[PHP] Session Vars not staying active
Hi all, I am having trouble with session vars. I'm trying to implement the credit card direct pay method outlined here... http://developer.authorize.net/api/dpm/ - Basically, page 1 is my form that goes outside my site to the cc gateway company then comes back with a result... (PG2) Problem: if I try to create session vars on page 1 - they don't work on page 2. Am I correct in thinking that when this process leaves my site and goes to the gateway, then returns, it is similar to creating a new session and that is why the session vars don't remain active? Thanks in advance. -- Thanks, Dave - DealTek deal...@gmail.com [db-3]
Re: [PHP] Session Vars not staying active
On Aug 3, 2013 3:03 PM, dealTek deal...@gmail.com wrote: Hi all, I am having trouble with session vars. I'm trying to implement the credit card direct pay method outlined here... http://developer.authorize.net/api/dpm/ - Basically, page 1 is my form that goes outside my site to the cc gateway company then comes back with a result... (PG2) Problem: if I try to create session vars on page 1 - they don't work on page 2. Am I correct in thinking that when this process leaves my site and goes to the gateway, then returns, it is similar to creating a new session and that is why the session vars don't remain active? Thanks in advance. Are you calling session_start() on both pages or at least using a session auto start? Also, is the API returning the data by redirecting the client (browser) or doing a postback? If the remote server is calling back behind the scenes, then you'll need a workaround and additional processing, or the ability to pass the session ID and assume the client-initiated session (not ideal). If it's all processed by the browser, the redirection should have no bearing, as the session will persist based upon the server-side data and the client-side cookie; the server will have no knowledge of the client's redirection to the payment gateway (nor any remote destination).
[PHP] Session variable not persisting
Hi all,
I'll be swift in my explanation as I can't find in any way the source of the
problem; it seems to be installation-related.
At execution, sometimes (randomly it seems at first), variable session aren't
properly stored.
=
First things first, about installation :
uname -a -m -p yields :
Linux cl-t180-253cl.privatedns.com 2.6.18-308.1.1.el5 #1 SMP Wed Mar 7 04:16:51
EST 2012 x86_64 x86_64 x86_64 GNU/Linux
php -v yields :
PHP 5.3.3 (cli) (built: Jun 27 2012 12:25:48)
Copyright (c) 1997-2010 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2010 Zend Technologies
=
To make sure it is not caused by any other part of my scripts, I just created
two scripts that have replicated the problem :
SCRIPT #1 [ping.php]
?php
session_start();
if(count($_SESSION['in'])==0){
$_SESSION['in'][0]='0-initiate';
} else {
$_SESSION['in'][] = count($_SESSION['in']).$_GET['push'];
}
if(count($_SESSION['in'])1000){
$rand = rand(0, 100);
?
meta http-equiv=refresh content=0;URL='pong.php?push=?php echo
$rand; ?'
?php
} else {
var_dump($_SESSION);
}
?
SCRIPT #2 [pong.php]
?php
session_start();
if(count($_SESSION['in'])==0){
$_SESSION['in'][0]='0-initiate';
} else {
$_SESSION['in'][] = count($_SESSION['in']).$_GET['push'];
}
if(count($_SESSION['in'])1000){
$rand = rand(0, 100);
?
meta http-equiv=refresh content=0;URL='ping.php?push=?php echo
$rand; ?'
?php
} else {
var_dump($_SESSION);
}
?
##
In fact, when I run this on my server I randomly have empty entries in the
$_SESSION array. Any thoughts on this? Is this a known bug (haven't found it…)
Thanks!
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session variable not persisting
On Mon, Mar 18, 2013 at 7:46 PM, Éric Oliver Paquette eopaque...@gmail.comwrote: Hi all, I'll be swift in my explanation as I can't find in any way the source of the problem; it seems to be installation-related. At execution, sometimes (randomly it seems at first), variable session aren't properly stored. In fact, when I run this on my server I randomly have empty entries in the $_SESSION array. Any thoughts on this? Is this a known bug (haven't found it…) Thanks! What does phpinfo() show about session stuff? Especially things like save_handler and cookie_lifetime settings. - Matijn
Re: [PHP] Session variable not persisting
On Mon, Mar 18, 2013 at 7:46 PM, Éric Oliver Paquette eopaque...@gmail.com wrote: Hi all, I'll be swift in my explanation as I can't find in any way the source of the problem; it seems to be installation-related. At execution, sometimes (randomly it seems at first), variable session aren't properly stored. In fact, when I run this on my server I randomly have empty entries in the $_SESSION array. Any thoughts on this? Is this a known bug (haven't found it…) Thanks! What does phpinfo() show about session stuff? Especially things like save_handler and cookie_lifetime settings. Note that this seems to occur 3 times out of 1000 on average. Now, about your request : session Session Support enabled Registered save handlersfiles user Registered serializer handlers php php_binary wddx Directive Local Value Master Value session.auto_start Off Off session.bug_compat_42 Off Off session.bug_compat_warn Off Off session.cache_expire180 180 session.cache_limiter nocache nocache session.cookie_domain no valueno value session.cookie_httponly Off Off session.cookie_lifetime 0 0 session.cookie_path / / session.cookie_secure Off Off session.entropy_fileno valueno value session.entropy_length 0 0 session.gc_divisor 10001000 session.gc_maxlifetime 14401440 session.gc_probability 1 1 session.hash_bits_per_character 5 5 session.hash_function 0 0 session.namePHPSESSID PHPSESSID session.referer_check no valueno value session.save_handlerfiles files session.save_path /var/lib/php/session/var/lib/php/session session.serialize_handler php php session.use_cookies On On session.use_only_cookiesOn On session.use_trans_sid 0 0 __ Éric
Re: [PHP] Session variable not persisting
On Mon, Mar 18, 2013 at 8:13 PM, Éric Oliver Paquette eopaque...@gmail.comwrote: On Mon, Mar 18, 2013 at 7:46 PM, Éric Oliver Paquette eopaque...@gmail.com wrote: Hi all, I'll be swift in my explanation as I can't find in any way the source of the problem; it seems to be installation-related. At execution, sometimes (randomly it seems at first), variable session aren't properly stored. In fact, when I run this on my server I randomly have empty entries in the $_SESSION array. Any thoughts on this? Is this a known bug (haven't found it…) Thanks! What does phpinfo() show about session stuff? Especially things like save_handler and cookie_lifetime settings. Note that this seems to occur 3 times out of 1000 on average. Now, about your request : session Session Support enabled Registered save handlers files user Registered serializer handlers php php_binary wddx Directive Local Value Master Value session.auto_start Off Off session.bug_compat_42 Off Off session.bug_compat_warn Off Off session.cache_expire 180 180 session.cache_limiter nocache nocache session.cookie_domain no value no value session.cookie_httponly Off Off session.cookie_lifetime 0 0 session.cookie_path / / session.cookie_secure Off Off session.entropy_file no value no value session.entropy_length 0 0 session.gc_divisor 1000 1000 session.gc_maxlifetime 1440 1440 session.gc_probability 1 1 session.hash_bits_per_character 5 5 session.hash_function 0 0 session.name PHPSESSID PHPSESSID session.referer_check no value no value session.save_handler files files session.save_path /var/lib/php/session /var/lib/php/session session.serialize_handler php php session.use_cookies On On session.use_only_cookies On On session.use_trans_sid 0 0 Your settings seem to be fine. My best guess would be hardware failure, though it seems unlikely. Did you check apache (or whatever webserver you're using) logs for any errors or warnings? - Matijn
Re: [PHP] Session variable not persisting
Le 2013-03-18 à 15:20, Matijn Woudt a écrit : On Mon, Mar 18, 2013 at 8:13 PM, Éric Oliver Paquette eopaque...@gmail.com wrote: On Mon, Mar 18, 2013 at 7:46 PM, Éric Oliver Paquette eopaque...@gmail.com wrote: Hi all, I'll be swift in my explanation as I can't find in any way the source of the problem; it seems to be installation-related. At execution, sometimes (randomly it seems at first), variable session aren't properly stored. In fact, when I run this on my server I randomly have empty entries in the $_SESSION array. Any thoughts on this? Is this a known bug (haven't found it…) Thanks! What does phpinfo() show about session stuff? Especially things like save_handler and cookie_lifetime settings. Note that this seems to occur 3 times out of 1000 on average. Now, about your request : session Session Support enabled Registered save handlers files user Registered serializer handlersphp php_binary wddx Directive Local Value Master Value session.auto_startOff Off session.bug_compat_42 Off Off session.bug_compat_warn Off Off session.cache_expire 180 180 session.cache_limiter nocache nocache session.cookie_domain no valueno value session.cookie_httponly Off Off session.cookie_lifetime 0 0 session.cookie_path / / session.cookie_secure Off Off session.entropy_file no valueno value session.entropy_length0 0 session.gc_divisor10001000 session.gc_maxlifetime14401440 session.gc_probability1 1 session.hash_bits_per_character 5 5 session.hash_function 0 0 session.name PHPSESSID PHPSESSID session.referer_check no valueno value session.save_handler files files session.save_path /var/lib/php/session/var/lib/php/session session.serialize_handler php php session.use_cookies On On session.use_only_cookies On On session.use_trans_sid 0 0 Your settings seem to be fine. My best guess would be hardware failure, though it seems unlikely. Did you check apache (or whatever webserver you're using) logs for any errors or warnings? Yes I did. Everyhting seems normal there too.
Re: [PHP] Session variable not persisting
Le 2013-03-18 à 15:24, Éric Oliver Paquette a écrit : Le 2013-03-18 à 15:20, Matijn Woudt a écrit : On Mon, Mar 18, 2013 at 8:13 PM, Éric Oliver Paquette eopaque...@gmail.com wrote: On Mon, Mar 18, 2013 at 7:46 PM, Éric Oliver Paquette eopaque...@gmail.com wrote: Hi all, I'll be swift in my explanation as I can't find in any way the source of the problem; it seems to be installation-related. At execution, sometimes (randomly it seems at first), variable session aren't properly stored. In fact, when I run this on my server I randomly have empty entries in the $_SESSION array. Any thoughts on this? Is this a known bug (haven't found it…) Thanks! What does phpinfo() show about session stuff? Especially things like save_handler and cookie_lifetime settings. Note that this seems to occur 3 times out of 1000 on average. Now, about your request : session Session Support enabled Registered save handlers files user Registered serializer handlers php php_binary wddx DirectiveLocal Value Master Value session.auto_start Off Off session.bug_compat_42Off Off session.bug_compat_warn Off Off session.cache_expire 180 180 session.cache_limiternocache nocache session.cookie_domainno valueno value session.cookie_httponly Off Off session.cookie_lifetime 0 0 session.cookie_path / / session.cookie_secureOff Off session.entropy_file no valueno value session.entropy_length 0 0 session.gc_divisor 10001000 session.gc_maxlifetime 14401440 session.gc_probability 1 1 session.hash_bits_per_character 5 5 session.hash_function0 0 session.name PHPSESSID PHPSESSID session.referer_checkno valueno value session.save_handler files files session.save_path/var/lib/php/session/var/lib/php/session session.serialize_handlerphp php session.use_cookies On On session.use_only_cookies On On session.use_trans_sid0 0 Your settings seem to be fine. My best guess would be hardware failure, though it seems unlikely. Did you check apache (or whatever webserver you're using) logs for any errors or warnings? Yes I did. Everyhting seems normal there too. Hm… Just noticed something new in fact; was looking a last time before considering reinstallation on a new server: it seems that the $_GET['push'] is undefined. In the other scripts I use where I have this problem, I'm using $_POST variables though but still don't get stored in $_SESSION. If I'm correct, this may implies that it is apache that is faulty right?
Re: [PHP] Session variable not persisting
On Mon, Mar 18, 2013 at 8:35 PM, Éric Oliver Paquette eopaque...@gmail.comwrote: Le 2013-03-18 à 15:24, Éric Oliver Paquette a écrit : Le 2013-03-18 à 15:20, Matijn Woudt a écrit : On Mon, Mar 18, 2013 at 8:13 PM, Éric Oliver Paquette eopaque...@gmail.com wrote: On Mon, Mar 18, 2013 at 7:46 PM, Éric Oliver Paquette eopaque...@gmail.com wrote: Hi all, I'll be swift in my explanation as I can't find in any way the source of the problem; it seems to be installation-related. At execution, sometimes (randomly it seems at first), variable session aren't properly stored. In fact, when I run this on my server I randomly have empty entries in the $_SESSION array. Any thoughts on this? Is this a known bug (haven't found it…) Thanks! What does phpinfo() show about session stuff? Especially things like save_handler and cookie_lifetime settings. Note that this seems to occur 3 times out of 1000 on average. Now, about your request : session Session Support enabled Registered save handlers files user Registered serializer handlers php php_binary wddx Directive Local Value Master Value session.auto_start Off Off session.bug_compat_42 Off Off session.bug_compat_warn Off Off session.cache_expire 180 180 session.cache_limiter nocache nocache session.cookie_domain no value no value session.cookie_httponly Off Off session.cookie_lifetime 0 0 session.cookie_path / / session.cookie_secure Off Off session.entropy_file no value no value session.entropy_length 0 0 session.gc_divisor 1000 1000 session.gc_maxlifetime 1440 1440 session.gc_probability 1 1 session.hash_bits_per_character 5 5 session.hash_function 0 0 session.name PHPSESSID PHPSESSID session.referer_check no value no value session.save_handler files files session.save_path /var/lib/php/session /var/lib/php/session session.serialize_handler php php session.use_cookies On On session.use_only_cookies On On session.use_trans_sid 0 0 Your settings seem to be fine. My best guess would be hardware failure, though it seems unlikely. Did you check apache (or whatever webserver you're using) logs for any errors or warnings? Yes I did. Everyhting seems normal there too. Hm… Just noticed something new in fact; was looking a last time before considering reinstallation on a new server: it seems that the $_GET['push'] is undefined. In the other scripts I use where I have this problem, I'm using $_POST variables though but still don't get stored in $_SESSION. If I'm correct, this may implies that it is apache that is faulty right? $_GET['push'] will be undefined if you still have your session stored, but accessing the script directly. It should have nothing to do with faulty Apache.
