RE: [PHP] msession - giving me a hard time
Mea culpa!! Even if my PHP is version 4.3.3, I had to compile it with '--enable-trans-sid' in the configure. Now it works. Faulty PHP doc: PHP is capable of transforming links transparently. Unless you are using PHP 4.2 or later, you need to enable it manually when building PHP. Under UNIX, pass --enable-trans-sid to configure. If this build option and the run-time option session.use_trans_sid are enabled, relative URIs will be changed to contain the session id automatically. Now all works. Thanks for your consistent and thorough help, Guillaume -Original Message- From: CPT John W. Holmes [mailto:[EMAIL PROTECTED] Sent: Monday, November 17, 2003 11:16 AM To: Guillaume Dupuis Cc: [EMAIL PROTECTED] Subject: Re: [PHP] msession - giving me a hard time From: "Guillaume Dupuis" <[EMAIL PROTECTED]> > This works. My second page has the suffix '?PHPSESSID=e6t9tu43j9tj39j...', > that matches the 'echo $sessid' I've added to your script above, so this > part did work. But to test it, I do this in my second page: > > session_start(); > $sessid = session_id(); > echo $sessid; > ?> > > $sessid does echo a session_id... but not the one as the one I passed > it!!?!?! And I do see the right SID in the Address bar! No reason that shouldn't be working. Let's help out PHP a little more... Try that. You're telling PHP to use the session id passed in the URL (which it should do by default, anyhow) by calling the session_id() function before session_start(). Are you clearing your cookies while doing all of this? session_start() on the second page may be picking up an old cookie instead of picking up the value in the URL... ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] msession - giving me a hard time
From: "Guillaume Dupuis" <[EMAIL PROTECTED]> > This works. My second page has the suffix '?PHPSESSID=e6t9tu43j9tj39j...', > that matches the 'echo $sessid' I've added to your script above, so this > part did work. But to test it, I do this in my second page: > > session_start(); > $sessid = session_id(); > echo $sessid; > ?> > > $sessid does echo a session_id... but not the one as the one I passed > it!!?!?! And I do see the right SID in the Address bar! No reason that shouldn't be working. Let's help out PHP a little more... Try that. You're telling PHP to use the session id passed in the URL (which it should do by default, anyhow) by calling the session_id() function before session_start(). Are you clearing your cookies while doing all of this? session_start() on the second page may be picking up an old cookie instead of picking up the value in the URL... ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] msession - giving me a hard time
> Now, if you don't see any session ID appended to the URL, that means SID > is empty and you're more than likely depending upon cookies. So, you > need to retrieve the session id and append it to the URL yourself. > > $sessname = session_name(); > $sessid = session_id(); > @ echo $sessid; > > echo "Server 2"; > ?> This works. My second page has the suffix '?PHPSESSID=e6t9tu43j9tj39j...', that matches the 'echo $sessid' I've added to your script above, so this part did work. But to test it, I do this in my second page: $sessid does echo a session_id... but not the one as the one I passed it!!?!?! And I do see the right SID in the Address bar! What the ??? Thanks in advance. Guillaume P.S. PHP v4.3.3, with MSESSION v1.21 downloaded 2 weeks ago, thanks :) -Original Message- From: John W. Holmes [mailto:[EMAIL PROTECTED] Sent: Friday, November 14, 2003 8:29 PM To: Guillaume Dupuis Cc: [EMAIL PROTECTED] Subject: Re: [PHP] msession - giving me a hard time Guillaume Dupuis wrote: > This is now my initial page: > > session_start($_GET['SID']); > echo SID; > ?> > > And it returns nothing to me. Heh... okay, let's start over. From Server1: If you create a link like this: Server 2 Do you see the session ID appended to that URL? If you do, then a simple session_start() on the server2/page.php will be enough to continue the session. Now, if you don't see any session ID appended to the URL, that means SID is empty and you're more than likely depending upon cookies. So, you need to retrieve the session id and append it to the URL yourself. Server 2"; ?> Now, you should see a link that has something like PHPSESSID=X. Again, a simple session_start() on the next page will continue the session. So, to recap: 1. Both servers only use session_start(). 2. When linking between servers, you must pass the session ID in the URL using one of the above methods 3. When staying on the same server, it appears the session ID is being passed around in a cookie, so you don't need to do anything to those links. Hope this helps some more... :) -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals – www.phparch.com > -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] msession - giving me a hard time
John W. Holmes wrote: Heh... okay, let's start over. From Server1: If you create a link like this: Server 2 The problem with SID is that it is defined as session_name=session_id if the client did not send session cookie. Otherwise it will be an empty string. So the proper way is Server 2 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] msession - giving me a hard time
