On Tue, May 25, 2004 at 07:37:47AM +0100, Peter Risdon wrote: > Michael R. Wayne wrote: > > >In my continuing efforts to actually get sessions to work, I upgraded > >to PHP 4.3.6 and apache 1.3.31. This did not make the slighest > >difference. > > > >So, does ANYone have ideas of how to debug this? Or is PHP simply > >broken and no longer able to maintain sessions? > > I've just been debugging some session problems. Successfully, but there > is something rather brittle in there somewhere
It seems that people have forgotten last week's postings. To recap: Session support worked fine in 4.1.2. It's broken in 4.3.4 and 4.3.6. The relevant session variables are: Session Support enabled (as per phpinfo) session.auto_start On or Off (makes no difference) session.use_cookies Off <- not using cookies session.name PHPSESSID session.use_trans_sid Off (trans_sid worked with forms in 4.1.2) session.gc_maxlifetime 1440 Other things people have asked about: url_rewriter.tags a=href,area=href,frame=src,input=src,form=fakeentry Environment FreeBSD 4.8, Apache/1.3.31 (Unix) PHP/4.3.6 mod_ssl/2.8.17 OpenSSL/0.9.7d The session directory is writable and the files are getting properly written to that directory as shown below. I invoke the script from a browser and see the following: Stage:0 SessionID: 509012dd5633cba355c270f3934d1201 _______ [Submit] Stage:1 SessionID: 509012dd5633cba355c270f3934d1201 Request: Array ( ) GET: Array ( ) POST: Array ( [field] => ) COOKIE: Array ( ) Checking the session directory, I see an appropriately named file: -rw------- 1 nobody msen 10 May 25 12:00 sess_509012dd5633cba355c270f3934d1201 containing stage|i:1; The Apache log contains two lines. The first does not contain the browser version and the second one does: "GET /g/xxx.php HTTP/1.0" "GET /g/xxx.php HTTP/1.0" 200 476 "-" "Mozilla/4.0 (compatible; MSIE 6.0; MSIE 5.5; Windows 98) Opera 7.02 [en]" So I enter foo in the form and hit Submit. The browser screen shows that the script failed to use the session variable, but it remembers it: Stage:0 SessionID: d7002911afdc01a5218e06af2b8f02ad foo____ [Submit] Stage:1 SessionID: d7002911afdc01a5218e06af2b8f02ad Request: Array ( [PHPSESSID] => 509012dd5633cba355c270f3934d1201 [field] => foo ) GET: Array ( [PHPSESSID] => 509012dd5633cba355c270f3934d1201 ) POST: Array ( [field] => foo ) COOKIE: Array ( ) The session directory now contains TWO files: -rw------- 1 nobody msen 10 May 25 12:00 sess_509012dd5633cba355c270f3934d1201 -rw------- 1 nobody msen 10 May 25 12:03 sess_d7002911afdc01a5218e06af2b8f02ad each containing: stage|i:1; and the Apache log once again has two lines. The browser has passed back the original session ID but PHP has ignored it and assigned a new one. "POST /g/xxx.php?PHPSESSID=509012dd5633cba355c270f3934d1201 HTTP/1.0" 200 605 "POST /g/xxx.php?PHPSESSID=509012dd5633cba355c270f3934d1201 HTTP/1.0" 200 605 "http://SERVER/xxx.php"; "Mozilla/4.0 (compatible; MSIE 5.0; Windows 2000) Opera 6.05 [en]" Now, I hit Submit once more and PHP does manage to re-use the session! And it will continue to do so until the script is re-invoked by another browser: Stage:1 SessionID: d7002911afdc01a5218e06af2b8f02ad foo____ [Submit] Stage:1 SessionID: d7002911afdc01a5218e06af2b8f02ad Request: Array ( [PHPSESSID] => d7002911afdc01a5218e06af2b8f02ad [field] => foo ) GET: Array ( [PHPSESSID] => d7002911afdc01a5218e06af2b8f02ad ) POST: Array ( [field] => foo ) COOKIE: Array ( ) the session directory remains unchanged other than access time on the reused session: -rw------- 1 nobody msen 10 May 25 12:00 sess_509012dd5633cba355c270f3934d1201 -rw------- 1 nobody msen 10 May 25 12:13 sess_d7002911afdc01a5218e06af2b8f02ad each containing: stage|i:1; The Apache log once again contains two lines: "POST /g/xxx.php?PHPSESSID=d7002911afdc01a5218e06af2b8f02ad HTTP/1.0" 200 605 "POST /g/xxx.php?PHPSESSID=d7002911afdc01a5218e06af2b8f02ad HTTP/1.0" 200 605 "http://SERVER/xxx.php?PHPSESSID=509012dd5633cba355c270f3934d1201"; "Mozilla/4.0 (compatible; MSIE 5.0; Windows 2000) Opera 6.05 [en]" And, finally, here is the test script. Install it as xxx.php if you want to test it: <? if (!session_id()) session_start(); if (!isset($_SESSION['stage'])) $_SESSION['stage'] = 0; if (!isset($_POST['field'])) $_POST['field'] = ""; ?> <html><head><title>PHP Test page</title></head><body> <? echo "Stage:"; echo $_SESSION['stage']; echo " SessionID: "; echo session_id(); $_SESSION['stage'] = 1; ?> <form method="post" action="xxx.php?<?= SID; ?>"> <input type="text" maxlength="7" size="7" name="field" value="<?echo $_POST['field']?>"> <input type="submit" value="Submit"> </form> <? echo "Stage:"; echo $_SESSION['stage']; echo " "; echo " SessionID: "; echo session_id(); echo "<br>"; echo " Request: "; print_r($_REQUEST); echo "<br>GET: "; print_r($_GET); echo " POST: "; print_r($_POST); echo " COOKIE: "; print_r($_COOKIE); ?> </body></html> -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