Re: [PHP] Session variable not persisting
Le 2013-03-18 à 15:37, Matijn Woudt a écrit : On Mon, Mar 18, 2013 at 8:35 PM, Éric Oliver Paquette eopaque...@gmail.com wrote: Le 2013-03-18 à 15:24, Éric Oliver Paquette a écrit : Le 2013-03-18 à 15:20, Matijn Woudt a écrit : On Mon, Mar 18, 2013 at 8:13 PM, Éric Oliver Paquette eopaque...@gmail.com wrote: On Mon, Mar 18, 2013 at 7:46 PM, Éric Oliver Paquette eopaque...@gmail.com wrote: Hi all, I'll be swift in my explanation as I can't find in any way the source of the problem; it seems to be installation-related. At execution, sometimes (randomly it seems at first), variable session aren't properly stored. In fact, when I run this on my server I randomly have empty entries in the $_SESSION array. Any thoughts on this? Is this a known bug (haven't found it…) Thanks! What does phpinfo() show about session stuff? Especially things like save_handler and cookie_lifetime settings. Note that this seems to occur 3 times out of 1000 on average. Now, about your request : session Session Support enabled Registered save handlersfiles user Registered serializer handlers php php_binary wddx Directive Local Value Master Value session.auto_start Off Off session.bug_compat_42 Off Off session.bug_compat_warn Off Off session.cache_expire180 180 session.cache_limiter nocache nocache session.cookie_domain no valueno value session.cookie_httponly Off Off session.cookie_lifetime 0 0 session.cookie_path / / session.cookie_secure Off Off session.entropy_fileno valueno value session.entropy_length 0 0 session.gc_divisor 10001000 session.gc_maxlifetime 14401440 session.gc_probability 1 1 session.hash_bits_per_character 5 5 session.hash_function 0 0 session.namePHPSESSID PHPSESSID session.referer_check no valueno value session.save_handlerfiles files session.save_path /var/lib/php/session/var/lib/php/session session.serialize_handler php php session.use_cookies On On session.use_only_cookiesOn On session.use_trans_sid 0 0 Your settings seem to be fine. My best guess would be hardware failure, though it seems unlikely. Did you check apache (or whatever webserver you're using) logs for any errors or warnings? Yes I did. Everyhting seems normal there too. Hm… Just noticed something new in fact; was looking a last time before considering reinstallation on a new server: it seems that the $_GET['push'] is undefined. In the other scripts I use where I have this problem, I'm using $_POST variables though but still don't get stored in $_SESSION. If I'm correct, this may implies that it is apache that is faulty right? $_GET['push'] will be undefined if you still have your session stored, but accessing the script directly. It should have nothing to do with faulty Apache. Okay, let me paraphrase: when I run the ping pong scripts written up there, I have a blank in var_dump($_SESSION) if and only if I have [Mon Mar 18 13:25:37 2013] [error] [client 184.151.114.111] PHP Notice: Undefined index: push in /home/www/www.ngenioconnect.com/Modules/MPOSurveyTest/pong.php on line 8 on apache log. So my question really is, it is apache that handles the posts and gets requests, as I use both and it seems that the non-persistence of data occurs before the storage in $_SESSION, is it possible that it is Apache that is faulty?
Re: [PHP] Session variable not persisting
Le 2013-03-18 à 15:41, Éric Oliver Paquette a écrit : Le 2013-03-18 à 15:37, Matijn Woudt a écrit : On Mon, Mar 18, 2013 at 8:35 PM, Éric Oliver Paquette eopaque...@gmail.com wrote: Le 2013-03-18 à 15:24, Éric Oliver Paquette a écrit : Le 2013-03-18 à 15:20, Matijn Woudt a écrit : On Mon, Mar 18, 2013 at 8:13 PM, Éric Oliver Paquette eopaque...@gmail.com wrote: On Mon, Mar 18, 2013 at 7:46 PM, Éric Oliver Paquette eopaque...@gmail.com wrote: Hi all, I'll be swift in my explanation as I can't find in any way the source of the problem; it seems to be installation-related. At execution, sometimes (randomly it seems at first), variable session aren't properly stored. In fact, when I run this on my server I randomly have empty entries in the $_SESSION array. Any thoughts on this? Is this a known bug (haven't found it…) Thanks! What does phpinfo() show about session stuff? Especially things like save_handler and cookie_lifetime settings. Note that this seems to occur 3 times out of 1000 on average. Now, about your request : session Session Supportenabled Registered save handlers files user Registered serializer handlers php php_binary wddx Directive Local Value Master Value session.auto_start Off Off session.bug_compat_42 Off Off session.bug_compat_warnOff Off session.cache_expire 180 180 session.cache_limiter nocache nocache session.cookie_domain no valueno value session.cookie_httponlyOff Off session.cookie_lifetime0 0 session.cookie_path/ / session.cookie_secure Off Off session.entropy_file no valueno value session.entropy_length 0 0 session.gc_divisor 10001000 session.gc_maxlifetime 14401440 session.gc_probability 1 1 session.hash_bits_per_character5 5 session.hash_function 0 0 session.name PHPSESSID PHPSESSID session.referer_check no valueno value session.save_handler files files session.save_path /var/lib/php/session/var/lib/php/session session.serialize_handler php php session.use_cookiesOn On session.use_only_cookies On On session.use_trans_sid 0 0 Your settings seem to be fine. My best guess would be hardware failure, though it seems unlikely. Did you check apache (or whatever webserver you're using) logs for any errors or warnings? Yes I did. Everyhting seems normal there too. Hm… Just noticed something new in fact; was looking a last time before considering reinstallation on a new server: it seems that the $_GET['push'] is undefined. In the other scripts I use where I have this problem, I'm using $_POST variables though but still don't get stored in $_SESSION. If I'm correct, this may implies that it is apache that is faulty right? $_GET['push'] will be undefined if you still have your session stored, but accessing the script directly. It should have nothing to do with faulty Apache. Okay, let me paraphrase: when I run the ping pong scripts written up there, I have a blank in var_dump($_SESSION) if and only if I have [Mon Mar 18 13:25:37 2013] [error] [client 184.151.114.111] PHP Notice: Undefined index: push in /home/www/www.ngenioconnect.com/Modules/MPOSurveyTest/pong.php on line 8 on apache log. So my question really is, it is apache that handles the posts and gets requests, as I use both and it seems that the non-persistence of data occurs before the storage in $_SESSION, is it possible that it is Apache that is faulty? Er… I looked where it caused a problem, it seems that $_GET, $_POST and $_SESSION are indeed all affected. Any clue of a faulty installation that would cause problem for many surperglobals?
Re: [PHP] Session variable not persisting
Éric Oliver Paquette eopaque...@gmail.com wrote: Le 2013-03-18 à 15:41, Éric Oliver Paquette a écrit : Le 2013-03-18 à 15:37, Matijn Woudt a écrit : On Mon, Mar 18, 2013 at 8:35 PM, Éric Oliver Paquette eopaque...@gmail.com wrote: Le 2013-03-18 à 15:24, Éric Oliver Paquette a écrit : Le 2013-03-18 à 15:20, Matijn Woudt a écrit : On Mon, Mar 18, 2013 at 8:13 PM, Éric Oliver Paquette eopaque...@gmail.com wrote: On Mon, Mar 18, 2013 at 7:46 PM, Éric Oliver Paquette eopaque...@gmail.com wrote: Hi all, I'll be swift in my explanation as I can't find in any way the source of the problem; it seems to be installation-related. At execution, sometimes (randomly it seems at first), variable session aren't properly stored. In fact, when I run this on my server I randomly have empty entries in the $_SESSION array. Any thoughts on this? Is this a known bug (haven't found it…) Thanks! What does phpinfo() show about session stuff? Especially things like save_handler and cookie_lifetime settings. Note that this seems to occur 3 times out of 1000 on average. Now, about your request : session Session Support enabled Registered save handlers files user Registered serializer handlersphp php_binary wddx Directive Local Value Master Value session.auto_startOff Off session.bug_compat_42 Off Off session.bug_compat_warn Off Off session.cache_expire 180 180 session.cache_limiter nocache nocache session.cookie_domain no valueno value session.cookie_httponly Off Off session.cookie_lifetime 0 0 session.cookie_path / / session.cookie_secure Off Off session.entropy_file no valueno value session.entropy_length0 0 session.gc_divisor10001000 session.gc_maxlifetime14401440 session.gc_probability1 1 session.hash_bits_per_character 5 5 session.hash_function 0 0 session.name PHPSESSID PHPSESSID session.referer_check no valueno value session.save_handler files files session.save_path /var/lib/php/session/var/lib/php/session session.serialize_handler php php session.use_cookies On On session.use_only_cookies On On session.use_trans_sid 0 0 Your settings seem to be fine. My best guess would be hardware failure, though it seems unlikely. Did you check apache (or whatever webserver you're using) logs for any errors or warnings? Yes I did. Everyhting seems normal there too. Hm… Just noticed something new in fact; was looking a last time before considering reinstallation on a new server: it seems that the $_GET['push'] is undefined. In the other scripts I use where I have this problem, I'm using $_POST variables though but still don't get stored in $_SESSION. If I'm correct, this may implies that it is apache that is faulty right? $_GET['push'] will be undefined if you still have your session stored, but accessing the script directly. It should have nothing to do with faulty Apache. Okay, let me paraphrase: when I run the ping pong scripts written up there, I have a blank in var_dump($_SESSION) if and only if I have [Mon Mar 18 13:25:37 2013] [error] [client 184.151.114.111] PHP Notice: Undefined index: push in /home/www/www.ngenioconnect.com/Modules/MPOSurveyTest/pong.php on line 8 on apache log. So my question really is, it is apache that handles the posts and gets requests, as I use both and it seems that the non-persistence of data occurs before the storage in $_SESSION, is it possible that it is Apache that is faulty? Er… I looked where it caused a problem, it seems that $_GET, $_POST and $_SESSION are indeed all affected. Any clue of a faulty installation that would cause problem for many surperglobals? It sounds like some kind of memory problem. Can you run a memory tester on that server to see if that's the cause? Thanks, Ash http://www.ashleysheridan.co.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session variable not persisting
Am 18.03.13 19:46, schrieb Éric Oliver Paquette:
Hi all,
I'll be swift in my explanation as I can't find in any way the source of the
problem; it seems to be installation-related.
At execution, sometimes (randomly it seems at first), variable session aren't
properly stored.
=
First things first, about installation :
uname -a -m -p yields :
Linux cl-t180-253cl.privatedns.com 2.6.18-308.1.1.el5 #1 SMP Wed Mar 7
04:16:51 EST 2012 x86_64 x86_64 x86_64 GNU/Linux
php -v yields :
PHP 5.3.3 (cli) (built: Jun 27 2012 12:25:48)
Copyright (c) 1997-2010 The PHP Group
Zend Engine v2.3.0, Copyright (c) 1998-2010 Zend Technologies
=
To make sure it is not caused by any other part of my scripts, I just created
two scripts that have replicated the problem :
SCRIPT #1 [ping.php]
?php
session_start();
if(count($_SESSION['in'])==0){
$_SESSION['in'][0]='0-initiate';
} else {
$_SESSION['in'][] = count($_SESSION['in']).$_GET['push'];
}
if(count($_SESSION['in'])1000){
$rand = rand(0, 100);
?
meta http-equiv=refresh content=0;URL='pong.php?push=?php echo
$rand; ?'
?php
} else {
var_dump($_SESSION);
}
?
SCRIPT #2 [pong.php]
?php
session_start();
if(count($_SESSION['in'])==0){
$_SESSION['in'][0]='0-initiate';
} else {
$_SESSION['in'][] = count($_SESSION['in']).$_GET['push'];
}
if(count($_SESSION['in'])1000){
$rand = rand(0, 100);
?
meta http-equiv=refresh content=0;URL='ping.php?push=?php echo
$rand; ?'
?php
} else {
var_dump($_SESSION);
}
?
##
In fact, when I run this on my server I randomly have empty entries in the
$_SESSION array. Any thoughts on this? Is this a known bug (haven't found it…)
Thanks!
Just a thought that came to my mind: Have you disabled browser caching?
And about the push is undefined in the logs: How do you call the
script for the first time? With or with push parameter?
--
Marco Behnke
Dipl. Informatiker (FH), SAE Audio Engineer Diploma
Zend Certified Engineer PHP 5.3
Tel.: 0174 / 9722336
e-Mail: ma...@behnke.biz
Softwaretechnik Behnke
Heinrich-Heine-Str. 7D
21218 Seevetal
http://www.behnke.biz
signature.asc
Description: OpenPGP digital signature
Re: [PHP] Session ?
I've read about passing the session id to a script and using that to opene
up the existing session file. Is this something I could do in this case?
Or am I SOL?
You can pass the session ID and reactivate the session that way,
sure. Not pretty, and it does lead to security considerations, but it
would work.
Hi Daniel,
Your security consideration important for me and I really need to know
what am I missing.
Using your xs(cross-site) request and cookie based authentication with
user-name and password has same level security problems. if you use
tokens they can not reading or using by an other pages. Attacker must
guess a random token(its difficult then guess passwords). if your
browser hacked or your main page has bad js code. This is bigger problem
then using xs request. they can get your password or session id.
I try to clarify my point of view for better discussion,
both servers can use same log-in database or enable to query each other.
after logged-in first.domain or a.first.domain
user has ability to call an other trusted server without password and
user-name.
when hit the page has XS button first.domain server will generate random
key and random value
and send in button code with secure protocol.(before send, you must
check referrer and token for CSRF protection)
detailed client info, secure key and value must store in session
database for later security check.
(you need more 3 columns key value and expire-date)
sample button code in
https://second.domain/need_to_see_without_user_input.php:
//after logged in your-first.domain
echo form
action='https://second.domain/need_to_see_without_user_input.php'
method='post' style='' ;
echo button id='button_1' class='button_1' type='submit'
name='long_random_secure_xs_cookie_name'
value='{$long_random_secure_xs_cookie_value}' style='' ;
echo run script 2 on second.domain ;
echo /button;
echo /form;
clicking that button same as write down password, user name and click
submit. but easier and not less secure then password authentication.
key and value must be long and secure enough (not like unique-id).
second server side:
-check the name and value and expire date IP browser etc.
- if there is any valid session in first server then clear key and value
don't touch server first.domain session data
- create new session on server second.domain width same user.
now same user has different valid session on both servers.
this method looks safe as password and user name authentication
just focus on sending secure key and value to the real client!!!
Of-course some old browsers has security holes
conditions:
-old browsers like Firefox 5
-(not easy but possible; newer browsers with some dangerous add-ons )
-not using tokens every page/form requests (after log-in first.domain)
after logged-in first.domain attacker can use this holes alter the
referrer and can get secure key and value
there is a solution ;they cannot alter post data referrer(if browser not
hacked) if you post back the token you will be quite safe.(check
referrer and token)
I guess this is fit public users who use password authentication.
if you are company user or security guy You must use certificate
authentication with VPN.
There is no absolute security in theory. But we have to discus how will
be improved. Because bad guys already doing that in opposite way.
Thanks,
Hakan Can.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session ?
On 12/12/2012 5:25 PM, Marco Behnke wrote:
Am 12.12.12 15:58, schrieb Jim Giner:
On 12/12/2012 8:08 AM, ma...@behnke.biz wrote:
Jim Giner jim.gi...@albanyhandball.com hat am 12. Dezember 2012 um
02:53
geschrieben:
On 12/11/2012 7:27 PM, Marco Behnke wrote:
Am 08.12.12 19:08, schrieb Jim Giner:
All my debugging messages indicagte that I have the same session id,
yet I don't have the same variables, ie, they're missing.
Just to be sure ... the webspace is on the same server and has
access to
the same directory where the session data is stored?
(session_save_path)?
Yes - it points to a folder within my main domain's structure.
which is accessible from your subdomains?
They are all pointing (re the ini file) to the default of /tmp so I
presume that they all have access to that folder.
