[PHP] PHP sessions expiring early
I'm having trouble with a PHP website which requires users to be logged in to access all content other than the home page and a couple of static pages (about us, contact us etc.). Several users have said they are being logged out every few minutes whilst using the site - they can login but will be shown the login form again after a few minutes. I can't confirm this myself as the site seems to work fine for me - even using the same browser as they are and under their accounts - but I'm wondering if this could be a problem with the session settings? The current settings I have are: session.auto_start Off session.bug_compat_42 On session.bug_compat_warn On session.cache_expire180 session.cache_limiter nocache session.cookie_domain no value session.cookie_httponly Off session.cookie_lifetime 0 session.cookie_path / session.cookie_secure Off session.entropy_fileno value session.entropy_length 0 session.gc_divisor 100 session.gc_maxlifetime 3600 session.gc_probability 1 session.hash_bits_per_character 4 session.hash_function 0 session.namePHPSESSID session.referer_check no value session.save_handlerfiles session.save_path /shared/sessions session.serialize_handler php session.use_cookies On session.use_only_cookiesOff session.use_trans_sid 0 The only options I have changed from the defaults are gc_maxlifetime, gc_probability and save_path. There are several sites on the same server, some are https, others just plain http. They all use the same session options. session_start() is called once on every page. The PHP version we're running is: PHP 5.2.6-1+lenny13 with Suhosin-Patch 0.9.6.2 (cli) (built: Jul 1 2011 16:01:01). I'm aware it's an old version before anyone tells me to upgrade (it's the latest stable version in Debian Lenny). :) Potential problems I have already ruled out: 1. I don't think it's a browser problem as the users have a variety of browsers and versions (we log the user agent for each login, they're mostly IE7/8 on XP/Vista/7 with a few Chrome users), and I can't reproduce the problem using the same browsers on my machine. 2. The server time is correct. 3. The sessions aren't stored in a directory which is being regularly cleared out, such as /var/lib/php5 or /tmp. 4. The web server has permission to write to the save_path directory, and I can see session files being created. 5. No output buffering functions are being used. Can anyone suggest things which I could try? I cannot work out why this problem is happening for some users but not me. Thanks in advance. Paul -- Paul Waring http://www.phpdeveloper.org.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP sessions expiring early
On 09/07/2011 03:50 PM, Paul Waring wrote: I'm having trouble with a PHP website which requires users to be logged in to access all content other than the home page and a couple of static pages (about us, contact us etc.). Several users have said they are being logged out every few minutes whilst using the site - they can login but will be shown the login form again after a few minutes. I can't confirm this myself as the site seems to work fine for me - even using the same browser as they are and under their accounts - but I'm wondering if this could be a problem with the session settings? You have set gc_maxlifetime to 3600 seconds. How much expire time have you set? Because, every 3600 seconds, session data stored is considered as garbage and php clears them out itself. If your expiration time is more than 3600 seconds, then this will not work. You need to increase gc_maxlifetime. For the other case, I'm clueless. -- Nilesh Govindarajan http://nileshgr.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP sessions expiring early
On 07/09/11 11:47, Nilesh Govindarajan wrote: On 09/07/2011 03:50 PM, Paul Waring wrote: I'm having trouble with a PHP website which requires users to be logged in to access all content other than the home page and a couple of static pages (about us, contact us etc.). Several users have said they are being logged out every few minutes whilst using the site - they can login but will be shown the login form again after a few minutes. I can't confirm this myself as the site seems to work fine for me - even using the same browser as they are and under their accounts - but I'm wondering if this could be a problem with the session settings? You have set gc_maxlifetime to 3600 seconds. How much expire time have you set? Because, every 3600 seconds, session data stored is considered as garbage and php clears them out itself. Yes, I'm aware of that. However, users are being logged out after a few minutes, not one hour of inactivity (which is what I'd expect with 3600 seconds). If your expiration time is more than 3600 seconds, then this will not work. You need to increase gc_maxlifetime. If you mean the expiration time of the session cookie, it is set to 0, which means it shouldn't be deleted until the browser is closed (or the user logs out, at which point it is deleted immediately). Paul -- Paul Waring http://www.phpdeveloper.org.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP sessions expiring early
