[PHP] Re: problem with sessions config.
N . Boatswain wrote:
Hello guys; i'm having a problem with session behavior; i'm going straight to
it, but first some considerations:
PHP Version 5.2.5IIF 5.1Running on localhost (XP machine)I start sessions at the top of every page.
A the start of a test page, just as example, i do the assignment: $_SESSION[username]
= aaa;
At the end of the same page i print it's value: echo $_SESSION[username];
And i get the layout: aaa, as expecteed.
Then I redirect to another page. On that one, after initializating the session
(session_start();) print again the $_SESSION[username] content and the
result is empty. If i try the same code on a server (all this is on my local machine), the code
works as expected; so i think it is a configuration problem, here is my php.ini part that
correspond to session configuration, so you can tell my if i'm doing anything wrong, long comments
where removed:
[Session]; Handler used to store/retrieve data.session.save_handler = files;session.save_path =
/tmp BC 13/12/07session.save_path=/tmp; Whether to use
cookies.session.use_cookies = 1;session.cookie_secure = ; This option enables administrators to
make their users invulnerable to; attacks which involve passing session ids in URLs; defaults to
0.session.use_only_cookies = 1; Name of the session (used as cookie name).session.name = PHPSESSID;
Initialize session on request startup.session.auto_start = 1; Lifetime in seconds of cookie or, if
0, until browser is restarted.session.cookie_lifetime = 0; The path for which the cookie is
valid.session.cookie_path = /; The domain for which the cookie is valid.session.cookie_domain =;
Whether or not to add the httpOnly flag to the cookie, which makes it inaccessible to browser
scripting languages such as JavaScript.session.cookie_httponly = ; Handler used to serialize data.
php is the standard serializer of PHP.session.serialize_ha
ndler = php; Define the probability that the 'garbage collection' process is
started; on every session initialization.; The probability is calculated by
using gc_probability/gc_divisor,; e.g. 1/100 means there is a 1% chance that
the GC process starts; on each request.session.gc_probability =
1session.gc_divisor = 1000; After this number of seconds, stored data will
be seen as 'garbage' and; cleaned up by the garbage collection
process.session.gc_maxlifetime = 1440session.bug_compat_42 =
0session.bug_compat_warn = 1; Check HTTP Referer to invalidate externally
stored URLs containing ids.; HTTP_REFERER has to contain this substring for the
session to be; considered as valid.session.referer_check =; How many bytes to
read from the file.session.entropy_length = 0; Specified here to create the
session id.session.entropy_file =;session.entropy_length =
16;session.entropy_file = /dev/urandom; Set to {nocache,private,public,} to
determine HTTP caching aspects; or leave this empt
y to avoid sending anti-caching headers.session.cache_limiter = nocache; Document expires after n
minutes.session.cache_expire = 180session.use_trans_sid = 0; Select a hash function; 0: MD5 (128 bits); 1: SHA-1 (160
bits)session.hash_function = 0; Define how many bits are stored in each character when converting; the binary hash data to
something readable.;; 4 bits: 0-9, a-f; 5 bits: 0-9, a-v; 6 bits: 0-9, a-z, A-Z, -,
,session.hash_bits_per_character = 5; The URL rewriter will look for URLs in a defined set of HTML tags.;
form/fieldset are special; if you include them here, the rewriter will; add a hidden input field with the info which
is otherwise appended; to URLs. If you want XHTML conformity, remove the form entry.; Note that all valid entries require a
=, even if no value follows.url_rewriter.tags = a=href,area=href,frame=src,input=src,form=,fieldset=
Well, thanks and sorry for my english;
Nicolás.
_
Watch “Cause Effect,” a show about real people making a real difference. Learn
more.
http://im.live.com/Messenger/IM/MTV/?source=text_watchcause
It works for me; I am using php-5.2.5 with lighttpd and FastCGI.
I called session_start() on both the pages.
and
I have enabled session.use_trans_sid.
You can temporarily override it from the php script by using this -
?
//...other code
ini_set(session.use_trans_sid,1);
//...other code
?
Try and report again.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: problem with sessions config.
Thanks for your answers people; but i'm still having the problem, ¿any approach
to the reason?. Remember everything works fine in on-line servers, so it may
not be a problem of the code, but a config. one;cheers,
Nicolas.
To: php-general@lists.php.net
Date: Sat, 22 Mar 2008 13:58:15 +0530
From: [EMAIL PROTECTED]
Subject: [PHP] Re: problem with sessions config.
N . Boatswain wrote:
Hello guys; i'm having a problem with session behavior; i'm going straight
to it, but first some considerations:
PHP Version 5.2.5IIF 5.1Running on localhost (XP machine)I start sessions
at the top of every page.