Ok, that is a different answer from the previous one where you said it
points to a folder within my main domain's structure
Are you running on error_reporting(E_ALL) and ini_set('display_errors',
'On')?
Just to be sure that there are no hidden notices or warnings.
my sub points to a folder within my domain's structure. My session's
store point (?) is \tmp. You asked two different questions.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session ?
Am 13.12.12 14:49, schrieb Jim Giner:
Ok, that is a different answer from the previous one where you said it
points to a folder within my main domain's structure
Are you running on error_reporting(E_ALL) and ini_set('display_errors',
'On')?
Just to be sure that there are no hidden notices or warnings.
my sub points to a folder within my domain's structure. My session's
store point (?) is \tmp. You asked two different questions.
point taken ;)
I will try to do a setup like yours and check which code works for me.
--
Marco Behnke
Dipl. Informatiker (FH), SAE Audio Engineer Diploma
Zend Certified Engineer PHP 5.3
Tel.: 0174 / 9722336
e-Mail: ma...@behnke.biz
Softwaretechnik Behnke
Heinrich-Heine-Str. 7D
21218 Seevetal
http://www.behnke.biz
signature.asc
Description: OpenPGP digital signature
Re: [PHP] Session ?
On 12/13/2012 9:16 AM, Marco Behnke wrote:
Am 13.12.12 14:49, schrieb Jim Giner:
Ok, that is a different answer from the previous one where you said it
points to a folder within my main domain's structure
Are you running on error_reporting(E_ALL) and ini_set('display_errors',
'On')?
Just to be sure that there are no hidden notices or warnings.
my sub points to a folder within my domain's structure. My session's
store point (?) is \tmp. You asked two different questions.
point taken ;)
I will try to do a setup like yours and check which code works for me.
Thanks for the interest. Hope you have better luck than I.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session ?
Jim Giner jim.gi...@albanyhandball.com hat am 12. Dezember 2012 um 02:53 geschrieben: On 12/11/2012 7:27 PM, Marco Behnke wrote: Am 08.12.12 19:08, schrieb Jim Giner: All my debugging messages indicagte that I have the same session id, yet I don't have the same variables, ie, they're missing. Just to be sure ... the webspace is on the same server and has access to the same directory where the session data is stored? (session_save_path)? Yes - it points to a folder within my main domain's structure. which is accessible from your subdomains? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Marco Behnke Dipl. Informatiker (FH), SAE Audio Engineer Diploma Zend Certified Engineer PHP 5.3 Tel.: 0174 / 9722336 e-Mail: ma...@behnke.biz Softwaretechnik Behnke Heinrich-Heine-Str. 7D 21218 Seevetal http://www.behnke.biz -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session ?
On 12/12/2012 8:08 AM, ma...@behnke.biz wrote: Jim Giner jim.gi...@albanyhandball.com hat am 12. Dezember 2012 um 02:53 geschrieben: On 12/11/2012 7:27 PM, Marco Behnke wrote: Am 08.12.12 19:08, schrieb Jim Giner: All my debugging messages indicagte that I have the same session id, yet I don't have the same variables, ie, they're missing. Just to be sure ... the webspace is on the same server and has access to the same directory where the session data is stored? (session_save_path)? Yes - it points to a folder within my main domain's structure. which is accessible from your subdomains? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- Marco Behnke Dipl. Informatiker (FH), SAE Audio Engineer Diploma Zend Certified Engineer PHP 5.3 Tel.: 0174 / 9722336 e-Mail: ma...@behnke.biz Softwaretechnik Behnke Heinrich-Heine-Str. 7D 21218 Seevetal http://www.behnke.biz They are all pointing (re the ini file) to the default of /tmp so I presume that they all have access to that folder. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session ?
Am 12.12.12 15:58, schrieb Jim Giner:
On 12/12/2012 8:08 AM, ma...@behnke.biz wrote:
Jim Giner jim.gi...@albanyhandball.com hat am 12. Dezember 2012 um
02:53
geschrieben:
On 12/11/2012 7:27 PM, Marco Behnke wrote:
Am 08.12.12 19:08, schrieb Jim Giner:
All my debugging messages indicagte that I have the same session id,
yet I don't have the same variables, ie, they're missing.
Just to be sure ... the webspace is on the same server and has
access to
the same directory where the session data is stored?
(session_save_path)?
Yes - it points to a folder within my main domain's structure.
which is accessible from your subdomains?
They are all pointing (re the ini file) to the default of /tmp so I
presume that they all have access to that folder.
Ok, that is a different answer from the previous one where you said it
points to a folder within my main domain's structure
Are you running on error_reporting(E_ALL) and ini_set('display_errors',
'On')?
Just to be sure that there are no hidden notices or warnings.
--
Marco Behnke
Dipl. Informatiker (FH), SAE Audio Engineer Diploma
Zend Certified Engineer PHP 5.3
Tel.: 0174 / 9722336
e-Mail: ma...@behnke.biz
Softwaretechnik Behnke
Heinrich-Heine-Str. 7D
21218 Seevetal
http://www.behnke.biz
signature.asc
Description: OpenPGP digital signature
Re: [PHP] Session ?
Am 08.12.12 19:08, schrieb Jim Giner: All my debugging messages indicagte that I have the same session id, yet I don't have the same variables, ie, they're missing. Just to be sure ... the webspace is on the same server and has access to the same directory where the session data is stored? (session_save_path)? -- Marco Behnke Dipl. Informatiker (FH), SAE Audio Engineer Diploma Zend Certified Engineer PHP 5.3 Tel.: 0174 / 9722336 e-Mail: ma...@behnke.biz Softwaretechnik Behnke Heinrich-Heine-Str. 7D 21218 Seevetal http://www.behnke.biz signature.asc Description: OpenPGP digital signature
Re: [PHP] Session ?
On 12/11/2012 7:27 PM, Marco Behnke wrote: Am 08.12.12 19:08, schrieb Jim Giner: All my debugging messages indicagte that I have the same session id, yet I don't have the same variables, ie, they're missing. Just to be sure ... the webspace is on the same server and has access to the same directory where the session data is stored? (session_save_path)? Yes - it points to a folder within my main domain's structure. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session ?
On 12/7/2012 3:20 PM, Sebastian Krebs wrote:
2012/12/7 Daniel Brown danbr...@php.net
On Fri, Dec 7, 2012 at 3:04 PM, Jim Giner jim.gi...@albanyhandball.com
wrote:
OK - now that I've messed us all up, help me to understand your proposed
solution. I added the ini-set line to my first script. Then I called my
second one and still had the same problem with a missing session var. Is
there a corresponding line I need in the 'called' script? And does it
matter where this line is place within the script?
From your response to Sebastian, I'm not sure it will work. They
need to be subdomains of the same domain; different domains won't
work. However, proceeding with the presumption that the subdomains
are under the same SLD (e.g. - apple.example.com and
orange.example.com), this should work:
?php
// apple.example.com
ini_set('session.cookie_domain','.example.com');
session_start();
$_SESSION['foo'] = 'bar';
session_write_close();
?
Then
?php
// orange.example.com
ini_set('session.cookie_domain','.example.com');
session_start();
echo isset($_SESSION['foo']) ? $_SESSION['foo'] : 'Session failed to
transfer.';
?
Would be better to put 'session.cookie_domain' into the php.ini. In both
cases: Clear cookies (at least for your site) completely and set
session.auto_start to 0.
--
/Daniel P. Brown
Network Infrastructure Manager
http://www.php.net/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
What does doing session.auto_start to 0 do to me?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session ?
On 12/7/2012 4:02 PM, Jim Giner wrote:
So i need the ini set in both scripts. Thx. Ill try that later
jg
OK - I put the line:
ini_set('session.cookie_domain','.albanyhandball.com');
session_start();
into each of my scripts.
Didn't work.
Let me explain my domain names. My main domain is albanyhandball.com.
I have two subs called x.albanyhandball.com and
y.albanyhandball.com. Attached to each of these is what my isp calls
an add-on domain name. These two names are not similar at all. As in
addon1.net and myothersub.com, but each is tied to one of the
sub-domain names. Looking at a phpinfo dump, the true sub-domain names
(*.albanyhandball.com) show up only in the SERVER_ADMIN setting, while
my add-on domain names show up in the SERVER_NAME settings.
I've read about passing the session id to a script and using that to
opene up the existing session file. Is this something I could do in
this case? Or am I SOL?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session ?
On Sat, Dec 8, 2012 at 10:52 AM, Jim Giner jim.gi...@albanyhandball.com wrote: Didn't work. Let me explain my domain names. My main domain is albanyhandball.com. I have two subs called x.albanyhandball.com and y.albanyhandball.com. Attached to each of these is what my isp calls an add-on domain name. These two names are not similar at all. As in addon1.net and myothersub.com, but each is tied to one of the sub-domain names. Looking at a phpinfo dump, the true sub-domain names (*.albanyhandball.com) show up only in the SERVER_ADMIN setting, while my add-on domain names show up in the SERVER_NAME settings. That won't work and should not work. You could technically do it, but you'd be deliberately creating an XSS for your sites. If it worked that way on its own, it would either be (a) a horrible browser or (b) 1995. It'll work for the subdomains, but not addon or parked domains. I've read about passing the session id to a script and using that to opene up the existing session file. Is this something I could do in this case? Or am I SOL? You can pass the session ID and reactivate the session that way, sure. Not pretty, and it does lead to security considerations, but it would work. -- /Daniel P. Brown Network Infrastructure Manager http://www.php.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session ?
On 12/8/2012 11:04 AM, Daniel Brown wrote:
You can pass the session ID and reactivate the session that way,
sure. Not pretty, and it does lead to security considerations, but it
would work.
OK - I've done this in script 1:
if (isset($_REQUEST['sess']))
$sess_id = $_REQUEST['sess'];
else
$sess_id = '';
if ($sess_id '')
{
session_start($sess_id);
$errmsg .= started sess id is: $sess_id ;
}
else
{
session_start();
$errmsg .= started new sess ;
}
Then my process creates a Session array and calls script 2
In script 2 I have:
if (isset($_GET['sess']) $_GET['sess'] '')
{
$sess_id = $_GET['sess'];
session_start($sess_id);
$errmsg .= started sess $sess_id ;
}
else
{
session_start();
$sess_id = session_id();
$errmsg = started NEW sess with id of $sess_id ;
}
My $errmsg shows me the same sess id in both scripts, and it would
appear that I have managed to pass my session across the sub-domains.
But when script 2 attempts to access the contents of the Session array
created in script 1 it doesn't find it. What am I not doing?
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session ?
On 12/8/2012 11:41 AM, Jim Giner wrote:
On 12/8/2012 11:04 AM, Daniel Brown wrote:
You can pass the session ID and reactivate the session that way,
sure. Not pretty, and it does lead to security considerations, but it
would work.
OK - I've done this in script 1:
if (isset($_REQUEST['sess']))
$sess_id = $_REQUEST['sess'];
else
$sess_id = '';
if ($sess_id '')
{
session_start($sess_id);
$errmsg .= started sess id is: $sess_id ;
}
else
{
session_start();
$errmsg .= started new sess ;
}
Then my process creates a Session array and calls script 2
In script 2 I have:
if (isset($_GET['sess']) $_GET['sess'] '')
{
$sess_id = $_GET['sess'];
session_start($sess_id);
$errmsg .= started sess $sess_id ;
}
else
{
session_start();
$sess_id = session_id();
$errmsg = started NEW sess with id of $sess_id ;
}
My $errmsg shows me the same sess id in both scripts, and it would
appear that I have managed to pass my session across the sub-domains.
But when script 2 attempts to access the contents of the Session array
created in script 1 it doesn't find it. What am I not doing?
Forgot to mention that when I do header(...) to go to script 2 that I do
append the session id to my url
Same on the return from script 2 back to script 1.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session ?
On Sat, Dec 8, 2012 at 12:10 PM, Jim Giner jim.gi...@albanyhandball.comwrote:
On 12/8/2012 11:41 AM, Jim Giner wrote:
On 12/8/2012 11:04 AM, Daniel Brown wrote:
You can pass the session ID and reactivate the session that way,
sure. Not pretty, and it does lead to security considerations, but it
would work.
OK - I've done this in script 1:
if (isset($_REQUEST['sess']))
$sess_id = $_REQUEST['sess'];
else
$sess_id = '';
if ($sess_id '')
{
session_start($sess_id);
$errmsg .= started sess id is: $sess_id ;
}
else
{
session_start();
$errmsg .= started new sess ;
}
Then my process creates a Session array and calls script 2
In script 2 I have:
if (isset($_GET['sess']) $_GET['sess'] '')
{
$sess_id = $_GET['sess'];
session_start($sess_id);
$errmsg .= started sess $sess_id ;
}
else
{
session_start();
$sess_id = session_id();
$errmsg = started NEW sess with id of $sess_id ;
}
My $errmsg shows me the same sess id in both scripts, and it would
appear that I have managed to pass my session across the sub-domains.
But when script 2 attempts to access the contents of the Session array
created in script 1 it doesn't find it. What am I not doing?
Forgot to mention that when I do header(...) to go to script 2 that I do
append the session id to my url
Same on the return from script 2 back to script 1.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
I know i'm late to the party here but I had to do something similar
I used something similar to
http://www.nczonline.net/blog/2010/09/07/learning-from-xauth-cross-domain-localstorage/
ie storing the session state in html localstorage objects then using the
methods in that link to read them thru iframes on the other domain...
Re: [PHP] Session ?
On 12/8/2012 12:10 PM, Jim Giner wrote:
On 12/8/2012 11:41 AM, Jim Giner wrote:
On 12/8/2012 11:04 AM, Daniel Brown wrote:
You can pass the session ID and reactivate the session that way,
sure. Not pretty, and it does lead to security considerations, but it
would work.
OK - I've done this in script 1:
if (isset($_REQUEST['sess']))
$sess_id = $_REQUEST['sess'];
else
$sess_id = '';
if ($sess_id '')
{
session_start($sess_id);
$errmsg .= started sess id is: $sess_id ;
}
else
{
session_start();
$errmsg .= started new sess ;
}
Then my process creates a Session array and calls script 2
In script 2 I have:
if (isset($_GET['sess']) $_GET['sess'] '')
{
$sess_id = $_GET['sess'];
session_start($sess_id);
$errmsg .= started sess $sess_id ;
}
else
{
session_start();
$sess_id = session_id();
$errmsg = started NEW sess with id of $sess_id ;
}
My $errmsg shows me the same sess id in both scripts, and it would
appear that I have managed to pass my session across the sub-domains.
But when script 2 attempts to access the contents of the Session array
created in script 1 it doesn't find it. What am I not doing?
Forgot to mention that when I do header(...) to go to script 2 that I do
append the session id to my url
Same on the return from script 2 back to script 1.
Plugging away at my problem still. Here is something interesting.
Apparently I don't understand how some of these session settings work.
