RE: [PHP] Re: problem with sessions config.

[N . Boatswain]

Thanks for your answers people; but i'm still having the problem, ¿any approach 
to the reason?. Remember everything works fine in on-line servers, so it may 
not be a problem of the code, but a config. one;cheers,
Nicolas.


> To: php-general@lists.php.net
> Date: Sat, 22 Mar 2008 13:58:15 +0530
> From: [EMAIL PROTECTED]
> Subject: [PHP] Re: problem with sessions config.
> 
> N . Boatswain wrote:
> > Hello guys; i'm having a problem with session behavior; i'm going straight 
> > to it, but first some considerations:
> > PHP Version 5.2.5IIF 5.1Running on localhost (XP machine)I start sessions 
> > at the top of every page. 
> > 
> > A the start of a test page, just as example, i do the assignment:   
> > $_SESSION["username"] = "aaa";
> > 
> > At the end of the same page i print it's value:  echo $_SESSION["username"];
> > 
> > And i get the layout: "aaa", as expecteed.
> > 
> > Then I redirect to another page. On that one, after initializating the 
> > session ("session_start();") print again the $_SESSION["username"] content 
> > and the result is empty. If i try the same code on a server (all this is on 
> > my local machine), the code works as expected; so i think it is a 
> > configuration problem, here is my php.ini part that correspond to session 
> > configuration, so you can tell my if i'm doing anything wrong, long 
> > comments where removed:
> > 
> > [Session]; Handler used to store/retrieve data.session.save_handler = 
> > files;session.save_path = "/tmp" BC 13/12/07session.save_path="/tmp"; 
> > Whether to use cookies.session.use_cookies = 1;session.cookie_secure = ; 
> > This option enables administrators to make their users invulnerable to; 
> > attacks which involve passing session ids in URLs; defaults to 
> > 0.session.use_only_cookies = 1; Name of the session (used as cookie 
> > name).session.name = PHPSESSID; Initialize session on request 
> > startup.session.auto_start = 1; Lifetime in seconds of cookie or, if 0, 
> > until browser is restarted.session.cookie_lifetime = 0; The path for which 
> > the cookie is valid.session.cookie_path = /; The domain for which the 
> > cookie is valid.session.cookie_domain =; Whether or not to add the httpOnly 
> > flag to the cookie, which makes it inaccessible to browser scripting 
> > languages such as JavaScript.session.cookie_httponly = ; Handler used to 
> > serialize data.  php is the standard serializer of PHP.session.serialize_ha
> ndler = php; Define the probability that the 'garbage collection' process is 
> started; on every session initialization.; The probability is calculated by 
> using gc_probability/gc_divisor,; e.g. 1/100 means there is a 1% chance that 
> the GC process starts; on each request.session.gc_probability = 
> 1session.gc_divisor = 1000; After this number of seconds, stored data 
> will be seen as 'garbage' and; cleaned up by the garbage collection 
> process.session.gc_maxlifetime = 1440session.bug_compat_42 = 
> 0session.bug_compat_warn = 1; Check HTTP Referer to invalidate externally 
> stored URLs containing ids.; HTTP_REFERER has to contain this substring for 
> the session to be; considered as valid.session.referer_check =; How many 
> bytes to read from the file.session.entropy_length = 0; Specified here to 
> create the session id.session.entropy_file =;session.entropy_length = 
> 16;session.entropy_file = /dev/urandom; Set to {nocache,private,public,} to 
> determine HTTP caching aspects; or leave this empt
> y to avoid sending anti-caching headers.session.cache_limiter = nocache; 
> Document expires after n minutes.session.cache_expire = 
> 180session.use_trans_sid = 0; Select a hash function; 0: MD5   (128 bits); 1: 
> SHA-1 (160 bits)session.hash_function = 0; Define how many bits are stored in 
> each character when converting; the binary hash data to something readable.;; 
> 4 bits: 0-9, a-f; 5 bits: 0-9, a-v; 6 bits: 0-9, a-z, A-Z, "-", 
> ","session.hash_bits_per_character = 5; The URL rewriter will look for URLs 
> in a defined set of HTML tags.; form/fieldset are special; if you include 
> them here, the rewriter will; add a hidden  field with the info which 
> is otherwise appended; to URLs.  If you want XHTML conformity, remove the 
> form entry.; Note that all valid entries require a "=", even if no value 
> follows.url_rewriter.tags = 
> "a=href,area=href,frame=src,input=src,form=,fieldset="
> > 
> > Well, thanks and sorry for my english;
> > 
> > Nicolás.
> > 
> > 
> >  
> > ___

[PHP] Re: problem with sessions config.

[Nilesh Govindrajan]

N . Boatswain wrote:

Hello guys; i'm having a problem with session behavior; i'm going straight to 
it, but first some considerations:
PHP Version 5.2.5IIF 5.1Running on localhost (XP machine)I start sessions at the top of every page. 


