[PHP] Re: SSL normal sessions stored differently?
Could it be you have two differnt domain names, PHP could be using a
different cookie/session for each one.
Jesse Guardiani wrote:
Hello,
I'm running php-4.3.2-19.ent under httpd-2.0.46-44.ent on Red Hat Enterprise
Linux ES release 3 (Taroon Update 4). Here is my Session section of php.ini:
--
[Session]
session.save_handler = files
session.use_cookies = 1
session.name = PHPSESSID
session.auto_start = 1
session.cookie_lifetime = 0
session.cookie_path = /
session.cookie_domain =
session.serialize_handler = php
session.gc_probability = 1
session.gc_divisor = 200
session.gc_maxlifetime = 36000
session.referer_check =
session.entropy_length = 0
session.entropy_file =
session.entropy_length = 16
session.entropy_file = /dev/urandom
session.cache_limiter = nocache
session.cache_expire = 0
session.use_trans_sid = 1
--
My problem is that normal session variables don't seem to be accessible from an
instance of PHP servicing an SSL connection. For example, I can put this in
test.php:
session_id('bob');
session_start();
echo var_export($_SESSION,true);
And get different results depending on whether I call:
http://www.example.com/test.php
Or:
https://secure.example.com/test.php
The session variables seem to be stored in different places, even though the
save_path is identical.
Does anyone know why this happens and/or how to work around it?
Thanks!
Jesse Guardiani
[EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: SSL normal sessions stored differently?
James Benson jb at jamesbenson.co.uk writes: Could it be you have two differnt domain names, PHP could be using a different cookie/session for each one. Yeah, but I'm setting the session_id manually. I've checked my session storage path and only one file is created with that session id. Wouldn't force feeding PHP the session id override any domain problems anyway? I think the problem is that I have session.auto_start turned on. I can't turn it off for fear of breaking a production site. Is there any way to feed PHP a session id with auto_start ON? -- Jesse Guardiani [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: SSL normal sessions stored differently?
Jesse Guardiani jesse at wingnet.net writes:
James Benson jb at jamesbenson.co.uk writes:
Could it be you have two differnt domain names, PHP could be using a
different cookie/session for each one.
Yeah, but I'm setting the session_id manually. I've checked my session
storage path and only one file is created with that session id. Wouldn't
force feeding PHP the session id override any domain problems anyway?
I think the problem is that I have session.auto_start turned on. I can't
turn it off for fear of breaking a production site.
Is there any way to feed PHP a session id with auto_start ON?
Here's a solution I found: I'm just passing the session_id via GET
to the secure site, then doing this on the index page:
session_write_close();
if (isset($_GET['PHPSESSID'])) {
session_id($_GET['PHPSESSID']);
}
session_start();
I had tried that yesterday, but it didn't work. The trick in this case
(since auto_start is ON) is to call 'session_write_close();' before
setting the session_id. Nothing magic about it after all. :)
Thanks for the help!
--
Jesse Guardiani
[EMAIL PROTECTED]
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