Guillaume Dupuis wrote: This is now my initial page: And it returns nothing to me. Heh... okay, let's start over. From Server1: If you create a link like this: Server 2 Do you see the session ID appended to that URL? If you do, then a simple session_start() on the server2/page.php will be enough to continue the session. Now, if you don't see any session ID appended to the URL, that means SID is empty and you're more than likely depending upon cookies. So, you need to retrieve the session id and append it to the URL yourself. echo "Server 2"; ?> Now, you should see a link that has something like PHPSESSID=X. Again, a simple session_start() on the next page will continue the session. So, to recap: 1. Both servers only use session_start(). 2. When linking between servers, you must pass the session ID in the URL using one of the above methods 3. When staying on the same server, it appears the session ID is being passed around in a cookie, so you don't need to do anything to those links. Hope this helps some more... :) -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals – www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] msession - giving me a hard time
--- Guillaume Dupuis <[EMAIL PROTECTED]> wrote: > session_start($_GET['SID']); > echo SID; > ?> I think SID is a constant that will be something like this: ?PHPSESSID=12345 or nothing. It is this way so that you can use it to append to a URL, and it will not add anything to the URL if there is no session defined. So, something like this: http://example.org/ I missed the first part of this thread, so my apologies if this answer misses the mark. Hope that helps. Chris = Chris Shiflett - http://shiflett.org/ PHP Security Handbook Coming mid-2004 HTTP Developer's Handbook http://httphandbook.org/ RAMP Training Courses http://www.nyphp.org/ramp -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] msession - giving me a hard time
Quote from PHP Manual: "PHP is capable of transforming links transparently. Unless you are using PHP 4.2 or later, you need to enable it manually when building PHP. Under UNIX, pass --enable-trans-sid to configure. If this build option and the run-time option session.use_trans_sid are enabled, relative URIs will be changed to contain the session id automatically." I have 4.1.2 installed. Thanks, Guillaume -Original Message- From: Guillaume Dupuis [mailto:[EMAIL PROTECTED] Sent: Friday, November 14, 2003 6:20 PM To: CPT John W. Holmes; [EMAIL PROTECTED] Subject: RE: [PHP] msession - giving me a hard time This is now my initial page: And it returns nothing to me. I must be retarded, your explanation is s simple! Thanks again, Guillaume -Original Message- From: CPT John W. Holmes [mailto:[EMAIL PROTECTED] Sent: Friday, November 14, 2003 5:57 PM To: Guillaume Dupuis; [EMAIL PROTECTED] Subject: Re: [PHP] msession - giving me a hard time From: "Guillaume Dupuis" <[EMAIL PROTECTED]> > I've tried your suggestion and yes, I am transferring the SID variable to > the next page... but I don't know if I am doing the this right. > > This is the code I use: > --- > session_start(); > $SID = session_id(); > echo $SID; > ?> > > LinuxBox2 > --- If you used session_start($_GET['SID']); on your pages, this would work. The session ID that PHP is looking for is named PHPSESSID by default. That's why you should use the SID _constant_ http://192.0.1.7/use.session.php?">LinuxBox2 If PHP doesn't pick up a session id, you'll just end up with a new one created the next time you call session_start(). > So to recap: > 1- Do I need session_start() at the beginning of each php pages? Yes, you need it on any page you want to access the session in. > 2- Do I need msession_connect/create? Dunno about that... > 3- Am I right to use $SID as a good tracking assumption (if I get the same > SID thru several pages, this means msession works well???)? If you get the same session id after calling session_start() on your pages, then yes, it should be working. Using the above method with SID should get you this. ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] msession - giving me a hard time
This is now my initial page: And it returns nothing to me. I must be retarded, your explanation is s simple! Thanks again, Guillaume -Original Message- From: CPT John W. Holmes [mailto:[EMAIL PROTECTED] Sent: Friday, November 14, 2003 5:57 PM To: Guillaume Dupuis; [EMAIL PROTECTED] Subject: Re: [PHP] msession - giving me a hard time From: "Guillaume Dupuis" <[EMAIL PROTECTED]> > I've tried your suggestion and yes, I am transferring the SID variable to > the next page... but I don't know if I am doing the this right. > > This is the code I use: > --- > session_start(); > $SID = session_id(); > echo $SID; > ?> > > LinuxBox2 > --- If you used session_start($_GET['SID']); on your pages, this would work. The session ID that PHP is looking for is named PHPSESSID by default. That's why you should use the SID _constant_ http://192.0.1.7/use.session.php?">LinuxBox2 If PHP doesn't pick up a session id, you'll just end up with a new one created the next time you call session_start(). > So to recap: > 1- Do I need session_start() at the beginning of each php pages? Yes, you need it on any page you want to access the session in. > 2- Do I need msession_connect/create? Dunno about that... > 3- Am I right to use $SID as a good tracking assumption (if I get the same > SID thru several pages, this means msession works well???)? If you get the same session id after calling session_start() on your pages, then yes, it should be working. Using the above method with SID should get you this. ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] msession - giving me a hard time