In my script 2 (the called one) I have this code:
if (isset($_REQUEST['sess']))
$sess_id = $_REQUEST['sess'];
else
$sess_id = '';
if ($sess_id '')
{
session_start($sess_id);
$errmsg .= started sess with id of $sess_id ;
}
else
{
session_start();
$errmsg .= started a NEW sess ;
}
$sid = session_id();
$errmsg .= started sess actual id is: $sid ;
Now - there is a 'sess' argument in my url string that calls this, so I
am using the branch of the logic that shows me that I started sess with
id of . But I've added the last two lines to check on that and I
get started sess actual id is: zz - NOT the right id.
Can someone explain the use of session ids and the right commands to
use? From my understanding my thinking is:
in script 1 after establishing the initial session wiht a session_start():
1 - get the session id save it in a hidden field on my screen
2 - when script 1 starts again, retrieve the id and when going to my
script 2 (in the other sub-dom) attach it as an argument
3 - in the called script 2, retrieve the argument from the url and start
the session with:
session_start($sessid)
4 - save the sessid in this screen's fields
5 - when script 2 gets control again, retrieve the id from the hidden
field and if the user has opted to return to script 1, attach the
session id to the url again.
All my debugging messages indicagte that I have the same session id, yet
I don't have the same variables, ie, they're missing.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Session ?
Something new for me - working with scripts on two of my sub-domains. I want to call script 2 in my B domain from script 1 in my A domain. It appears that the session vars established in script 1 do not show up in script 2. Is that because the domain name is different? Is this where one must grab the session id and use it in another script in order to retain the original session and its vars? If this is so, can someone elaborate on the capture of the session id process? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session ?
On Fri, Dec 7, 2012 at 2:33 PM, Jim Giner jim.gi...@albanyhandball.com wrote: Something new for me - working with scripts on two of my sub-domains. I want to call script 2 in my B domain from script 1 in my A domain. It appears that the session vars established in script 1 do not show up in script 2. Is that because the domain name is different? Is this where one must grab the session id and use it in another script in order to retain the original session and its vars? If this is so, can someone elaborate on the capture of the session id process? Are both domains on the same physical (or virtual) server? -- /Daniel P. Brown Network Infrastructure Manager http://www.php.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session ?
On 12/7/2012 2:36 PM, Daniel Brown wrote: On Fri, Dec 7, 2012 at 2:33 PM, Jim Giner jim.gi...@albanyhandball.com wrote: Something new for me - working with scripts on two of my sub-domains. I want to call script 2 in my B domain from script 1 in my A domain. It appears that the session vars established in script 1 do not show up in script 2. Is that because the domain name is different? Is this where one must grab the session id and use it in another script in order to retain the original session and its vars? If this is so, can someone elaborate on the capture of the session id process? Are both domains on the same physical (or virtual) server? Yes - they are sub-domains of my main one. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session ?
On Fri, Dec 7, 2012 at 2:38 PM, Jim Giner jim.gi...@albanyhandball.com wrote:
On 12/7/2012 2:36 PM, Daniel Brown wrote:
On Fri, Dec 7, 2012 at 2:33 PM, Jim Giner jim.gi...@albanyhandball.com
wrote:
Something new for me - working with scripts on two of my sub-domains.
I want to call script 2 in my B domain from script 1 in my A domain.
It appears that the session vars established in script 1 do not show up
in
script 2. Is that because the domain name is different? Is this where
one
must grab the session id and use it in another script in order to retain
the
original session and its vars? If this is so, can someone elaborate on
the
capture of the session id process?
Are both domains on the same physical (or virtual) server?
Yes - they are sub-domains of my main one.
?php ini_set('session.cookie_domain','.example.com'); ?
The preceding dot before the SLD allow the session cookie to be
accessible on *.example.com.
--
/Daniel P. Brown
Network Infrastructure Manager
http://www.php.net/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session ?
On 12/7/2012 2:41 PM, Daniel Brown wrote:
On Fri, Dec 7, 2012 at 2:38 PM, Jim Giner jim.gi...@albanyhandball.com wrote:
On 12/7/2012 2:36 PM, Daniel Brown wrote:
On Fri, Dec 7, 2012 at 2:33 PM, Jim Giner jim.gi...@albanyhandball.com
wrote:
Something new for me - working with scripts on two of my sub-domains.
I want to call script 2 in my B domain from script 1 in my A domain.
It appears that the session vars established in script 1 do not show up
in
script 2. Is that because the domain name is different? Is this where
one
must grab the session id and use it in another script in order to retain
the
original session and its vars? If this is so, can someone elaborate on
the
capture of the session id process?
Are both domains on the same physical (or virtual) server?
Yes - they are sub-domains of my main one.
?php ini_set('session.cookie_domain','.example.com'); ?
The preceding dot before the SLD allow the session cookie to be
accessible on *.example.com.
What if my sub-domain names are not in the form of 'a.domain.com' and
'b.domain.com'.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session ?
2012/12/7 Jim Giner jim.gi...@albanyhandball.com
On 12/7/2012 2:41 PM, Daniel Brown wrote:
On Fri, Dec 7, 2012 at 2:38 PM, Jim Giner jim.gi...@albanyhandball.com
wrote:
On 12/7/2012 2:36 PM, Daniel Brown wrote:
On Fri, Dec 7, 2012 at 2:33 PM, Jim Giner jim.gi...@albanyhandball.com
wrote:
Something new for me - working with scripts on two of my sub-domains.
I want to call script 2 in my B domain from script 1 in my A domain.
It appears that the session vars established in script 1 do not show up
in
script 2. Is that because the domain name is different? Is this where
one
must grab the session id and use it in another script in order to
retain
the
original session and its vars? If this is so, can someone elaborate on
the
capture of the session id process?
Are both domains on the same physical (or virtual) server?
Yes - they are sub-domains of my main one.
?php ini_set('session.cookie_**domain','.example.com'); ?
The preceding dot before the SLD allow the session cookie to be
accessible on *.example.com.
What if my sub-domain names are not in the form of 'a.domain.com' and '
b.domain.com'.
What do you mean? Subdomains are always in the form *.example.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
github.com/KingCrunch
Re: [PHP] Session ?
On Fri, Dec 7, 2012 at 2:54 PM, Jim Giner jim.gi...@albanyhandball.com wrote: What if my sub-domain names are not in the form of 'a.domain.com' and 'b.domain.com'. A subdomain is a subdomain. Unless you've discovered a new magical form of subdomain that is not, you should be fine. And if you have, in fact, made that discovery, you're probably the reason the Mayans predicted a very short winter this year. Thanks for screwing us, Jim. -- /Daniel P. Brown Network Infrastructure Manager http://www.php.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session ?
On 12/7/2012 2:58 PM, Sebastian Krebs wrote:
2012/12/7 Jim Giner jim.gi...@albanyhandball.com
On 12/7/2012 2:41 PM, Daniel Brown wrote:
On Fri, Dec 7, 2012 at 2:38 PM, Jim Giner jim.gi...@albanyhandball.com
wrote:
On 12/7/2012 2:36 PM, Daniel Brown wrote:
On Fri, Dec 7, 2012 at 2:33 PM, Jim Giner jim.gi...@albanyhandball.com
wrote:
Something new for me - working with scripts on two of my sub-domains.
I want to call script 2 in my B domain from script 1 in my A domain.
It appears that the session vars established in script 1 do not show up
in
script 2. Is that because the domain name is different? Is this where
one
must grab the session id and use it in another script in order to
retain
the
original session and its vars? If this is so, can someone elaborate on
the
capture of the session id process?
Are both domains on the same physical (or virtual) server?
Yes - they are sub-domains of my main one.
?php ini_set('session.cookie_**domain','.example.com'); ?
The preceding dot before the SLD allow the session cookie to be
accessible on *.example.com.
What if my sub-domain names are not in the form of 'a.domain.com' and '
b.domain.com'.
What do you mean? Subdomains are always in the form *.example.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
My bad - I was referencing the add-on domain name which is not. Yes -
there are subs in the correct format which I forgot about.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session ?
On 12/7/2012 2:59 PM, Daniel Brown wrote: On Fri, Dec 7, 2012 at 2:54 PM, Jim Giner jim.gi...@albanyhandball.com wrote: What if my sub-domain names are not in the form of 'a.domain.com' and 'b.domain.com'. A subdomain is a subdomain. Unless you've discovered a new magical form of subdomain that is not, you should be fine. And if you have, in fact, made that discovery, you're probably the reason the Mayans predicted a very short winter this year. Thanks for screwing us, Jim. OK - now that I've messed us all up, help me to understand your proposed solution. I added the ini-set line to my first script. Then I called my second one and still had the same problem with a missing session var. Is there a corresponding line I need in the 'called' script? And does it matter where this line is place within the script? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session ?
On Fri, Dec 7, 2012 at 3:04 PM, Jim Giner jim.gi...@albanyhandball.com wrote:
OK - now that I've messed us all up, help me to understand your proposed
solution. I added the ini-set line to my first script. Then I called my
second one and still had the same problem with a missing session var. Is
there a corresponding line I need in the 'called' script? And does it
matter where this line is place within the script?
From your response to Sebastian, I'm not sure it will work. They
need to be subdomains of the same domain; different domains won't
work. However, proceeding with the presumption that the subdomains
are under the same SLD (e.g. - apple.example.com and
orange.example.com), this should work:
?php
// apple.example.com
ini_set('session.cookie_domain','.example.com');
session_start();
$_SESSION['foo'] = 'bar';
session_write_close();
?
Then
?php
// orange.example.com
ini_set('session.cookie_domain','.example.com');
session_start();
echo isset($_SESSION['foo']) ? $_SESSION['foo'] : 'Session failed to transfer.';
?
--
/Daniel P. Brown
Network Infrastructure Manager
http://www.php.net/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session ?
2012/12/7 Daniel Brown danbr...@php.net
On Fri, Dec 7, 2012 at 3:04 PM, Jim Giner jim.gi...@albanyhandball.com
wrote:
OK - now that I've messed us all up, help me to understand your proposed
solution. I added the ini-set line to my first script. Then I called my
second one and still had the same problem with a missing session var. Is
there a corresponding line I need in the 'called' script? And does it
matter where this line is place within the script?
From your response to Sebastian, I'm not sure it will work. They
need to be subdomains of the same domain; different domains won't
work. However, proceeding with the presumption that the subdomains
are under the same SLD (e.g. - apple.example.com and
orange.example.com), this should work:
?php
// apple.example.com
ini_set('session.cookie_domain','.example.com');
session_start();
$_SESSION['foo'] = 'bar';
session_write_close();
?
Then
?php
// orange.example.com
ini_set('session.cookie_domain','.example.com');
session_start();
echo isset($_SESSION['foo']) ? $_SESSION['foo'] : 'Session failed to
transfer.';
?
Would be better to put 'session.cookie_domain' into the php.ini. In both
cases: Clear cookies (at least for your site) completely and set
session.auto_start to 0.
--
/Daniel P. Brown
Network Infrastructure Manager
http://www.php.net/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
--
github.com/KingCrunch
Re: [PHP] Session ?
On Fri, Dec 7, 2012 at 3:20 PM, Sebastian Krebs krebs@gmail.com wrote: Would be better to put 'session.cookie_domain' into the php.ini. In both cases: Clear cookies (at least for your site) completely and set session.auto_start to 0. If it's configured on the server for overrides, sure, a local one. Otherwise, the system php.ini will break all other domains on the server. -- /Daniel P. Brown Network Infrastructure Manager http://www.php.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session ?
So i need the ini set in both scripts. Thx. Ill try that later jg -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session ?
On Fri, Dec 7, 2012 at 2:04 PM, Jim Giner jim.gi...@albanyhandball.com wrote: On 12/7/2012 2:59 PM, Daniel Brown wrote: On Fri, Dec 7, 2012 at 2:54 PM, Jim Giner jim.gi...@albanyhandball.com wrote: What if my sub-domain names are not in the form of 'a.domain.com' and 'b.domain.com'. A subdomain is a subdomain. Unless you've discovered a new magical form of subdomain that is not, you should be fine. And if you have, in fact, made that discovery, you're probably the reason the Mayans predicted a very short winter this year. Thanks for screwing us, Jim. OK - now that I've messed us all up, help me to understand your proposed solution. I added the ini-set line to my first script. Then I called my second one and still had the same problem with a missing session var. Is there a corresponding line I need in the 'called' script? And does it matter where this line is place within the script? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php also remember to clear cookies (on browser), and session caches (on server) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Session data lost in Firefox
Hi I have a wesite where PHP session data is passed page to page then shells out to Paypal for payment then back to my website for completion of transaction and update of mysql file. When using Firefox our session data and POST data from Paypal is lost. This has happend only recently and has worked happily in the past. Works in other browsers too. Anyone heard of same problems? mywebpage - session data-mywebpage2-session data-paypal page-POST data + session data-mywebpage3 -- Johniboy -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session data lost in Firefox
On Fri, Oct 26, 2012 at 8:49 AM, John Boy serv...@greenholdings.co.ukwrote: Hi I have a wesite where PHP session data is passed page to page then shells out to Paypal for payment then back to my website for completion of transaction and update of mysql file. When using Firefox our session data and POST data from Paypal is lost. This has happend only recently and has worked happily in the past. Works in other browsers too. Anyone heard of same problems? mywebpage - session data-mywebpage2-session data-paypal page-POST data + session data-mywebpage3 -- Johniboy Just a thought - does this depend on using third party cookies between your site and PayPal? If so, do you have them disabled in Firefox? Andrew
Re: [PHP] Session data lost in Firefox
Looks like it was a corrupted Paypal cookie lurking about on my test machine. Clearing all Paypal cookies cured the problem. Hours can be spent looking for needles like this in a very complex haystack and it turns out to be the simplest solution that's not even related directly to the programming. Thanks, Andrew for the prompting! However if this happened on a punter's computer the same would happen - so is there a way of coding the removal of third party cookies to avoid this problem? Andrew Ballard aball...@gmail.com wrote in message news:cac1b6rsbydmopeulin0fjmax-vap_uas_1w6e-nr-1shwm+...@mail.gmail.com... On Fri, Oct 26, 2012 at 8:49 AM, John Boy serv...@greenholdings.co.ukwrote: Hi I have a wesite where PHP session data is passed page to page then shells out to Paypal for payment then back to my website for completion of transaction and update of mysql file. When using Firefox our session data and POST data from Paypal is lost. This has happend only recently and has worked happily in the past. Works in other browsers too. Anyone heard of same problems? mywebpage - session data-mywebpage2-session data-paypal page-POST data + session data-mywebpage3 -- Johniboy Just a thought - does this depend on using third party cookies between your site and PayPal? If so, do you have them disabled in Firefox? Andrew -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session data lost in Firefox
On Fri, Oct 26, 2012 at 12:12 PM, John Boy serv...@greenholdings.co.ukwrote: Looks like it was a corrupted Paypal cookie lurking about on my test machine. Clearing all Paypal cookies cured the problem. Hours can be spent looking for needles like this in a very complex haystack and it turns out to be the simplest solution that's not even related directly to the programming. Thanks, Andrew for the prompting! However if this happened on a punter's computer the same would happen - so is there a way of coding the removal of third party cookies to avoid this problem? As far as I know, if you can set a cookie you can also clear it. I don't like the approach, though. I have 3rd party cookies disabled on purpose. Andrew
Re: [PHP] PHP session variables
On Aug 15, 2012, at 4:42 PM, Andrew Ballard aball...@gmail.com wrote:
On Wed, Aug 15, 2012 at 3:24 PM, Tedd Sperling t...@sperling.com wrote:
The php manual ( http://us3.php.net/manual/en/function.session-start.php )
First Note states that session_start() must be called *before* anything sent
to the Browser.