A the start of a test page, just as example, i do the assignment:   $_SESSION["username"] 
= "aaa";

At the end of the same page i print it's value:  echo $_SESSION["username"];

And i get the layout: "aaa", as expecteed.

Then I redirect to another page. On that one, after initializating the session 
("session_start();") print again the $_SESSION["username"] content and the 
result is empty. If i try the same code on a server (all this is on my local machine), the code 
works as expected; so i think it is a configuration problem, here is my php.ini part that 
correspond to session configuration, so you can tell my if i'm doing anything wrong, long comments 
where removed:

[Session]; Handler used to store/retrieve data.session.save_handler = files;session.save_path = 
"/tmp" BC 13/12/07session.save_path="/tmp"; Whether to use 
cookies.session.use_cookies = 1;session.cookie_secure = ; This option enables administrators to 
make their users invulnerable to; attacks which involve passing session ids in URLs; defaults to 
0.session.use_only_cookies = 1; Name of the session (used as cookie name).session.name = PHPSESSID; 
Initialize session on request startup.session.auto_start = 1; Lifetime in seconds of cookie or, if 
0, until browser is restarted.session.cookie_lifetime = 0; The path for which the cookie is 
valid.session.cookie_path = /; The domain for which the cookie is valid.session.cookie_domain =; 
Whether or not to add the httpOnly flag to the cookie, which makes it inaccessible to browser 
scripting languages such as JavaScript.session.cookie_httponly = ; Handler used to serialize data.  
php is the standard serializer of PHP.session.serialize_ha

ndler = php; Define the probability that the 'garbage collection' process is 
started; on every session initialization.; The probability is calculated by 
using gc_probability/gc_divisor,; e.g. 1/100 means there is a 1% chance that 
the GC process starts; on each request.session.gc_probability = 
1session.gc_divisor = 1000; After this number of seconds, stored data will 
be seen as 'garbage' and; cleaned up by the garbage collection 
process.session.gc_maxlifetime = 1440session.bug_compat_42 = 
0session.bug_compat_warn = 1; Check HTTP Referer to invalidate externally 
stored URLs containing ids.; HTTP_REFERER has to contain this substring for the 
session to be; considered as valid.session.referer_check =; How many bytes to 
read from the file.session.entropy_length = 0; Specified here to create the 
session id.session.entropy_file =;session.entropy_length = 
16;session.entropy_file = /dev/urandom; Set to {nocache,private,public,} to 
determine HTTP caching aspects; or leave this empt
y to avoid sending anti-caching headers.session.cache_limiter = nocache; Document expires after n 
minutes.session.cache_expire = 180session.use_trans_sid = 0; Select a hash function; 0: MD5   (128 bits); 1: SHA-1 (160 
bits)session.hash_function = 0; Define how many bits are stored in each character when converting; the binary hash data to 
something readable.;; 4 bits: 0-9, a-f; 5 bits: 0-9, a-v; 6 bits: 0-9, a-z, A-Z, "-", 
","session.hash_bits_per_character = 5; The URL rewriter will look for URLs in a defined set of HTML tags.; 
form/fieldset are special; if you include them here, the rewriter will; add a hidden  field with the info which 
is otherwise appended; to URLs.  If you want XHTML conformity, remove the form entry.; Note that all valid entries require a 
"=", even if no value follows.url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=,fieldset="


Well, thanks and sorry for my english;

Nicolás.


 
_

Watch “Cause Effect,” a show about real people making a real difference.  Learn 
more.
http://im.live.com/Messenger/IM/MTV/?source=text_watchcause


It works for me; I am using php-5.2.5 with lighttpd and FastCGI.

I called session_start() on both the pages.

and

I have enabled session.use_trans_sid.

You can temporarily override it from the php script by using this -


Try and report again.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: Problem with Sessions

[Jas]

Sheni R. Meledath wrote:
Hello:

Session is not working in PHP script file when executed through the 
browser IE 5.0 on Windows 2000 platform. In IE latest versions the 
script is working fine. Does anybody have any solution or report related 
to this. PHP version on the server is 4.3.

Sheni R Meledath
[EMAIL PROTECTED]
Well ask yourself a couple of questions...
1. Did you do a 'session_start();' at the top of your script?
2. What Web server are you running? (IIS / Apache etc.)
3. Does my PHP.INI file have the session.save_path directive set?
4. In the folder specified by PHP.INI are there any sess_99898... files?
5. Did you post any examples of your code so we can help pinpoint the 
exact problem?

HTH
Jas
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: Problem with sessions.

[sasha]

On Thu, 19 Dec 2002 16:43:10 -0700, Mike Hillyer 
<[EMAIL PROTECTED]> wrote:

Hello All;

Please forgive me if I am repeating an often asked question, but I am 
having
a problem with sessions. I simply cannot get them to work.