From: "Guillaume Dupuis" <[EMAIL PROTECTED]> > I've tried your suggestion and yes, I am transferring the SID variable to > the next page... but I don't know if I am doing the this right. > > This is the code I use: > --- > session_start(); > $SID = session_id(); > echo $SID; > ?> > > LinuxBox2 > --- If you used session_start($_GET['SID']); on your pages, this would work. The session ID that PHP is looking for is named PHPSESSID by default. That's why you should use the SID _constant_ http://192.0.1.7/use.session.php?">LinuxBox2 If PHP doesn't pick up a session id, you'll just end up with a new one created the next time you call session_start(). > So to recap: > 1- Do I need session_start() at the beginning of each php pages? Yes, you need it on any page you want to access the session in. > 2- Do I need msession_connect/create? Dunno about that... > 3- Am I right to use $SID as a good tracking assumption (if I get the same > SID thru several pages, this means msession works well???)? If you get the same session id after calling session_start() on your pages, then yes, it should be working. Using the above method with SID should get you this. ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] msession - giving me a hard time
Hi John, I've tried your suggestion and yes, I am transferring the SID variable to the next page... but I don't know if I am doing the this right. This is the code I use: --- LinuxBox2 --- This seems to work, since when I open the page on LinuxBox2, will return me the same SID, without doing any session_connect, msession_create, etc (according to the LITTLE documentation there is, this should be correct... right?). Where I get confused is that I thought that we needed to do a session_start() at the beginning of each pages (to get a working session), and that if you already had a working session session_start() would return you this ID, unchanged, and if you did not have any started, session_start() would create you a new one. When I do this on the second page of the example above, I always get assigned a new SID: am I using msession properly? Then I started doubting that maybe I had to use msession_connect/create/etc to get this working (even if the docs said "If msession is used as the PHP session handler, this call should not be made.", which is the case of my php.ini)... but alas, nothing improved, it even got worst: $SID was inexistent... so the documentaion was right after all. So to recap: 1- Do I need session_start() at the beginning of each php pages? 2- Do I need msession_connect/create? 3- Am I right to use $SID as a good tracking assumption (if I get the same SID thru several pages, this means msession works well???)? Thanks to all in advance, your help is greatly appreciated, Guillaume -Original Message- From: CPT John W. Holmes [mailto:[EMAIL PROTECTED] Sent: Thursday, November 13, 2003 3:16 PM To: Guillaume Dupuis; [EMAIL PROTECTED] Subject: Re: [PHP] msession - giving me a hard time From: "Guillaume Dupuis" <[EMAIL PROTECTED]> > Now, I am testing the interaction of 2+ servers working together. From > SERVERA I create and echo the my SID using "echo session_start(); echo > session_id();echo $SID;", and then I follow a link (within the same browser > session) to SERVERB and then do the exact same 3 calls. > > They give me different $SID ??? When you go from SERVERA to SERVERB, you do not carry over the same session ID, though. SERVERB, not seeing a session id passed to it, starts it's own session. You need to pass SID in the URL when linking to the different servers. No way around this. The session id can be carried in the cookies once you're operating on the same server, but when going from one server to another, you must manually pass it. http://SERVERB?">SERVERB ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] msession - giving me a hard time
--- Marek Kilimajer <[EMAIL PROTECTED]> wrote: > msession provides data storage, but you need a way to associate a > session with browser, this is usualy done with cookies and GET and POST > variables. Since cookies are send only to the originating domain, they > are ruled out if you wont to pass the session ID to another domain. You > need to use GET or POST variable. Yes, but a cluster (the intended environment for msession) often has a single domain. It can have multiple domains, but I don't think it is safe to assume that is the case here. You can have a virtual IP and a load balancer to distribute the requests, round-robin DNS, or probably some other solution I may not be aware of. Regardless, the browser only distinguishes according to the domain name when deciding which cookies to send. Hope that helps. Chris = Chris Shiflett - http://shiflett.org/ PHP Security Handbook Coming mid-2004 HTTP Developer's Handbook http://httphandbook.org/ RAMP Training Courses http://www.nyphp.org/ramp -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] msession - giving me a hard time
Chris Shiflett wrote: Are SERVERA and SERVERB in the same cluster? I might be misunderstanding the situation here, but I thought this was the point of msession - to provide a seamless session data store among a cluster of servers without needing to store the session data in a database. I would think that whether the session ID was passed on the URL, in a cookie, or anything else, it would be sent with each request, because the browser doesn't distinguish between the servers - the load balancer handles all of the requests. Chris msession provides data storage, but you need a way to associate a session with browser, this is usualy done with cookies and GET and POST variables. Since cookies are send only to the originating domain, they are ruled out if you wont to pass the session ID to another domain. You need to use GET or POST variable. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] msession - giving me a hard time
