphpug > > To post, send email to [email protected] > > To unsubscribe, send email to > > [email protected] -- NZ PHP Users Group: http://groups.google.com/group/nzphpug To post, send email to [email protected] To unsubscribe, send email to [email protected]