The sample code I provide works on another server perfectly, this is the
first page:



session_start();
session_register("name","pass");
$name = "hilde";
$pass = "mypassword";
echo "Session variables set!";
echo "go to next page";

?>

When called, the following file arrives in /tmp:

sess_f9c5e87b35ae66eac64a9a346321b269

name|s:5:"hilde";pass|s:10:"mypassword";



So obviously the session file is being created.
However, when I go to 
page2.php?PHPSESSID=f9c5e87b35ae66eac64a9a346321b269
Which has this code:


session_start();
echo "The password of $name is $pass ";

?>

I get "The Password of  is "

As a response. Both pages work perfectly on another server, so I am 
having
trouble finding the problem, especially since the session file is 
actually
created in /tmp

My PHP.ini file is standard to a RedHat RPM install, but I will include 
it
as an attachment.

Any help would be greatly appreciated!

Mike Hillyer


Sounds like one server has registered globals on, and the other doesn't.  
Try changing your print statement like this:

print 'The password of ' . $_SESSION['name'] is ' . $_SESSION['pass'] . 
'';

If you were displaying all errors and *warnings* (error_reporting (E_ALL)), 
it would have caught something like this.

--
sasha

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] Re: Problem with sessions.(Again Sorry :)

[John Holmes]

> From: Richard Lynch [mailto:[EMAIL PROTECTED]]
> 
> >> Don't cram things into $_SESSION.  Use this:
> >>
> >> session_register('uid');
> >> global $uid;
> >> $uid = $uinfo[0];
> >
> >With PHP 4.2, you don't have to use session_register. You can do it
> >exactly like the OP is. I do it all the time. Whether that is a
> >"feature" or a bug, I don't know.
> 
> It happens to work because that happens to be how Sessions are
implemented
> this week.
> 
> 
> Programming 101:
> Rule #27:  Relying on implementation minutia instead of documented
> functions
> is just a Bad Idea (tm).
> 
> 
> Use the functions that are documented to work.  Anything else is a
HACK
> and
> subject to break without notice.
> 
> In PHP 4.3 or 5.0 or 7.3.1, when it *DOESN'T* work anymore and you
have a
> zillion lines of code cramming junk into $_SESSION scattered all
through
> your application, don't come crying to me. :-)

Always a good method to follow, but the manual says you can use the
$_SESSION method I gave. There is no need to use session_register() or
the like. I would imagine that the older method would be depreciated
eventually. It's a whole lot easier to just treat sessions like a
variable without that whole register/unregister stuff.

The manual actually cautions against using session_register/unregister
if register_globals is OFF. 

http://www.php.net/manual/en/ref.session.php

---John Holmes...


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] Re: Problem with sessions.(Again Sorry :)

[Richard Lynch]

>> Don't cram things into $_SESSION.  Use this:
>> 
>> session_register('uid');
>> global $uid;
>> $uid = $uinfo[0];
>
>With PHP 4.2, you don't have to use session_register. You can do it
>exactly like the OP is. I do it all the time. Whether that is a
>"feature" or a bug, I don't know.

It happens to work because that happens to be how Sessions are implemented
this week.


Programming 101:
Rule #27:  Relying on implementation minutia instead of documented functions
is just a Bad Idea (tm).


Use the functions that are documented to work.  Anything else is a HACK and
subject to break without notice.

In PHP 4.3 or 5.0 or 7.3.1, when it *DOESN'T* work anymore and you have a
zillion lines of code cramming junk into $_SESSION scattered all through
your application, don't come crying to me. :-)

-- 
Like Music?  http://l-i-e.com/artists.htm


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

[PHP] Re: Problem with sessions.

[Michael Virnstein]

php4 sessions or self made?
own session_set_save_handler?
Let us see the login code!

Ok...that's how i would do it:
After successful login i'd register a variable or
set the registered variable to a specific value.
Now i check on every page:

If (!IsSet($_SESSION["myLoginVar"] ) || $_SESSION["myLoginVar"] != "myval")
{
//login page
} Else {
// logged in
}

Regards Michael


"Ben Edwards" <[EMAIL PROTECTED]> schrieb im Newsbeitrag
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
> I am using sessions for holding who is logged in and it is kind of
> working.  I have got a few emails from customers saying they cant log in
> (and seeing as we have had less than 30 orders this is a real problem).  I
> can log in OK and cant recreate this problem.  Any ideas regarding what
> this could be would be much appreciated.
>
> I guess if you have cookies turned of it wont work but what else may cause
> a problem.
>
> Regards,
> Ben
>
> 
> * Ben Edwards  +44 (0)117 9400 636 *
> * Critical Site Builderhttp://www.criticaldistribution.com *
> * online collaborative web authoring content management system *
> * Get alt news/viws films onlinehttp://www.cultureshop.org *
> * i-Contact Progressive Video  http://www.videonetwork.org *
> * Smashing the Corporate image   http://www.subvertise.org *
> * Bristol Indymedia   http://bristol.indymedia.org *
> * Bristol's radical news http://www.bristle.org.uk *
> * PGP : F0CA 42B8 D56F 28AD 169B  49F3 3056 C6DB 8538 EEF8 *
> 
>



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php