[PHP] Re: SSL & normal sessions stored differently?
Jesse Guardiani wingnet.net> writes: > > James Benson jamesbenson.co.uk> writes: > > > > > Could it be you have two differnt domain names, PHP could be using a > > different cookie/session for each one. > > Yeah, but I'm setting the session_id manually. I've checked my session > storage path and only one file is created with that session id. Wouldn't > force feeding PHP the session id override any domain problems anyway? > > I think the problem is that I have session.auto_start turned on. I can't > turn it off for fear of breaking a production site. > > Is there any way to feed PHP a session id with auto_start ON? Here's a solution I found: I'm just passing the session_id via GET to the secure site, then doing this on the index page: session_write_close(); if (isset($_GET['PHPSESSID'])) { session_id($_GET['PHPSESSID']); } session_start(); I had tried that yesterday, but it didn't work. The trick in this case (since auto_start is ON) is to call 'session_write_close();' before setting the session_id. Nothing magic about it after all. :) Thanks for the help! -- Jesse Guardiani [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: SSL & normal sessions stored differently?
James Benson jamesbenson.co.uk> writes: > > Could it be you have two differnt domain names, PHP could be using a > different cookie/session for each one. Yeah, but I'm setting the session_id manually. I've checked my session storage path and only one file is created with that session id. Wouldn't force feeding PHP the session id override any domain problems anyway? I think the problem is that I have session.auto_start turned on. I can't turn it off for fear of breaking a production site. Is there any way to feed PHP a session id with auto_start ON? -- Jesse Guardiani [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: SSL & normal sessions stored differently?
Could it be you have two differnt domain names, PHP could be using a different cookie/session for each one. Jesse Guardiani wrote: Hello, I'm running php-4.3.2-19.ent under httpd-2.0.46-44.ent on Red Hat Enterprise Linux ES release 3 (Taroon Update 4). Here is my Session section of php.ini: -- [Session] session.save_handler = files session.use_cookies = 1 session.name = PHPSESSID session.auto_start = 1 session.cookie_lifetime = 0 session.cookie_path = / session.cookie_domain = session.serialize_handler = php session.gc_probability = 1 session.gc_divisor = 200 session.gc_maxlifetime = 36000 session.referer_check = session.entropy_length = 0 session.entropy_file = session.entropy_length = 16 session.entropy_file = /dev/urandom session.cache_limiter = nocache session.cache_expire = 0 session.use_trans_sid = 1 -- My problem is that normal session variables don't seem to be accessible from an instance of PHP servicing an SSL connection. For example, I can put this in test.php: session_id('bob'); session_start(); echo var_export($_SESSION,true); And get different results depending on whether I call: http://www.example.com/test.php Or: https://secure.example.com/test.php The session variables seem to be stored in different places, even though the save_path is identical. Does anyone know why this happens and/or how to work around it? Thanks! Jesse Guardiani [EMAIL PROTECTED] -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php