A the start of a test page, just as example, i do the assignment:
$_SESSION[username] = aaa;
At the end of the same page i print it's value: echo $_SESSION[username];
And i get the layout: aaa, as expecteed.
Then I redirect to another page. On that one, after initializating the
session (session_start();) print again the $_SESSION[username] content
and the result is empty. If i try the same code on a server (all this is on
my local machine), the code works as expected; so i think it is a
configuration problem, here is my php.ini part that correspond to session
configuration, so you can tell my if i'm doing anything wrong, long
comments where removed:
[Session]; Handler used to store/retrieve data.session.save_handler =
files;session.save_path = /tmp BC 13/12/07session.save_path=/tmp;
Whether to use cookies.session.use_cookies = 1;session.cookie_secure = ;
This option enables administrators to make their users invulnerable to;
attacks which involve passing session ids in URLs; defaults to
0.session.use_only_cookies = 1; Name of the session (used as cookie
name).session.name = PHPSESSID; Initialize session on request
startup.session.auto_start = 1; Lifetime in seconds of cookie or, if 0,
until browser is restarted.session.cookie_lifetime = 0; The path for which
the cookie is valid.session.cookie_path = /; The domain for which the
cookie is valid.session.cookie_domain =; Whether or not to add the httpOnly
flag to the cookie, which makes it inaccessible to browser scripting
languages such as JavaScript.session.cookie_httponly = ; Handler used to
serialize data. php is the standard serializer of PHP.session.serialize_ha
ndler = php; Define the probability that the 'garbage collection' process is
started; on every session initialization.; The probability is calculated by
using gc_probability/gc_divisor,; e.g. 1/100 means there is a 1% chance that
the GC process starts; on each request.session.gc_probability =
1session.gc_divisor = 1000; After this number of seconds, stored data
will be seen as 'garbage' and; cleaned up by the garbage collection
process.session.gc_maxlifetime = 1440session.bug_compat_42 =
0session.bug_compat_warn = 1; Check HTTP Referer to invalidate externally
stored URLs containing ids.; HTTP_REFERER has to contain this substring for
the session to be; considered as valid.session.referer_check =; How many
bytes to read from the file.session.entropy_length = 0; Specified here to
create the session id.session.entropy_file =;session.entropy_length =
16;session.entropy_file = /dev/urandom; Set to {nocache,private,public,} to
determine HTTP caching aspects; or leave this empt
y to avoid sending anti-caching headers.session.cache_limiter = nocache;
Document expires after n minutes.session.cache_expire =
180session.use_trans_sid = 0; Select a hash function; 0: MD5 (128 bits); 1:
SHA-1 (160 bits)session.hash_function = 0; Define how many bits are stored in
each character when converting; the binary hash data to something readable.;;
4 bits: 0-9, a-f; 5 bits: 0-9, a-v; 6 bits: 0-9, a-z, A-Z, -,
,session.hash_bits_per_character = 5; The URL rewriter will look for URLs
in a defined set of HTML tags.; form/fieldset are special; if you include
them here, the rewriter will; add a hidden input field with the info which
is otherwise appended; to URLs. If you want XHTML conformity, remove the
form entry.; Note that all valid entries require a =, even if no value
follows.url_rewriter.tags =
a=href,area=href,frame=src,input=src,form=,fieldset=
Well, thanks and sorry for my english;
Nicolás.
_
Watch “Cause Effect,” a show about real people making a real difference.
Learn more.
http://im.live.com/Messenger/IM/MTV/?source=text_watchcause
It works for me; I am using php-5.2.5 with lighttpd and FastCGI.
I called session_start() on both the pages.
and
I have enabled session.use_trans_sid.
You can temporarily override it from the php script by using this -
?
//...other code
ini_set(session.use_trans_sid,1);
//...other code
?
Try and report again.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Problem with Sessions
Sheni R. Meledath wrote: Hello: Session is not working in PHP script file when executed through the browser IE 5.0 on Windows 2000 platform. In IE latest versions the script is working fine. Does anybody have any solution or report related to this. PHP version on the server is 4.3. Sheni R Meledath [EMAIL PROTECTED] Well ask yourself a couple of questions... 1. Did you do a 'session_start();' at the top of your script? 2. What Web server are you running? (IIS / Apache etc.) 3. Does my PHP.INI file have the session.save_path directive set? 4. In the folder specified by PHP.INI are there any sess_99898... files? 5. Did you post any examples of your code so we can help pinpoint the exact problem? HTH Jas -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Problem with sessions.
