ID: 30026 Updated by: [EMAIL PROTECTED] Reported By: p dot kruijsen at mssm dot nl Status: Bogus Bug Type: Session related Operating System: Windows XP / Redhat Linux PHP Version: Irrelevant New Comment:
You don't understand how sessions work then. It doesn't matter that the session data is on the server. Unless you send the session identifier with your request you won't be able to get it. When you fopen() or include over HTTP the session cookie is not sent with the request because you haven't told it you wanted to send it. Like I said before, if you want to do this use the curl functions and explicitly send the session cookie with your request. Further questions should be on the support mailing lists. This is not a support forum. Previous Comments: ------------------------------------------------------------------------ [2004-09-15 14:21:51] [EMAIL PROTECTED] Sorry, but your problem does not imply a bug in PHP itself. For a list of more appropriate places to ask for help using PHP, please visit http://www.php.net/support.php as this bug system is not the appropriate forum for asking support questions. Thank you for your interest in PHP. This is still not a bug. Please go to our support channels. ------------------------------------------------------------------------ [2004-09-15 14:17:36] p dot kruijsen at mssm dot nl Please not that I am not trying to send any session or cookie information along with my request. I specifically want to use the session information that is already present at the server to which I make the request. Maybe it's better to assume a 'fopen' rather then an 'include'. If I sign in to server.com and type http://server.com/check by hand in a browser, I might recieve a 'You are signed in' message based on a $_SESSION variable that was set. If I fopen(http://server.com/check) from another server and print the contents I get 'You are not signed in, please sign in'. The $_SESSION variable that is already present and set at server.com (this is the key: I'm not sending anything!) is not used when opening the server.com/check url via fopen() or include(). I cannot understand the difference between opening a URL by hand or by opening it and showing its contents via fopen(). Hope this clarifies. Thanks. ------------------------------------------------------------------------ [2004-09-08 17:21:09] [EMAIL PROTECTED] You are assuming a URL include will send cookie information along with the request. That is not the case. You will have to do that yourself if that is what you want. See php.net/curl for everything you need to send a request which includes the session cookie. ------------------------------------------------------------------------ [2004-09-08 14:58:38] p dot kruijsen at mssm dot nl Description: ------------ When include()ing a url through HTTP, $_SESSION variables in the requested page are lost. Opening the same url by hand does preserve the $_SESSION variables. Testcase: Bootstrap a session variable on server1. (OK) Test bootstrap by invoking script on server1. (OK) Invoke script on server2 that includes script on server1. ($_SESSION is lost) This behaviour occurs on various operating systems with various up to date versions of PHP. I suspect this to be some form of security guarantee built into PHP. However, I see no difference in security level between include()ing a file in a script and opening it by hand. Reproduce code: --------------- <?php // server1.com/bootstrap.php session_start(); $_SESSION['bootstrap'] = 'OK'; echo('OK'); ?> <?php // server1.com/test.php session_start(); $_SESSION['server1'] = 'OK'; echo('<pre>server1: $_SESSION = '); print_r($_SESSION); echo('</pre>'); ?> <?php // server2.com/test.php session_start(); include('http://server1.com/test.php'); $_SESSION['server2'] = 'OK'; echo('<pre>server2: $_SESSION = '); print_r($_SESSION); echo('</pre>'); ?> Expected result: ---------------- // invoke server1.com/bootstrap.php OK // invoke server1.com/test.php server1: $_SESSION = Array ( [bootstrap] => OK [server1] => OK ) // invoke server2.com/test.php server1: $_SESSION = Array ( [bootstrap] => OK [server1] => OK ) server2: $_SESSION = Array ( [server2] => OK ) Actual result: -------------- // invoke server2.com/test.php server1: $_SESSION = Array ( [server1] => OK ) server2: $_SESSION = Array ( [server2] => OK ) // Ths initial bootstrap variable is missing from $_SESSION on server1 ------------------------------------------------------------------------ -- Edit this bug report at http://bugs.php.net/?id=30026&edit=1