On 7 September 2011 11:20, Paul Waring p...@phpdeveloper.org.uk wrote: I'm having trouble with a PHP website which requires users to be logged in to access all content other than the home page and a couple of static pages (about us, contact us etc.). Several users have said they are being logged out every few minutes whilst using the site - they can login but will be shown the login form again after a few minutes. I can't confirm this myself as the site seems to work fine for me - even using the same browser as they are and under their accounts - but I'm wondering if this could be a problem with the session settings? The current settings I have are: session.auto_start Off session.bug_compat_42 On session.bug_compat_warn On session.cache_expire 180 session.cache_limiter nocache session.cookie_domain no value session.cookie_httponly Off session.cookie_lifetime 0 session.cookie_path / session.cookie_secure Off session.entropy_file no value session.entropy_length 0 session.gc_divisor 100 session.gc_maxlifetime 3600 session.gc_probability 1 session.hash_bits_per_character 4 session.hash_function 0 session.name PHPSESSID session.referer_check no value session.save_handler files session.save_path /shared/sessions session.serialize_handler php session.use_cookies On session.use_only_cookies Off session.use_trans_sid 0 The only options I have changed from the defaults are gc_maxlifetime, gc_probability and save_path. There are several sites on the same server, some are https, others just plain http. They all use the same session options. session_start() is called once on every page. The PHP version we're running is: PHP 5.2.6-1+lenny13 with Suhosin-Patch 0.9.6.2 (cli) (built: Jul 1 2011 16:01:01). I'm aware it's an old version before anyone tells me to upgrade (it's the latest stable version in Debian Lenny). :) Potential problems I have already ruled out: 1. I don't think it's a browser problem as the users have a variety of browsers and versions (we log the user agent for each login, they're mostly IE7/8 on XP/Vista/7 with a few Chrome users), and I can't reproduce the problem using the same browsers on my machine. 2. The server time is correct. 3. The sessions aren't stored in a directory which is being regularly cleared out, such as /var/lib/php5 or /tmp. 4. The web server has permission to write to the save_path directory, and I can see session files being created. 5. No output buffering functions are being used. Can anyone suggest things which I could try? I cannot work out why this problem is happening for some users but not me. Thanks in advance. Paul How do you handle multiple logins? If I login using my laptop and get Session A for my account and then I login using my desktop and get Session B for my account, does Session A get killed? Do you allow multiple, simultaneous logins per account? -- Richard Quadling Twitter : EE : Zend : PHPDoc @RQuadling : e-e.com/M_248814.html : bit.ly/9O8vFY : bit.ly/lFnVea -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP sessions expiring early
On 7 September 2011 11:20, Paul Waring p...@phpdeveloper.org.uk wrote: Can anyone suggest things which I could try? I cannot work out why this problem is happening for some users but not me. For browsers/extensions that do automatic read ahead (I load page A and linked pages B and C are also retrieved). Is the potential for cached pages to be returned for a user NOT logged in? -- Richard Quadling Twitter : EE : Zend : PHPDoc @RQuadling : e-e.com/M_248814.html : bit.ly/9O8vFY : bit.ly/lFnVea -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP sessions expiring early
Just confirm once that you are not calling session_destroy somewhere. Thanks, Vikash Kumar -- http://vika.sh On 7 September 2011 16:46, Richard Quadling rquadl...@gmail.com wrote: On 7 September 2011 11:20, Paul Waring p...@phpdeveloper.org.uk wrote: Can anyone suggest things which I could try? I cannot work out why this problem is happening for some users but not me. For browsers/extensions that do automatic read ahead (I load page A and linked pages B and C are also retrieved). Is the potential for cached pages to be returned for a user NOT logged in? -- Richard Quadling Twitter : EE : Zend : PHPDoc @RQuadling : e-e.com/M_248814.html : bit.ly/9O8vFY : bit.ly/lFnVea -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP sessions expiring early
On 07/09/11 12:15, Richard Quadling wrote: How do you handle multiple logins? If I login using my laptop and get Session A for my account and then I login using my desktop and get Session B for my account, does Session A get killed? Session A is killed, your last login is always the current one. Do you allow multiple, simultaneous logins per account? No, but then each user is accessing their account from a single machine and browser anyway (i.e. they don't switch from desktop to laptop and then back again), so we don't even have people trying to have simultaneous logins. -- Paul Waring http://www.phpdeveloper.org.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP sessions expiring early