So, to rewrite your code --
for($i=1; $i 1000; $i++)
{
if (!defined('SID'))
{
session_start();
echo __LINE__, '::session_start()br';
}
}
-- should work better, right?
Cheers,
tedd
-snip-
However, due to the nature of your test page you are still
sending output from the first loop before you call session_start() in
the second loop.
Duh!
Too many brain surgeons working on this brain!
In the real world neither of us would have made those mistakes.
It is only when we try to make things simple do we over complicate.
Cheers,
tedd
_
t...@sperling.com
http://sperling.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP session variables
On Aug 15, 2012, at 4:13 PM, Robert Cummings rob...@interjinn.com wrote: I only pointed it out because I used to do exactly the same thing :) Cheers, Rob. Thanks, I was starting to feel pretty dumb. Cheers, tedd _ t...@sperling.com http://sperling.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP session variables
On Aug 14, 2012 1:36 AM, tamouse mailing lists tamouse.li...@gmail.com wrote: On Aug 13, 2012 8:01 AM, Robert Cummings rob...@interjinn.com wrote: On 12-08-10 04:42 PM, Tedd Sperling wrote: On Aug 10, 2012, at 1:21 PM, Ege Sertçetin sertce...@itu.edu.tr wrote: Hi. My question will maybe out of topic, I'm sorry. How can you know that one way will be much slower than other one? I mean, how can I learn which function is faster before I test it? Ege: No your question is on topic. This question should be asked on the list, so I'll present Q:A instead of answering privately http://www.webbytedd.com/b/timed1/ The code is there -- if you have questions, please post them to the list. Ted, Please see the current signature for microtime(): mixed microtime ([ bool $get_as_float = false ] ) The optional paramter was added in PHP 5.0.0. I think it's safe to update your habits :) Cheers, Rob. -- E-Mail Disclaimer: Information contained in this message and any attached documents is considered confidential and legally protected. This message is intended solely for the addressee(s). Disclosure, copying, and distribution are prohibited unless authorized. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php What are the timing values if you do something besides session start with no close? Just to clarify, since at least 4.3.x subsequent calls session_start raise an E_NOTICE and are ignored, so you're first call is generating almost all the time.
Re: [PHP] PHP session variables
On Fri, Aug 10, 2012 at 11:56 AM, Tedd Sperling t...@sperling.com wrote:
On Aug 10, 2012, at 11:45 AM, Tedd Sperling t...@sperling.com wrote:
On Aug 9, 2012, at 5:16 PM, Jim Lucas li...@cmsws.com wrote:
You are relying on PHP's loose typing. This is a poor check.
session_id() returns a string, not boolean.
You should do this instead.
if ( session_id() === '' )
--
Jim Lucas
Thanks Jim -- you're right.
What about?
if (!defined(SID))
{
session_start();
}
Before you answer, the (!defined(SID)) is over 50 times slower than (
session_id() === '' )
Your way is better.
Cheers,
tedd
tedd,
I think this is because you passed SID to defined() as a constant
rather than a string, so the if test always returns true. When I
changed this to
if (!defined('SID'))
{
session _start();
}
it worked as expected, and I got much more similar results. I also
added a call to session_destroy() between the two tests so that each
loop initialized the session once. (In your test, the second loop
never initializes the session since it was already started by the
first loop.)
This is your code with my modifications:
?php
$starttime = microtime(true);
// whatever you want timed, you do here.
for($i=1; $i 1000; $i++)
{
if (!defined('SID'))
{
echo __LINE__, '::session_start()br';
session_start();
}
}
session_destroy();
$endtime = microtime(true);
$totaltime = $endtime - $starttime;
$totaltime = round($totaltime,5);
echo pFirst in $totaltime seconds./p;
$starttime = microtime(true);
// whatever you want timed, you do here.
for($i=1; $i 1000; $i++)
{
if (session_id() ==='')
{
echo __LINE__, '::session_start()br';
session_start();
}
}
$endtime = microtime(true);
$totaltime = $endtime - $starttime;
$totaltime = round($totaltime,5);
echo pSecond in $totaltime seconds./p;
session_destroy();
?
Andrew
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP session variables
On Aug 14, 2012, at 11:01 AM, Robert Cummings rob...@interjinn.com wrote: I'm not sure if you're making a joke, but your changes have no effect. You've merely explicitly stated the optional parameter's default value. What I had meant was to change the following: ?php $starttime = microtime(); $startarray = explode( , $starttime); $starttime = $startarray[1] + $startarray[0]; ? To the following :) ?php $starttime = microtime( true ); ? Cheers, Rob. Rob: Again thanks. Sorry, I totally missed your point. In my defense I commonly use the value returned from microtime() as a string and not as a float. The code that followed my microtime( false ); demo broke the string and recombined it into a float. So, when you said: Please see the current signature for microtime(): mixed microtime ([ bool $get_as_float = false ] ) I looked at that and said to myself, Oh, I need to define it as 'false' because I was using it as a sting. I completely overlooked your point that microtime() could return a float and thus no need to work with it as a string -- duh! The demo is fixed (I think): http://www.webbytedd.com/b/timed1/ Thanks, tedd _ t...@sperling.com http://sperling.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP session variables
Andrew:
Your points are well taken -- thanks.
However, my only concern is given this:
for($i=1; $i 1000; $i++)
{
if (!defined('SID'))
{
echo __LINE__, '::session_start()br';
session_start();
}
}
The php manual ( http://us3.php.net/manual/en/function.session-start.php )
First Note states that session_start() must be called *before* anything sent to
the Browser.
So, to rewrite your code --
for($i=1; $i 1000; $i++)
{
if (!defined('SID'))
{
session_start();
echo __LINE__, '::session_start()br';
}
}
-- should work better, right?
Cheers,
tedd
_
t...@sperling.com
http://sperling.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP session variables
On 12-08-15 03:19 PM, Tedd Sperling wrote: Rob: Again thanks. Sorry, I totally missed your point. In my defense I commonly use the value returned from microtime() as a string and not as a float. The code that followed my microtime( false ); demo broke the string and recombined it into a float. So, when you said: Please see the current signature for microtime(): mixed microtime ([ bool $get_as_float = false ] ) I looked at that and said to myself, Oh, I need to define it as 'false' because I was using it as a sting. I completely overlooked your point that microtime() could return a float and thus no need to work with it as a string -- duh! The demo is fixed (I think): http://www.webbytedd.com/b/timed1/ Thanks, tedd I only pointed it out because I used to do exactly the same thing :) Cheers, Rob. -- E-Mail Disclaimer: Information contained in this message and any attached documents is considered confidential and legally protected. This message is intended solely for the addressee(s). Disclosure, copying, and distribution are prohibited unless authorized. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP session variables
On Wed, Aug 15, 2012 at 3:24 PM, Tedd Sperling t...@sperling.com wrote:
Your points are well taken -- thanks.
I've seen a lot of people code that way, so it's easy to miss. In your
original code, that first statement was calling session_start() 1,000
times. This is because the first time through, SID is undefined so
defined(SID) was equivalent to defined('SID') and both would have
returned false. After the first session_start(), though, SID WAS
defined, but would have had some pseudo-random session identifier as
its value. As a result, the last 999 times through your loop, you were
actually scanning the defined constants to see if there was one named
something like '7cjubadsh5lkq80opemht2ea03'. Obviously, it would never
exist.
However, my only concern is given this:
for($i=1; $i 1000; $i++)
{
if (!defined('SID'))
{
echo __LINE__, '::session_start()br';
session_start();
}
}
The php manual ( http://us3.php.net/manual/en/function.session-start.php )
First Note states that session_start() must be called *before* anything sent
to the Browser.
So, to rewrite your code --
for($i=1; $i 1000; $i++)
{
if (!defined('SID'))
{
session_start();
echo __LINE__, '::session_start()br';
}
}
-- should work better, right?
Cheers,
tedd
Yes, that is more correct. I think we have output buffering enabled on
most of our servers (a lot of our legacy stuff really depends on it)
so I didn't notice any errors, but you are correct. You really don't
need the echo lines that I added in your test at all though. I just
threw it in there to be able to see when the function was being
called. However, due to the nature of your test page you are still
sending output from the first loop before you call session_start() in
the second loop. To be absolutely correct, you'd have to remove those
echo statements I added for debugging, store all of your timings in
separate variables and then output them at the end of the script.
Andrew
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP session variables
On Aug 13, 2012 8:01 AM, Robert Cummings rob...@interjinn.com wrote: On 12-08-10 04:42 PM, Tedd Sperling wrote: On Aug 10, 2012, at 1:21 PM, Ege Sertçetin sertce...@itu.edu.tr wrote: Hi. My question will maybe out of topic, I'm sorry. How can you know that one way will be much slower than other one? I mean, how can I learn which function is faster before I test it? Ege: No your question is on topic. This question should be asked on the list, so I'll present Q:A instead of answering privately http://www.webbytedd.com/b/timed1/ The code is there -- if you have questions, please post them to the list. Ted, Please see the current signature for microtime(): mixed microtime ([ bool $get_as_float = false ] ) The optional paramter was added in PHP 5.0.0. I think it's safe to update your habits :) Cheers, Rob. -- E-Mail Disclaimer: Information contained in this message and any attached documents is considered confidential and legally protected. This message is intended solely for the addressee(s). Disclosure, copying, and distribution are prohibited unless authorized. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php What are the timing values if you do something besides session start with no close?
Re: [PHP] PHP session variables
On Aug 13, 2012, at 10:59 AM, Robert Cummings rob...@interjinn.com wrote: On 12-08-10 04:42 PM, Tedd Sperling wrote: On Aug 10, 2012, at 1:21 PM, Ege Sertçetin sertce...@itu.edu.tr wrote: Hi. My question will maybe out of topic, I'm sorry. How can you know that one way will be much slower than other one? I mean, how can I learn which function is faster before I test it? Ege: No your question is on topic. This question should be asked on the list, so I'll present Q:A instead of answering privately http://www.webbytedd.com/b/timed1/ The code is there -- if you have questions, please post them to the list. Ted, Please see the current signature for microtime(): mixed microtime ([ bool $get_as_float = false ] ) The optional paramter was added in PHP 5.0.0. I think it's safe to update your habits :) Cheers, Rob. Rob: Fixed. Thanks -- my habits are always in a state of being updated -- just ask my wife. Cheers, tedd _ t...@sperling.com http://sperling.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP session variables
On 12-08-14 10:41 AM, Tedd Sperling wrote: On Aug 13, 2012, at 10:59 AM, Robert Cummings rob...@interjinn.com wrote: On 12-08-10 04:42 PM, Tedd Sperling wrote: On Aug 10, 2012, at 1:21 PM, Ege Sertçetin sertce...@itu.edu.tr wrote: Hi. My question will maybe out of topic, I'm sorry. How can you know that one way will be much slower than other one? I mean, how can I learn which function is faster before I test it? Ege: No your question is on topic. This question should be asked on the list, so I'll present Q:A instead of answering privately http://www.webbytedd.com/b/timed1/ The code is there -- if you have questions, please post them to the list. Ted, Please see the current signature for microtime(): mixed microtime ([ bool $get_as_float = false ] ) The optional paramter was added in PHP 5.0.0. I think it's safe to update your habits :) Cheers, Rob. Rob: Fixed. Thanks -- my habits are always in a state of being updated -- just ask my wife. I'm not sure if you're making a joke, but your changes have no effect. You've merely explicitly stated the optional parameter's default value. What I had meant was to change the following: ?php $starttime = microtime(); $startarray = explode( , $starttime); $starttime = $startarray[1] + $startarray[0]; ? To the following :) ?php $starttime = microtime( true ); ? Cheers, Rob. -- E-Mail Disclaimer: Information contained in this message and any attached documents is considered confidential and legally protected. This message is intended solely for the addressee(s). Disclosure, copying, and distribution are prohibited unless authorized. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: How to best set per-site PHP session storage under suPHP/WordPress?
On 13/08/2012 06:01, Philip Amadeo Saeli wrote: I'm administering WordPress sites under suPHP on a CentOS LAMP server and would like to know how I can set PHP to keep the session files under the WP user's dir without having do duplicate the entire php.ini file for each WP site while still maintaining adequate security. The problems I'm encountering are that, AFAICT, I have basically two choices: 1. Use the suPHP suPHP_ConfigPath to set the path to a per-site php.ini file containing a session.save_path directive. 2. Put php.ini files with the session.save_path directive within the WP dir hier. The problems with the above two options (I have found no other options so far) are that, for the former, the system php.ini file is not read so the per-site php.ini file(s) have to duplicate most if not all of what's in the system php.ini file; this is for each WP site (if not a WP Net (AKA WPMU) install); and for the latter, -any-and-every- subdir in the WP dir hier that has code that may reference the PHP session must have its own php.ini file in it. Either way it becomes a significant maintenance problem, especially once there are more than one or two such sites. I have not been able to find much documentation on this, either in the PHP site or in the various help forums. I've searched quite extensively and have run some tests of my own using phpinfo.php to see how things are set. I do not desire to open up file permissions to bypass this PHP settings issue altogether due to security concerns (though I do wish an answer could be so simple). What's canonical in such a case? If nothing, are there any other alternatives? My desired solution would be to be able to put one php.ini (or equivalent) file per site that would contain the needed directive which would be merged with the settings from the system php.ini, overriding only the session.save_path, but, AFAICT, PHP does not seem to allow this. Any other ideas? Thanks! --Phil Hi, You can add php.ini variables to the Apache Virtual Host section for each site, for example: php_admin_value session.save_path /path/to/new/session/folder [http://php.net/manual/en/configuration.changes.php] This will override the save path for each site you add it to, but all other values will be picked up from the system default. You must make sure the Apache user has write access to the new folder. Regards Ian -- -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP session variables
On 12-08-10 04:42 PM, Tedd Sperling wrote: On Aug 10, 2012, at 1:21 PM, Ege Sertçetin sertce...@itu.edu.tr wrote: Hi. My question will maybe out of topic, I'm sorry. How can you know that one way will be much slower than other one? I mean, how can I learn which function is faster before I test it? Ege: No your question is on topic. This question should be asked on the list, so I'll present Q:A instead of answering privately http://www.webbytedd.com/b/timed1/ The code is there -- if you have questions, please post them to the list. Ted, Please see the current signature for microtime(): mixed microtime ([ bool $get_as_float = false ] ) The optional paramter was added in PHP 5.0.0. I think it's safe to update your habits :) Cheers, Rob. -- E-Mail Disclaimer: Information contained in this message and any attached documents is considered confidential and legally protected. This message is intended solely for the addressee(s). Disclosure, copying, and distribution are prohibited unless authorized. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Re: How to best set per-site PHP session storage under suPHP/WordPress?