--- "CPT John W. Holmes" <[EMAIL PROTECTED]> wrote: > > Now, I am testing the interaction of 2+ servers working together. From > > SERVERA I create and echo the my SID using "echo session_start(); echo > > session_id();echo $SID;", and then I follow a link (within the same > > browser session) to SERVERB and then do the exact same 3 calls. > > > > They give me different $SID ??? > > When you go from SERVERA to SERVERB, you do not carry over the same > session ID, though. SERVERB, not seeing a session id passed to it, > starts it's own session. You need to pass SID in the URL when linking > to the different servers. Are SERVERA and SERVERB in the same cluster? I might be misunderstanding the situation here, but I thought this was the point of msession - to provide a seamless session data store among a cluster of servers without needing to store the session data in a database. I would think that whether the session ID was passed on the URL, in a cookie, or anything else, it would be sent with each request, because the browser doesn't distinguish between the servers - the load balancer handles all of the requests. Chris = My Blog http://shiflett.org/ HTTP Developer's Handbook http://httphandbook.org/ RAMP Training Courses http://www.nyphp.org/ramp -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] msession - giving me a hard time
From: "Guillaume Dupuis" <[EMAIL PROTECTED]> > Now, I am testing the interaction of 2+ servers working together. From > SERVERA I create and echo the my SID using "echo session_start(); echo > session_id();echo $SID;", and then I follow a link (within the same browser > session) to SERVERB and then do the exact same 3 calls. > > They give me different $SID ??? When you go from SERVERA to SERVERB, you do not carry over the same session ID, though. SERVERB, not seeing a session id passed to it, starts it's own session. You need to pass SID in the URL when linking to the different servers. No way around this. The session id can be carried in the cookies once you're operating on the same server, but when going from one server to another, you must manually pass it. http://SERVERB?">SERVERB ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] msession - giving me a hard time
Guillaume Dupuis wrote: Hi, I need to keep the same session between several php servers, so I decided to go with msession. Apache(2.0.47), php(4.3.3) and msession(the latest downloaded last week) are all installed on both of my Linux servers (both RedHat 7.2). When I test them independently, all seems to work well, Gd :) Now, I am testing the interaction of 2+ servers working together. From SERVERA I create and echo the my SID using "echo session_start(); echo session_id();echo $SID;", and then I follow a link (within the same browser session) to SERVERB and then do the exact same 3 calls. They give me different $SID ??? I was expecting the same $SID for both SERVERX's, since they should get their SID from the msession server... right??? Wrong, the browser sends the SID, either in a cookie or GET or POST variable. Cookies are binded to the domain where they originated so you need to pass the SID constant in url when linking to the other server. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] msession - giving me a hard time
Hi, I need to keep the same session between several php servers, so I decided to go with msession. Apache(2.0.47), php(4.3.3) and msession(the latest downloaded last week) are all installed on both of my Linux servers (both RedHat 7.2). When I test them independently, all seems to work well, Gd :) Now, I am testing the interaction of 2+ servers working together. From SERVERA I create and echo the my SID using "echo session_start(); echo session_id();echo $SID;", and then I follow a link (within the same browser session) to SERVERB and then do the exact same 3 calls. They give me different $SID ??? I was expecting the same $SID for both SERVERX's, since they should get their SID from the msession server... right??? If my assumption is right, then what am I missing? they both point (in php.ini) to the same 'session.save_path' to the msession server and both have msession as the 'session.save_handler'. My Client is IE 6.0.2800. Thanks in advance, Guillaume Dupuis -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] msession - giving me a hard time
Hi, I need to keep the same session between several php servers, so I decided to go with msession. Apache(2.0.47), php(4.3.3) and msession(the latest downloaded last week) are all installed on both of my Linux servers (both RedHat 7.2). When I test them independently, all seems to work well, Gd :) Now, I am testing the interaction of 2+ servers working together. From SERVERA I create and echo the my SID using "echo session_start(); echo session_id();echo $SID;", and then I follow a link (within the same browser session) to SERVERB and then do the exact same 3 calls. They give me different $SID ??? I was expecting the same $SID for both SERVERX's, since they should get their SID from the msession server... right??? If my assumption is right, then what am I missing? they both point (in php.ini) to the same 'session.save_path' to the msession server and both have msession as the 'session.save_handler'. My Client is IE 6.0.2800. Thanks in advance, Guillaume Dupuis