On 07/09/11 12:20, vikash.i...@gmail.com wrote: Just confirm once that you are not calling session_destroy somewhere. The only place session_destroy is called is in the logout function, which itself is only called if a user clicks the logout link. -- Paul Waring http://www.phpdeveloper.org.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP sessions expiring early
On 07/09/11 12:16, Richard Quadling wrote: On 7 September 2011 11:20, Paul Waringp...@phpdeveloper.org.uk wrote: Can anyone suggest things which I could try? I cannot work out why this problem is happening for some users but not me. For browsers/extensions that do automatic read ahead (I load page A and linked pages B and C are also retrieved). I hadn't thought of that. However, we audit all user logins and logouts, as well as all page requests. If the browser was pre-fetching the logout page, we'd have 'user logout' entries in our logs, but the only notices we have are for users logging in. If users were being logged out because of pre-fetching, I'd expect to see each login entry have a corresponding logout entry. Is the potential for cached pages to be returned for a user NOT logged in? Any pages which a user has viewed whilst logged in shouldn't be cached, assuming the browser is respecting the headers. They are all sent with: Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 -- Paul Waring http://www.phpdeveloper.org.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP sessions expiring early
On 07/09/11 13:42, Richard Quadling wrote: On 7 September 2011 12:32, Paul Waringp...@phpdeveloper.org.uk wrote: On 07/09/11 12:16, Richard Quadling wrote: On 7 September 2011 11:20, Paul Waringp...@phpdeveloper.org.ukwrote: Can anyone suggest things which I could try? I cannot work out why this problem is happening for some users but not me. For browsers/extensions that do automatic read ahead (I load page A and linked pages B and C are also retrieved). I hadn't thought of that. However, we audit all user logins and logouts, as well as all page requests. If the browser was pre-fetching the logout page, we'd have 'user logout' entries in our logs, but the only notices we have are for users logging in. If users were being logged out because of pre-fetching, I'd expect to see each login entry have a corresponding logout entry. Is the potential for cached pages to be returned for a user NOT logged in? Any pages which a user has viewed whilst logged in shouldn't be cached, assuming the browser is respecting the headers. They are all sent with: Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0 How is your code determining if they need to be redirected back to the login page? The test is whether two $_SESSION elements are set and match ones in the database, plus whether the last page view by the user (stored in the database, updated on each request) was less than one hour ago. What changes that information? A page load changed the 'last page view time'. Nothing changes the other session data, except an explicit logout (which sets $_SESSION = array() and calls session_destroy). Can you monitor it externally? I'm not sure what you mean by 'externally'. Most of the site requires a login, so it's not possible for a third-party to monitor it if that's what you mean. -- Paul Waring http://www.phpdeveloper.org.uk -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP sessions - users being automatically logged out
I'm having trouble with a PHP site whereby some users are being logged out on a regular basis. This will usually happen after they have been using the site for a few minutes, they can login without any problems and access a few pages, but then suddenly they will request a page and be sent to the login form, which suggests that their session no longer exists. However, this doesn't affect all users - I can login and use the application without any problems, as can some other users. According to phpinfo(), the following session values are set (all are what I'd expect - either the default or something I've deliberately changed): session.auto_start = Off session.bug_compat_42 = On session.bug_compat_warn = On session.cache_expire = 180 session.cache_limiter = nocache session.cookie_domain = no value session.cookie_httponly = Off session.cookie_lifetime = 0 session.cookie_path = / session.cookie_secure = Off session.entropy_file = no value session.entropy_length = 0 session.gc_divisor = 100 session.gc_maxlifetime = 1440 session.gc_probability = 1 session.hash_bits_per_character = 4 session.hash_function = 0 session.name = PHPSESSID session.referer_check = no value session.save_handler = files session.save_path = /shared/sessions session.serialize_handler = php session.use_cookies = On session.use_only_cookies = Off session.use_trans_sid = 0 I've tried checking a few obvious things: * IP addresses - the site doesn't use the IP address as part of the authentication process, and almost all our users (including the ones experiencing problems) have static IP addresses anyway. * Number of sessions - there are between 40-60 session files on disk at any one time, so I doubt there's a maximum number of session files limit being broken, if such a configuration option exists. * Permissions - the web server user (www-data) has read/write permissions to the directory where the sessions are stored and all the files within it, and they are all owned by this user. Is there anything else obvious which could be causing the problem? This seemed to occur when we moved hosts, and I haven't changed the site's session handling code for some time, so I suspect it might be a configuration issue but can't figure out what. Thanks, Paul -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP sessions - users being automatically logged out