* Ian php_l...@fishnet.co.uk [2012-08-13 09:50:51 +0100]: On 13/08/2012 06:01, Philip Amadeo Saeli wrote: I'm administering WordPress sites under suPHP on a CentOS LAMP server and would like to know how I can set PHP to keep the session files under the WP user's dir without having do duplicate the entire php.ini file for each WP site while still maintaining adequate security. The problems I'm encountering are that, AFAICT, I have basically two choices: 1. Use the suPHP suPHP_ConfigPath to set the path to a per-site php.ini file containing a session.save_path directive. 2. Put php.ini files with the session.save_path directive within the WP dir hier. The problems with the above two options (I have found no other options so far) are that, for the former, the system php.ini file is not read so the per-site php.ini file(s) have to duplicate most if not all of what's in the system php.ini file; this is for each WP site (if not a WP Net (AKA WPMU) install); and for the latter, -any-and-every- subdir in the WP dir hier that has code that may reference the PHP session must have its own php.ini file in it. Either way it becomes a significant maintenance problem, especially once there are more than one or two such sites. I have not been able to find much documentation on this, either in the PHP site or in the various help forums. I've searched quite extensively and have run some tests of my own using phpinfo.php to see how things are set. I do not desire to open up file permissions to bypass this PHP settings issue altogether due to security concerns (though I do wish an answer could be so simple). What's canonical in such a case? If nothing, are there any other alternatives? My desired solution would be to be able to put one php.ini (or equivalent) file per site that would contain the needed directive which would be merged with the settings from the system php.ini, overriding only the session.save_path, but, AFAICT, PHP does not seem to allow this. Any other ideas? Thanks! --Phil Hi, You can add php.ini variables to the Apache Virtual Host section for each site, for example: php_admin_value session.save_path /path/to/new/session/folder [http://php.net/manual/en/configuration.changes.php] This will override the save path for each site you add it to, but all other values will be picked up from the system default. You must make sure the Apache user has write access to the new folder. Regards Ian -- Thanks, Ian, for the suggestion. I had tried that without success and had neglected to mention that in my post. The reason that it doesn't work, AFAICT, is that, since suPHP runs PHP as CGI and not DSO, the Apache directives are not available to it. Any other ideas? I'd especially like to better understand how PHP handles php.ini files and any rationale behind the way it handles them. Thanks, --Phil -- Philip Amadeo Saeli openSUSE, RHEL, CentOS psa...@zorodyne.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP session variables
Am 09.08.12 23:16, schrieb Jim Lucas: On 08/09/2012 01:45 PM, Tedd Sperling wrote: On Aug 8, 2012, at 5:41 PM, Jim Ginerjim.gi...@albanyhandball.com wrote: On 8/8/2012 11:24 AM, Ansry User 01 wrote: I am setting the _SESSION variables in one of my file, but whenever I leave the php page session variables are not accessible. Not sure what I need to do additionally other then defining _SESSION[]. Any pointer. You must make it a habit to start each script with session_start(); You should definitely not make that a habbit! Why create/open a session and send a cookie everytime script call even if you won't need it? Why access a hard disk to create/open a session file even if there is no use for it? Only call session_start() if you need it and call session_write_close() as early as possible to avoid write locks on the users session file. And up from PHP 5.4 you can use http://de2.php.net/manual/de/function.session-status.php to check a session status. -- Marco Behnke Dipl. Informatiker (FH), SAE Audio Engineer Diploma Zend Certified Engineer PHP 5.3 Tel.: 0174 / 9722336 e-Mail: ma...@behnke.biz Softwaretechnik Behnke Heinrich-Heine-Str. 7D 21218 Seevetal http://www.behnke.biz signature.asc Description: OpenPGP digital signature
Re: [PHP] PHP session variables
On Aug 10, 2012, at 1:21 PM, Ege Sertçetin sertce...@itu.edu.tr wrote: Hi. My question will maybe out of topic, I'm sorry. How can you know that one way will be much slower than other one? I mean, how can I learn which function is faster before I test it? Ege: No your question is on topic. This question should be asked on the list, so I'll present Q:A instead of answering privately http://www.webbytedd.com/b/timed1/ The code is there -- if you have questions, please post them to the list. Cheers, tedd _ t...@sperling.com http://sperling.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] How to best set per-site PHP session storage under suPHP/WordPress?
I'm administering WordPress sites under suPHP on a CentOS LAMP server and would like to know how I can set PHP to keep the session files under the WP user's dir without having do duplicate the entire php.ini file for each WP site while still maintaining adequate security. The problems I'm encountering are that, AFAICT, I have basically two choices: 1. Use the suPHP suPHP_ConfigPath to set the path to a per-site php.ini file containing a session.save_path directive. 2. Put php.ini files with the session.save_path directive within the WP dir hier. The problems with the above two options (I have found no other options so far) are that, for the former, the system php.ini file is not read so the per-site php.ini file(s) have to duplicate most if not all of what's in the system php.ini file; this is for each WP site (if not a WP Net (AKA WPMU) install); and for the latter, -any-and-every- subdir in the WP dir hier that has code that may reference the PHP session must have its own php.ini file in it. Either way it becomes a significant maintenance problem, especially once there are more than one or two such sites. I have not been able to find much documentation on this, either in the PHP site or in the various help forums. I've searched quite extensively and have run some tests of my own using phpinfo.php to see how things are set. I do not desire to open up file permissions to bypass this PHP settings issue altogether due to security concerns (though I do wish an answer could be so simple). What's canonical in such a case? If nothing, are there any other alternatives? My desired solution would be to be able to put one php.ini (or equivalent) file per site that would contain the needed directive which would be merged with the settings from the system php.ini, overriding only the session.save_path, but, AFAICT, PHP does not seem to allow this. Any other ideas? Thanks! --Phil -- Philip Amadeo Saeli openSUSE, RHEL, CentOS psa...@zorodyne.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP session variables
On Aug 9, 2012, at 5:16 PM, Jim Lucas li...@cmsws.com wrote:
You are relying on PHP's loose typing. This is a poor check.
session_id() returns a string, not boolean.
You should do this instead.
if ( session_id() === '' )
--
Jim Lucas
Thanks Jim -- you're right.
What about?
if (!defined(SID))
{
session_start();
}
Cheers,
tedd
_
t...@sperling.com
http://sperling.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP session variables
On Aug 10, 2012, at 11:45 AM, Tedd Sperling t...@sperling.com wrote:
On Aug 9, 2012, at 5:16 PM, Jim Lucas li...@cmsws.com wrote:
You are relying on PHP's loose typing. This is a poor check.
session_id() returns a string, not boolean.
You should do this instead.
if ( session_id() === '' )
--
Jim Lucas
Thanks Jim -- you're right.
What about?
if (!defined(SID))
{
session_start();
}
Before you answer, the (!defined(SID)) is over 50 times slower than (
session_id() === '' )
Your way is better.
Cheers,
tedd
_
t...@sperling.com
http://sperling.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP session variables
On Aug 8, 2012, at 5:41 PM, Jim Giner jim.gi...@albanyhandball.com wrote:
On 8/8/2012 11:24 AM, Ansry User 01 wrote:
I am setting the _SESSION variables in one of my file, but whenever I leave
the php page session variables are not accessible. Not sure what I need to
do additionally other then defining _SESSION[].
Any pointer.
You must make it a habit to start each script with
session_start();
I like this way:
if (!session_id())
{
session_start();
}
Cheers,
tedd
_
t...@sperling.com
http://sperling.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP session variables
On 08/09/2012 01:45 PM, Tedd Sperling wrote:
On Aug 8, 2012, at 5:41 PM, Jim Ginerjim.gi...@albanyhandball.com wrote:
On 8/8/2012 11:24 AM, Ansry User 01 wrote:
I am setting the _SESSION variables in one of my file, but whenever I leave the
php page session variables are not accessible. Not sure what I need to do
additionally other then defining _SESSION[].
Any pointer.
You must make it a habit to start each script with
session_start();
I like this way:
if (!session_id())
{
session_start();
}
Cheers,
tedd
_
t...@sperling.com
http://sperling.com
You are relying on PHP's loose typing. This is a poor check.
session_id() returns a string, not boolean.
You should do this instead.
if ( session_id() === '' )
--
Jim Lucas
http://www.cmsws.com/
http://www.cmsws.com/examples/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP session variables
On Wed, Aug 8, 2012 at 11:24 AM, Ansry User 01 yrsna.res...@gmail.com wrote: I am setting the _SESSION variables in one of my file, but whenever I leave the php page session variables are not accessible. Not sure what I need to do additionally other then defining _SESSION[]. Any pointer. If you're not telling PHP (in php.ini) to auto-start the session, then you'll need session_start() before accessing $_SESSION. If you're certain the session is being properly instantiated in the code, make sure that the user as which the web server (Apache, et al) is running has permission and available disk space to access the session storage media (file system such as /tmp, database table, et cetera). -- /Daniel P. Brown Network Infrastructure Manager http://www.php.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP session variables
On Wed, Aug 8, 2012 at 8:24 AM, Ansry User 01 yrsna.res...@gmail.comwrote: I am setting the _SESSION variables in one of my file, but whenever I leave the php page session variables are not accessible. As always, post some code demonstrating what you're doing. Help us help you! :) David
RE: [PHP] PHP session variables
-Original Message- From: David Harkness [mailto:davi...@highgearmedia.com] Sent: Wednesday, August 08, 2012 11:53 AM To: Ansry User 01 Cc: php-general@lists.php.net Subject: Re: [PHP] PHP session variables On Wed, Aug 8, 2012 at 8:24 AM, Ansry User 01 yrsna.res...@gmail.comwrote: I am setting the _SESSION variables in one of my file, but whenever I leave the php page session variables are not accessible. As always, post some code demonstrating what you're doing. Help us help you! :) David You have to set session_start also on the page where you are trying to retrieve the session variables. Jen -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Re: PHP session variables
On 8/8/2012 11:24 AM, Ansry User 01 wrote: I am setting the _SESSION variables in one of my file, but whenever I leave the php page session variables are not accessible. Not sure what I need to do additionally other then defining _SESSION[]. Any pointer. You must make it a habit to start each script with session_start(); so that any thing you did in the last script is returned for use in the new script. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session Checking
On Jul 9, 2012, at 2:40 PM, Floyd Resler fres...@adex-intl.com wrote: I want to have an alert pop up to let the user know their session is about to expire. Would the best approach be to do a timer in Javascript or check it in PHP. I'm storing session data in a MySQL database so I can know when a session will expire. If I check it through PHP will the session expiration refresh when I check it? Thanks! Floyd Floyd: If this was my problem, my solution would be: 1. A PHP script that recorded (via MySQL) the date/time when the user successfully accessed something private (i.e., password protected). 2. The next time the user requested protected-access again, I would have the script look at the last time the user accessed this data and see IF the time period between accesses (then and now) exceeded an established time limit. If so, then deny access. If not, then reset the timer and allow access. That's the way it would work on the server-side. However, the server-side really has no efficient way to notify the user their session is about to expire -- instead that should take place client-side and without question, you'll need a client-side JavaScript timer. The client-side timer simply preforms a count-down and notifies the user when their session is about to expire. The important thing to realize here is that the client-side and server-side scripts have no communication between each other nor is any needed other than when to start the count-down. The two scripts are separate, but are working in apparent concert. The server-side script will be the ultimate decider of IF the user's session has timed out or not. The client-side script only notifies the user of the count-down and nothing else. HTH's tedd PS: Arby's? _ t...@sperling.com http://sperling.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Session Checking
I want to have an alert pop up to let the user know their session is about to expire. Would the best approach be to do a timer in Javascript or check it in PHP. I'm storing session data in a MySQL database so I can know when a session will expire. If I check it through PHP will the session expiration refresh when I check it? Thanks! Floyd BTW, is Arby's having a roast beef sale or something? Everyone on the list seems to be gone! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session Checking
On Mon, Jul 9, 2012 at 2:40 PM, Floyd Resler fres...@adex-intl.com wrote: I want to have an alert pop up to let the user know their session is about to expire. Would the best approach be to do a timer in Javascript or check it in PHP. I'm storing session data in a MySQL database so I can know when a session will expire. If I check it through PHP will the session expiration refresh when I check it? If the browser is accessing the script, even in the background (such as via AJAX calls), it'll renew the session. What you could do is populate some JavaScript to count down to the expiry, or - if you're storing sessions via MySQL or something similar - check the record manually via a non-session-enabled script. BTW, is Arby's having a roast beef sale or something? Everyone on the list seems to be gone! Better not be. I just had lunch 90 minutes ago. (Though, since it was homemade wood-smoked barbecue beef brisket with pickles and red onions on a kaiser roll, I guess I can't complain.) -- /Daniel P. Brown Network Infrastructure Manager http://www.php.net/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session lost problem
On Tue, Apr 24, 2012 at 12:58 AM, bug zhu bugw...@gmail.com wrote:
there are tow php files a.php and b.php,
content of a.php as follows:
?php
session_start();
if (!isset($_GET['flag']))
{
header('Location: b.php');
}
else
{
var_dump($_SESSION);
}
content of b.php as follows:
?php
session_start();
session_commit();
$_SESSION['test'] = 'test';
session_commit();
header('Location: a.php?flag=1');
when i visit a.php, the dumped $_SESSION array is empty
but if i commented the first session_commit() in b.php and then visit
a.php, i cound see the $_SESSION array,which is not empty
i wish i have descibed clear about my problem and someone could give me a
feedback~
Hi,
So, you:
1) Visit page a.php (I'm assuming without the flag)
2) Are forwarded to page b.php, which you're expecting to store a
session variable 'test'.
3) Then forwarded back to page a.php.
You're likely expecting that you're return visit to page a.php should
reveal the 'test' variable.
The issue is that you're calling session_commit(), which is actually
an alias for session_write_close(). This function actually stops the
current session. So, when you hit the line $_SESSION['test'] = 'test',
your session has already terminated.
Try removing the session_commit() calls (or at least permanently
remove the first call.) You only want to call session_commit() when
you're done accessing/updating $_SESSION variables.
Adam
--
Nephtali: A simple, flexible, fast, and security-focused PHP framework
http://nephtaliproject.com
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session lost problem
thank you for your explanation,
when i write to $_SESSION after session_commit(),$_SESSION is just a
regular array
2012/4/24 Stuart Dallas stu...@3ft9.com
Please don't top-post, and please include the list when replying.
On 24 Apr 2012, at 06:35, bug zhu wrote:
2012/4/24 Stuart Dallas stu...@3ft9.com
On 24 Apr 2012, at 05:58, bug zhu wrote:
there are tow php files a.php and b.php,
content of a.php as follows:
?php
session_start();
if (!isset($_GET['flag']))
{
header('Location: b.php');
}
else
{
var_dump($_SESSION);
}
content of b.php as follows:
?php
session_start();
session_commit();
$_SESSION['test'] = 'test';
session_commit();
header('Location: a.php?flag=1');
when i visit a.php, the dumped $_SESSION array is empty
but if i commented the first session_commit() in b.php and then visit
a.php, i cound see the $_SESSION array,which is not empty
i wish i have descibed clear about my problem and someone could give
me a
feedback~
I'm really not clear on what you're trying to do here, but the
behaviour you're describing is as designed. When you call session_commit()
you are saving and closing the session, so nothing done to $_SESSION after
that point will be saved, even if you call session_commit() again.
but in a single file without redirect, code as follows
?php
session_start();
session_commit();
$_SESSION['test'] = 'test';
session_commit();
var_dump($_SESSION);
could dump the $_SESSION array.