On Thu, 19 Dec 2002 16:43:10 -0700, Mike Hillyer [EMAIL PROTECTED] wrote: Hello All; Please forgive me if I am repeating an often asked question, but I am having a problem with sessions. I simply cannot get them to work. The sample code I provide works on another server perfectly, this is the first page: ?PHP session_start(); session_register(name,pass); $name = hilde; $pass = mypassword; echo h1Session variables set!/h1; echo a href=\page2.php\go to next page/a; ? When called, the following file arrives in /tmp: sess_f9c5e87b35ae66eac64a9a346321b269 name|s:5:hilde;pass|s:10:mypassword; So obviously the session file is being created. However, when I go to page2.php?PHPSESSID=f9c5e87b35ae66eac64a9a346321b269 Which has this code: ?PHP session_start(); echo h1The password of $name is $pass /h1; ? I get The Password of is As a response. Both pages work perfectly on another server, so I am having trouble finding the problem, especially since the session file is actually created in /tmp My PHP.ini file is standard to a RedHat RPM install, but I will include it as an attachment. Any help would be greatly appreciated! Mike Hillyer Sounds like one server has registered globals on, and the other doesn't. Try changing your print statement like this: print 'h1The password of ' . $_SESSION['name'] is ' . $_SESSION['pass'] . '/h1'; If you were displaying all errors and *warnings* (error_reporting (E_ALL)), it would have caught something like this. -- sasha -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: Problem with sessions.(Again Sorry :)
Don't cram things into $_SESSION. Use this:
session_register('uid');
global $uid;
$uid = $uinfo[0];
With PHP 4.2, you don't have to use session_register. You can do it
exactly like the OP is. I do it all the time. Whether that is a
feature or a bug, I don't know.
It happens to work because that happens to be how Sessions are implemented
this week.
Programming 101:
Rule #27: Relying on implementation minutia instead of documented functions
is just a Bad Idea (tm).
Use the functions that are documented to work. Anything else is a HACK and
subject to break without notice.
In PHP 4.3 or 5.0 or 7.3.1, when it *DOESN'T* work anymore and you have a
zillion lines of code cramming junk into $_SESSION scattered all through
your application, don't come crying to me. :-)
--
Like Music? http://l-i-e.com/artists.htm
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Re: Problem with sessions.(Again Sorry :)
From: Richard Lynch [mailto:[EMAIL PROTECTED]]
Don't cram things into $_SESSION. Use this:
session_register('uid');
global $uid;
$uid = $uinfo[0];
With PHP 4.2, you don't have to use session_register. You can do it
exactly like the OP is. I do it all the time. Whether that is a
feature or a bug, I don't know.
It happens to work because that happens to be how Sessions are
implemented
this week.
Programming 101:
Rule #27: Relying on implementation minutia instead of documented
functions
is just a Bad Idea (tm).
Use the functions that are documented to work. Anything else is a
HACK
and
subject to break without notice.
In PHP 4.3 or 5.0 or 7.3.1, when it *DOESN'T* work anymore and you
have a
zillion lines of code cramming junk into $_SESSION scattered all
through
your application, don't come crying to me. :-)
Always a good method to follow, but the manual says you can use the
$_SESSION method I gave. There is no need to use session_register() or
the like. I would imagine that the older method would be depreciated
eventually. It's a whole lot easier to just treat sessions like a
variable without that whole register/unregister stuff.
The manual actually cautions against using session_register/unregister
if register_globals is OFF.
http://www.php.net/manual/en/ref.session.php
---John Holmes...
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: Problem with sessions.
php4 sessions or self made?
own session_set_save_handler?
Let us see the login code!
Ok...that's how i would do it:
After successful login i'd register a variable or
set the registered variable to a specific value.
Now i check on every page:
If (!IsSet($_SESSION[myLoginVar] ) || $_SESSION[myLoginVar] != myval)
{
//login page
} Else {
// logged in
}
Regards Michael
Ben Edwards [EMAIL PROTECTED] schrieb im Newsbeitrag
[EMAIL PROTECTED]">news:[EMAIL PROTECTED]...
I am using sessions for holding who is logged in and it is kind of
working. I have got a few emails from customers saying they cant log in
(and seeing as we have had less than 30 orders this is a real problem). I
can log in OK and cant recreate this problem. Any ideas regarding what
this could be would be much appreciated.
I guess if you have cookies turned of it wont work but what else may cause
a problem.
Regards,
Ben
* Ben Edwards +44 (0)117 9400 636 *
* Critical Site Builderhttp://www.criticaldistribution.com *
* online collaborative web authoring content management system *
* Get alt news/viws films onlinehttp://www.cultureshop.org *
* i-Contact Progressive Video http://www.videonetwork.org *
* Smashing the Corporate image http://www.subvertise.org *
* Bristol Indymedia http://bristol.indymedia.org *
* Bristol's radical news http://www.bristle.org.uk *
* PGP : F0CA 42B8 D56F 28AD 169B 49F3 3056 C6DB 8538 EEF8 *
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