Yes, because $_SESSION is not special in any way other than that it's used
by the session system; it's no more than a superglobal array. So within one
request that array contains whatever you put into it, but that doesn't mean
it is stored in whatever session storage mechanism you're using (files by
default). When you redirect to another URL that's a whole new request so
the contents of $_SESSION have to be loaded from the session storage.
-Stuart
--
Stuart Dallas
3ft9 Ltd
http://3ft9.com/
--
thanks,
bugzhu
Re: [PHP] session lost problem
bug zhu bugw...@gmail.com hat am 24. April 2012 um 08:28 geschrieben: thank you for your explanation, when i write to $_SESSION after session_commit(),$_SESSION is just a regular array Yes. Actually session_commit does not terminate the session as mentioned earlier but is closes it for writing. You cann still read session values. The benefit of using session_commit is that the server saved associated session file is no longer locked, so that parallel requests can both access the values. The approach ist as follows: Call session_commit() as early in you code (after session_open) as possible to avoid locking. So first do all the writing to the $_SESSION array, then do write close (or commit). After that you can still read all session relevant information. If you want to write afterwards to your $_SESSIOn array you simply have to call session_start to re-open the write context. Afterwards you can commit it again to remove the lock. But be careful! session_start and session_commit perform write operations on your harddisk or whatever storage you use. Many calls to start and commit will result in losing performance. Regards, Marco -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session lost problem
2012/4/24 ma...@behnke.biz ma...@behnke.biz bug zhu bugw...@gmail.com hat am 24. April 2012 um 08:28 geschrieben: thank you for your explanation, when i write to $_SESSION after session_commit(),$_SESSION is just a regular array Yes. Actually session_commit does not terminate the session as mentioned earlier but is closes it for writing. You cann still read session values. The benefit of using session_commit is that the server saved associated session file is no longer locked, so that parallel requests can both access the values. The approach ist as follows: Call session_commit() as early in you code (after session_open) as possible to avoid locking. So first do all the writing to the $_SESSION array, then do write close (or commit). After that you can still read all session relevant information. If you want to write afterwards to your $_SESSIOn array you simply have to call session_start to re-open the write context. Afterwards you can commit it again to remove the lock. But be careful! session_start and session_commit perform write operations on your harddisk or whatever storage you use. Many calls to start and commit will result in losing performance. Regards, Marco -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php got it, very appreciate you explanation:-) -- thanks, bugzhu
[PHP] session lost problem
hi all:
there are tow php files a.php and b.php,
content of a.php as follows:
?php
session_start();
if (!isset($_GET['flag']))
{
header('Location: b.php');
}
else
{
var_dump($_SESSION);
}
content of b.php as follows:
?php
session_start();
session_commit();
$_SESSION['test'] = 'test';
session_commit();
header('Location: a.php?flag=1');
when i visit a.php, the dumped $_SESSION array is empty
but if i commented the first session_commit() in b.php and then visit
a.php, i cound see the $_SESSION array,which is not empty
i wish i have descibed clear about my problem and someone could give me a
feedback~
--
thanks,
bugzhu
Re: [PHP] session lost problem
On 24 Apr 2012, at 05:58, bug zhu wrote:
there are tow php files a.php and b.php,
content of a.php as follows:
?php
session_start();
if (!isset($_GET['flag']))
{
header('Location: b.php');
}
else
{
var_dump($_SESSION);
}
content of b.php as follows:
?php
session_start();
session_commit();
$_SESSION['test'] = 'test';
session_commit();
header('Location: a.php?flag=1');
when i visit a.php, the dumped $_SESSION array is empty
but if i commented the first session_commit() in b.php and then visit
a.php, i cound see the $_SESSION array,which is not empty
i wish i have descibed clear about my problem and someone could give me a
feedback~
I'm really not clear on what you're trying to do here, but the behaviour you're
describing is as designed. When you call session_commit() you are saving and
closing the session, so nothing done to $_SESSION after that point will be
saved, even if you call session_commit() again.
-Stuart
--
Stuart Dallas
3ft9 Ltd
http://3ft9.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] session lost problem
Please don't top-post, and please include the list when replying.
On 24 Apr 2012, at 06:35, bug zhu wrote:
2012/4/24 Stuart Dallas stu...@3ft9.com
On 24 Apr 2012, at 05:58, bug zhu wrote:
there are tow php files a.php and b.php,
content of a.php as follows:
?php
session_start();
if (!isset($_GET['flag']))
{
header('Location: b.php');
}
else
{
var_dump($_SESSION);
}
content of b.php as follows:
?php
session_start();
session_commit();
$_SESSION['test'] = 'test';
session_commit();
header('Location: a.php?flag=1');
when i visit a.php, the dumped $_SESSION array is empty
but if i commented the first session_commit() in b.php and then visit
a.php, i cound see the $_SESSION array,which is not empty
i wish i have descibed clear about my problem and someone could give me a
feedback~
I'm really not clear on what you're trying to do here, but the behaviour
you're describing is as designed. When you call session_commit() you are
saving and closing the session, so nothing done to $_SESSION after that
point will be saved, even if you call session_commit() again.
but in a single file without redirect, code as follows
?php
session_start();
session_commit();
$_SESSION['test'] = 'test';
session_commit();
var_dump($_SESSION);
could dump the $_SESSION array.
Yes, because $_SESSION is not special in any way other than that it's used by
the session system; it's no more than a superglobal array. So within one
request that array contains whatever you put into it, but that doesn't mean it
is stored in whatever session storage mechanism you're using (files by
default). When you redirect to another URL that's a whole new request so the
contents of $_SESSION have to be loaded from the session storage.
-Stuart
--
Stuart Dallas
3ft9 Ltd
http://3ft9.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] SESSION var and Objects problem
My first foray into classes objects.
When retrieving a set of records, I'm using a class to build an object. At
this time I save each record/object into a Session array by doing this:
$rows = mysql_num_rows($qrslts);
if ($rows 0)
for ($i=1;$i=$rows;$i++)
{
$row = mysql_fetch_array($qrslts);
$e = new Entry;
if ($e-GetAnEntry($row['recordkey'],$row['Eventcode']))
{
$evts[] = $e;
array_push($_SESSION['TMScurr_evts'],$e); // THIS DOESN'T
$cls_errs .= Stored $e-event in sess var $i-1; ; // THIS
WORKS
}
else
$cls_errs .= Could not retrieve event record for
.$row['recordkey']. .$row['Eventcode'];
}
The above code works AFAIK - the line above the array_push correctly stores
my retreived record data in the $evts array just fine and I can see the
data when I use that array to display my page.
Note also that the var $cls_errs following the array_push does show me that
valid values are being stored in $e
Later on, in my main process I attempt to retreive the contents of my
Session var to use to re-display the data. The code for that doesn't
display any values. In trying to debug this here is what I've done:
$cnt = count($_SESSION['TMScurr_evts']);
echo In Display process with $cnt recs in session var TMScurr_evts. ;
// THIS WORKS
reset($_SESSION['TMScurr_evts']);
$e = new Entry;
for ($i=0;$icount($_SESSION['TMScurr_evts']);$i++)
{
$e = array_pop($_SESSION['TMScurr_evts']);
echo in Display process - sess event $i is $e-eventbr;//
THIS DOESN'T
}
This debugging code correctly tells me how many entries are in the Session
array variable, but the attempt to echo the values stored in the first field
of each object contained in it shows blank for each one.
What am I doing wrong when I try to pull the contents of my session array
out and store them back into an Entry object, one at a time, so that I can
display the object on my webpage??
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] SESSION var and Objects problem
On 2 Mar 2012, at 20:07, Jim Giner wrote:
My first foray into classes objects.
When retrieving a set of records, I'm using a class to build an object. At
this time I save each record/object into a Session array by doing this:
$rows = mysql_num_rows($qrslts);
if ($rows 0)
for ($i=1;$i=$rows;$i++)
{
$row = mysql_fetch_array($qrslts);
$e = new Entry;
if ($e-GetAnEntry($row['recordkey'],$row['Eventcode']))
{
$evts[] = $e;
array_push($_SESSION['TMScurr_evts'],$e); // THIS DOESN'T
$cls_errs .= Stored $e-event in sess var $i-1; ; // THIS
WORKS
}
else
$cls_errs .= Could not retrieve event record for
.$row['recordkey']. .$row['Eventcode'];
}
What is the type of $e (i.e. what's the class called)?
Side note... it looks like GetAnEntry fetches the entry into internal data.
This isn't really how objects are supposed to work. To be more OO-like you
should be passing the recordkey and Eventcode values into the constructor. But
that's not relevant to your issue.
The above code works AFAIK - the line above the array_push correctly stores
my retreived record data in the $evts array just fine and I can see the
data when I use that array to display my page.
Note also that the var $cls_errs following the array_push does show me that
valid values are being stored in $e
Later on, in my main process I attempt to retreive the contents of my
Session var to use to re-display the data. The code for that doesn't
display any values. In trying to debug this here is what I've done:
$cnt = count($_SESSION['TMScurr_evts']);
echo In Display process with $cnt recs in session var TMScurr_evts. ;
// THIS WORKS
reset($_SESSION['TMScurr_evts']);
$e = new Entry;
for ($i=0;$icount($_SESSION['TMScurr_evts']);$i++)
{
$e = array_pop($_SESSION['TMScurr_evts']);
echo in Display process - sess event $i is $e-eventbr;//
THIS DOESN'T
}
This debugging code correctly tells me how many entries are in the Session
array variable, but the attempt to echo the values stored in the first field
of each object contained in it shows blank for each one.
What am I doing wrong when I try to pull the contents of my session array
out and store them back into an Entry object, one at a time, so that I can
display the object on my webpage??
In the above script, the one that gets the objects out of the session, has the
class been declared? IOW, have you included the PHP file that defines that
class? If not then it won't be able to recreate the object.
If that was the problem then I suggest you make sure you have error_reporting
set to at least E_ALL, and display_errors set on, because this issue will be
causing a fatal error, the text of which would make it obvious what's going
wrong.
-Stuart
--
Stuart Dallas
3ft9 Ltd
http://3ft9.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] SESSION var and Objects problem
Yes I ahve the class defined. The classes work in most cases - just this one place where I want to save the objects in a sess var for re-use fails me. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] SESSION var and Objects problem
Please quote the pertinent bit of the message you're replying to, it makes
using the list a halluvalot easier and improves SEO for the archives.
On 2 Mar 2012, at 20:55, Jim Giner wrote:
Yes I ahve the class defined. The classes work in most cases - just this one
place where I want to save the objects in a sess var for re-use fails me.
Put the following line at the top of the code that you posted and post the
output.
echo 'pre'; var_dump($_SESSION['TMScurr_evts']); die('/pre');
Have you checked your error log, or your error settings? Scripts generally
don't stop executing for no reason or without saying why.
-Stuart
--
Stuart Dallas
3ft9 Ltd
http://3ft9.com/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] SESSION var and Objects problem
ok - In examinig the objects in the Session after the data has been displayed and the user has hit triggered a re-entry into my script (just one script involved here), the objects in the session array now say [__PHP_Incomplete_Class_Name and __PHP_Incomplete_Class Object . They didn't say that during my examiniation of the sess var before exiting the script. Also with All error reporting on (a great tip that I never think of) I get many messages indicating that the object may not have been loaded. I don't know what this means. The include file for my class is present in my script and is always loaded. But at this point in the process no functions of the class have been called. Is that a problem? In trying to re-display my data stored in the Sessioin array I instantiate a var of the class and then pop an array off the session var and assign it to the object and then call my display function to show the data on the webpage - that is where I get the errors. Here is one of these messages: Notice: DisplayAnEntry() [function.displayanentry]: The script tried to execute a method or access a property of an incomplete object. Please ensure that the class definition Entry of the object you are trying to operate on was loaded _before_ unserialize() gets called or provide a __autoload() function to load the class definition in /home/albany/public_html/tms/php/tmsentry.php on line 372 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] SESSION var and Objects problem
On 2 Mar 2012, at 21:09, Jim Giner wrote: ok - In examinig the objects in the Session after the data has been displayed and the user has hit triggered a re-entry into my script (just one script involved here), the objects in the session array now say [__PHP_Incomplete_Class_Name and __PHP_Incomplete_Class Object . They didn't say that during my examiniation of the sess var before exiting the script. Also with All error reporting on (a great tip that I never think of) I get many messages indicating that the object may not have been loaded. I don't know what this means. The include file for my class is present in my script and is always loaded. But at this point in the process no functions of the class have been called. Is that a problem? In trying to re-display my data stored in the Sessioin array I instantiate a var of the class and then pop an array off the session var and assign it to the object and then call my display function to show the data on the webpage - that is where I get the errors. Here is one of these messages: Notice: DisplayAnEntry() [function.displayanentry]: The script tried to execute a method or access a property of an incomplete object. Please ensure that the class definition Entry of the object you are trying to operate on was loaded _before_ unserialize() gets called or provide a __autoload() function to load the class definition in /home/albany/public_html/tms/php/tmsentry.php on line 372 Make sure the class is declared before you call session_start. -Stuart -- Stuart Dallas 3ft9 Ltd http://3ft9.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] SESSION var and Objects problem
Stuart Dallas stu...@3ft9.com wrote in message news:7eeba658-c7f6-4449-87bd-aac71b41e...@3ft9.com... Make sure the class is declared before you call session_start. * You Da Man!! I see now why it makes a difference. The session tries to bring back the data but doesn't know how to handle the objects in the session vars since the objects haven't been defined. Never would of thought of that! Thank you for being there! :) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] SESSION var and Objects problem
Hi, Jim To avoid this kind of problem it would also help to provide an autoloader-function as PHP then tries to load the class-definition by this autoloader ;) Using that you'd bind yourself to have a pretty good system for php-classes and you'd avoid having problems like that. I'd in fact have never thought about a solution like that - but that may comes from the fact that I always use auto-loader-scripts ;) One additional info: I had some problems putting an instance of *SimpleXmlElement *into the session ... The only valuable info I found was this error: *Fatal error: Exception thrown without a stack frame in Unknown on line 0* Here's the solution and description why: http://stackoverflow.com/questions/4624223/object-in-session-fatal-error-exception-thrown-without-a-stack-frame-in-unknow#answer-4624256 Bye Simon 2012/3/2 Jim Giner jim.gi...@albanyhandball.com Stuart Dallas stu...@3ft9.com wrote in message news:7eeba658-c7f6-4449-87bd-aac71b41e...@3ft9.com... Make sure the class is declared before you call session_start. * You Da Man!! I see now why it makes a difference. The session tries to bring back the data but doesn't know how to handle the objects in the session vars since the objects haven't been defined. Never would of thought of that! Thank you for being there! :) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Race Condition In PHP Session Handler
php-5.3.3-3.el6_2.6.x86_64 2.6.32-220.4.2.el6.x86_64 After some testing we moved our production PHP intranet site from an old server to a new CentOS 6.2 instance running the mentioned versions. At first it worked well and then user's started to experience a hung site. Upon some digging it appears that the PHP module is getting stuck in a race condition regarding the sessions file - [root@yannigan-orange fd]# strace -p 22607 Process 22607 attached - interrupt to quit flock(53, LOCK_EX^C unfinished ... where file handle 53 is ... lr-x--. 1 root root 64 Feb 17 15:24 52 - /opt/informix/msg/en_us/0333/cli.iem lrwx--. 1 root root 64 Feb 17 15:24 53 - /var/lib/php/session/sess_ulgsl9joplobb9o4fue3n2e1k0 l-wx--. 1 root root 64 Feb 17 15:24 6 - pipe:[660246] The PHP session file. Originally I had a tmpfs mounted for the session files. I removed that and used the underlying filesystem. Same issue. I disabled APC. Same issue. Switching the the memcache session handler resolved the issue, although that may be less optimal. But this seems like a PHP bug. Tips, comments, pointers? Backtrace of a hung httpd - #0 0x7fa175af9be7 in flock () from /lib64/libc.so.6 #1 0x7fa16cb59dfc in ?? () from /etc/httpd/modules/libphp5.so #2 0x7fa16cb5a047 in ?? () from /etc/httpd/modules/libphp5.so #3 0x7fa16cb56e4c in php_session_start () from /etc/httpd/modules/libphp5.so #4 0x7fa16cb57559 in ?? () from /etc/httpd/modules/libphp5.so #5 0x7fa16cc9afe8 in ?? () from /etc/httpd/modules/libphp5.so #6 0x7fa16cc72320 in execute () from /etc/httpd/modules/libphp5.so #7 0x7fa16cc4ca5d in zend_execute_scripts () from /etc/httpd/modules/libphp5.so #8 0x7fa16cbfacf8 in php_execute_script () from /etc/httpd/modules/libphp5.so #9 0x7fa16ccd59a5 in ?? () from /etc/httpd/modules/libphp5.so #10 0x7fa17751da60 in ap_run_handler () #11 0x7fa17752131e in ap_invoke_handler () #12 0x7fa17752c990 in ap_process_request () #13 0x7fa177529858 in ?? () #14 0x7fa177525568 in ap_run_process_connection () #15 0x7fa177531767 in ?? () #16 0x7fa177531a7a in ?? () #17 0x7fa177531dab in ap_mpm_run () #18 0x7fa177509900 in main () -- System Network Administrator [ LPI NCLA ] http://www.whitemiceconsulting.com OpenGroupware Developer http://www.opengroupware.us Adam Tauno Williams -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Race Condition In PHP Session Handler
On Mon, Feb 20, 2012 at 7:21 PM, Adam Tauno Williams awill...@whitemice.org wrote: php-5.3.3-3.el6_2.6.x86_64 2.6.32-220.4.2.el6.x86_64 After some testing we moved our production PHP intranet site from an old server to a new CentOS 6.2 instance running the mentioned versions. At first it worked well and then user's started to experience a hung site. Upon some digging it appears that the PHP module is getting stuck in a race condition regarding the sessions file - [root@yannigan-orange fd]# strace -p 22607 Process 22607 attached - interrupt to quit flock(53, LOCK_EX^C unfinished ... where file handle 53 is ... lr-x--. 1 root root 64 Feb 17 15:24 52 - /opt/informix/msg/en_us/0333/cli.iem lrwx--. 1 root root 64 Feb 17 15:24 53 - /var/lib/php/session/sess_ulgsl9joplobb9o4fue3n2e1k0 l-wx--. 1 root root 64 Feb 17 15:24 6 - pipe:[660246] The PHP session file. Originally I had a tmpfs mounted for the session files. I removed that and used the underlying filesystem. Same issue. I disabled APC. Same issue. Switching the the memcache session handler resolved the issue, although that may be less optimal. But this seems like a PHP bug. Tips, comments, pointers? Backtrace of a hung httpd - #0 0x7fa175af9be7 in flock () from /lib64/libc.so.6 #1 0x7fa16cb59dfc in ?? () from /etc/httpd/modules/libphp5.so #2 0x7fa16cb5a047 in ?? () from /etc/httpd/modules/libphp5.so #3 0x7fa16cb56e4c in php_session_start () from /etc/httpd/modules/libphp5.so #4 0x7fa16cb57559 in ?? () from /etc/httpd/modules/libphp5.so #5 0x7fa16cc9afe8 in ?? () from /etc/httpd/modules/libphp5.so #6 0x7fa16cc72320 in execute () from /etc/httpd/modules/libphp5.so #7 0x7fa16cc4ca5d in zend_execute_scripts () from /etc/httpd/modules/libphp5.so #8 0x7fa16cbfacf8 in php_execute_script () from /etc/httpd/modules/libphp5.so #9 0x7fa16ccd59a5 in ?? () from /etc/httpd/modules/libphp5.so #10 0x7fa17751da60 in ap_run_handler () #11 0x7fa17752131e in ap_invoke_handler () #12 0x7fa17752c990 in ap_process_request () #13 0x7fa177529858 in ?? () #14 0x7fa177525568 in ap_run_process_connection () #15 0x7fa177531767 in ?? () #16 0x7fa177531a7a in ?? () #17 0x7fa177531dab in ap_mpm_run () #18 0x7fa177509900 in main () -- System Network Administrator [ LPI NCLA ] http://www.whitemiceconsulting.com OpenGroupware Developer http://www.opengroupware.us Adam Tauno Williams It sounds like a bug in memcache to me, but anyway, there's little chance you're getting any info from this mailing list. You should open a bug report at bugs.php.net for this. If you want to be even more helpful, provide a backtrace with debug symbols included. - Matijn -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Race Condition In PHP Session Handler
On Mon, 2012-02-20 at 20:02 +0100, Matijn Woudt wrote: On Mon, Feb 20, 2012 at 7:21 PM, Adam Tauno Williams awill...@whitemice.org wrote: php-5.3.3-3.el6_2.6.x86_64 2.6.32-220.4.2.el6.x86_64 The PHP session file. Originally I had a tmpfs mounted for the session files. I removed that and used the underlying filesystem. Same issue. I disabled APC. Same issue. Switching the the memcache session handler resolved the issue, although that may be less optimal. But this seems like a PHP bug. Backtrace of a hung httpd - #0 0x7fa175af9be7 in flock () from /lib64/libc.so.6 #1 0x7fa16cb59dfc in ?? () from /etc/httpd/modules/libphp5.so #2 0x7fa16cb5a047 in ?? () from /etc/httpd/modules/libphp5.so #3 0x7fa16cb56e4c in php_session_start () from /etc/httpd/modules/libphp5.so #4 0x7fa16cb57559 in ?? () from /etc/httpd/modules/libphp5.so #5 0x7fa16cc9afe8 in ?? () from /etc/httpd/modules/libphp5.so #6 0x7fa16cc72320 in execute () from /etc/httpd/modules/libphp5.so It sounds like a bug in memcache to me, but anyway, there's little No, switching *to* memcache as the session handler worked around the issue. chance you're getting any info from this mailing list. Expected; just thought I might get lucky with somone who was using the same current packages. You should opena bug report at bugs.php.net for this. If you want to be even more helpful, provide a backtrace with debug symbols included. I'm working on getting a full stack trace, but the CentOS debuginfo packages are lagging behind. -- System Network Administrator [ LPI NCLA ] http://www.whitemiceconsulting.com OpenGroupware Developer http://www.opengroupware.us Adam Tauno Williams -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Session treating
Hi guys and girls,
I'm completely stuck at a really stupid thing.
For some reason my session id doesn't pass through the links.
Here is the code:
index.php:
?php
// Checking if the admin was ever authorized
if ($_SESSION['PSS']!=session_id()) $auth=0; else $auth=1;
if ($_SESSION['Editor']!=Voice of Istanor) $auth=0; else $auth=1;
if ($auth==0) {
if (!@$_POST) {
// If there's no POST values, including the login form
include login.php;
// For debugging only, outputs: Session name: PHPSESSID, session id: ;
printf(Session name: %s, Session Id: %s, session_name(), session_id());
} else {
// Here go real values
if (($_POST['uname']!=Tralala) || (sha1($_POST['upass'])!=abcdeftralala)) {
echo h3Invalid login or password!/h3;
include login.php;
} else {
// Attention!
session_name(PalantirSessId);
session_start();
// Everything goes Ok here
printf(Session name: %s, Session Id: %s, session_name(), session_id());
$_SESSION['PSS']=session_id();
$_SESSION['Editor']=$_POST['uname'];
$auth=1;
}
}
}
if ($auth==1) {
echo !DOCTYPE HTMLhtml
head
meta charset=\utf-8\
/head
body bgcolor=#CCBBFF;
include header.html;
// Still ok! the same name, the same Id
printf(Session name: %s, Session Id: %s, session_name(), session_id());
end of code.
But now go the links such as
a href=articles.phpArticles management/a
And there, in the articles.php, I write the following:
?php
session_name(PalantirSessId);
session_start();
printf(Session name: %s, Session Id: %s, session_name(), session_id());
And here (!) the session name is correct, but the session id is changed.
My question is: why?
Thanks!
--
With best regards from Ukraine,
Andre
Skype: Francophile
Twitter: http://twitter.com/m_elensule
Facebook: http://facebook.com/menelion
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session treating
Andre Polykanine an...@oire.org wrote:
Hi guys and girls,
I'm completely stuck at a really stupid thing.
For some reason my session id doesn't pass through the links.
Here is the code:
index.php:
?php
// Checking if the admin was ever authorized
if ($_SESSION['PSS']!=session_id()) $auth=0; else $auth=1;
if ($_SESSION['Editor']!=Voice of Istanor) $auth=0; else $auth=1;
if ($auth==0) {
if (!@$_POST) {
// If there's no POST values, including the login form
include login.php;
// For debugging only, outputs: Session name: PHPSESSID, session id:
;
printf(Session name: %s, Session Id: %s, session_name(),
session_id());
} else {
// Here go real values
if (($_POST['uname']!=Tralala) ||
(sha1($_POST['upass'])!=abcdeftralala)) {
echo h3Invalid login or password!/h3;
include login.php;
} else {
// Attention!
session_name(PalantirSessId);
session_start();
// Everything goes Ok here
printf(Session name: %s, Session Id: %s, session_name(),
session_id());
$_SESSION['PSS']=session_id();
$_SESSION['Editor']=$_POST['uname'];
$auth=1;
}
}
}
if ($auth==1) {
echo !DOCTYPE HTMLhtml
head
meta charset=\utf-8\
/head
body bgcolor=#CCBBFF;
include header.html;
// Still ok! the same name, the same Id
printf(Session name: %s, Session Id: %s, session_name(),
session_id());
end of code.
But now go the links such as
a href=articles.phpArticles management/a
And there, in the articles.php, I write the following:
?php
session_name(PalantirSessId);
session_start();
printf(Session name: %s, Session Id: %s, session_name(),
session_id());
And here (!) the session name is correct, but the session id is
changed.
My question is: why?
Thanks!
--
With best regards from Ukraine,
Andre
Skype: Francophile
Twitter: http://twitter.com/m_elensule
Facebook: http://facebook.com/menelion
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
One thing sticks out a little bit to me. In your index.php file, you're
accessing an element of the $_SESSION array, but without calling
session_start() first. I believe this may be causing the issue you are seeing.
Thanks,
Ash
http://www.ashleysheridan.co.uk
--
Sent from my Android phone with K-9 Mail. Please excuse my brevity.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session treating
Hello Ashley, One thing sticks out a little bit to me. In your index.php file, you're accessing an element of the $_SESSION array, but without calling session_start() first. I believe this may be causing the issue you are seeing. I tried using it without success. I'm having now 3 separate session IDs: 1. Before the login form is processed, 2. After the login form is processed, 3. When clicking the Articles link, on the articles.php page. -- With best regards from Ukraine, Andre Skype: Francophile My blog: http://oire.org/menelion (mostly in Russian) Twitter: http://twitter.com/m_elensule Facebook: http://facebook.com/menelion -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] Session question
Is it OK to have session_start as an include?
I have something like this:
// Session init
session_start();
function sKill() {
session_destroy();
session_unset();
header (Location: login.php);
exit();
}
function sInt() {
header (Location: login.php);
exit();
}
if (!(isset($_SESSION['sLogin']) $_SESSION['sLogin'] != '')) {
sKill();
}
// Session variables
if (!isset($_SESSION['sUser'])) { sInt(); } else { $sUser =
$_SESSION['sUser'];}
if (!isset($_SESSION['sEmail'])) { sInt(); } else { $sEmail =
$_SESSION['sEmail'];}
if (!isset($_SESSION['sType'])) { sInt(); } else { $sType =
$_SESSION['sType'];}
if (!isset($_SESSION['sTime'])) { sInt(); } else { $sTime =
$_SESSION['sTime'];}
if (!isset($_REQUEST['id'])) { $id = 0; } else { $id = $_REQUEST['id'];}
// Kill the session if the ids dont match.
if ($id != $_SESSION['id']) {
sKill();
}
// Kill the session if timeout is exceeded.
if (isset($_SESSION['LAST_ACTIVITY']) (time() -
$_SESSION['LAST_ACTIVITY'] $sTime)) {
sKill();
}
Can I just call this session.php and include it at the beginning of each file?
--
Paul Halliday
http://www.squertproject.org/
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] Session question
Paul Halliday wrote: Is it OK to have session_start as an include? Yes. -- Per Jessen, Zürich (18.1°C) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Session question
Unless your adding more code to your included file it isn't worth having it as an include as there is more typing/text involved. For management purposes also it would also look ugly if you were just having one file purely for session_start(); From: p...@computer.org Date: Tue, 17 May 2011 13:01:19 +0200 To: php-general@lists.php.net Subject: Re: [PHP] Session question Paul Halliday wrote: Is it OK to have session_start as an include? Yes. -- Per Jessen, Zürich (18.1°C) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] Session question
You can have a session start in an htaccess file. .htaccess php_value session.auto_start 1 Do not scream at me if you do not like this approach or it does not work for you. I use it and it works well for me. Simply a suggestion. Richard L. Buskirk -Original Message- From: Ross Hansen [mailto:hansen.r...@live.com.au] Sent: Tuesday, May 17, 2011 11:16 PM To: php-general@lists.php.net Subject: RE: [PHP] Session question Unless your adding more code to your included file it isn't worth having it as an include as there is more typing/text involved. For management purposes also it would also look ugly if you were just having one file purely for session_start(); From: p...@computer.org Date: Tue, 17 May 2011 13:01:19 +0200 To: php-general@lists.php.net Subject: Re: [PHP] Session question Paul Halliday wrote: Is it OK to have session_start as an include? Yes. -- Per Jessen, Zürich (18.1°C) -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