Inc session.cache_expire. You have only 3 minutes. This means browser will drop cookie containing session id in three minutes, or even less, of clients inactivity. I prefer to set expire-time to zero. So, browser will never forget session id. In other case, if security requires, i usually set it to 24 hours, to avoid some mystic problems, in case of misconfigured servers and/or clients TZ; they are rare. 2010/11/4, Paul Waring p...@xk7.net: I'm having trouble with a PHP site whereby some users are being logged out on a regular basis. This will usually happen after they have been using the site for a few minutes, they can login without any problems and access a few pages, but then suddenly they will request a page and be sent to the login form, which suggests that their session no longer exists. However, this doesn't affect all users - I can login and use the application without any problems, as can some other users. According to phpinfo(), the following session values are set (all are what I'd expect - either the default or something I've deliberately changed): session.auto_start = Off session.bug_compat_42 = On session.bug_compat_warn = On session.cache_expire = 180 session.cache_limiter = nocache session.cookie_domain = no value session.cookie_httponly = Off session.cookie_lifetime = 0 session.cookie_path = / session.cookie_secure = Off session.entropy_file = no value session.entropy_length = 0 session.gc_divisor = 100 session.gc_maxlifetime = 1440 session.gc_probability = 1 session.hash_bits_per_character = 4 session.hash_function = 0 session.name = PHPSESSID session.referer_check = no value session.save_handler = files session.save_path = /shared/sessions session.serialize_handler = php session.use_cookies = On session.use_only_cookies = Off session.use_trans_sid = 0 I've tried checking a few obvious things: * IP addresses - the site doesn't use the IP address as part of the authentication process, and almost all our users (including the ones experiencing problems) have static IP addresses anyway. * Number of sessions - there are between 40-60 session files on disk at any one time, so I doubt there's a maximum number of session files limit being broken, if such a configuration option exists. * Permissions - the web server user (www-data) has read/write permissions to the directory where the sessions are stored and all the files within it, and they are all owned by this user. Is there anything else obvious which could be causing the problem? This seemed to occur when we moved hosts, and I haven't changed the site's session handling code for some time, so I suspect it might be a configuration issue but can't figure out what. Thanks, Paul -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP sessions - users being automatically logged out
On 04/11/10 14:56, Alexander Holodny wrote: Inc session.cache_expire. You have only 3 minutes. This means browser will drop cookie containing session id in three minutes, or even less, of clients inactivity. According to the PHP manual: session.cache_expire specifies time-to-live for cached session pages in minutes, this has no effect for nocache limiter. So the value of session.cache_expire should be ignored, as session.cache_limiter is set to nocache. Paul -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP Sessions
Hi: I need to store variables to send then between pages. I don't need the variables in a database so I try to send them with sessions. The variables don't seem to be there when I try to get them. What could be the problem. Here are the pages where I store and retrieve the variables. Page 1 (variables stored): ?php session_start(); $_SESSION['scripture_text'] = $row_scripture['ScriptureText']; $_SESSION['scripture_ref'] = $row_scripture['ScriptureRef']; ? Page 2 (variables retrieved): ?php session_start(); include(includes/config.php); ? !DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0 Transitional//EN http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd; html xmlns=http://www.w3.org/1999/xhtml; head /head body table width=100% align=center border=0 tr td align=left?=laquo;.$_SESSION['scripture_text'].raquo;?/td /tr tr td style=font-size: smaller; align=right?=$_SESSION['scripture_ref']?/td /tr /table /body /html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Sessions
On Fri, 2010-03-12 at 19:29 -0500, Martine Osias wrote: Hi: I need to store variables to send then between pages. I don't need the variables in a database so I try to send them with sessions. The variables don't seem to be there when I try to get them. What could be the problem. Here are the pages where I store and retrieve the variables. Page 1 (variables stored): ?php session_start(); $_SESSION['scripture_text'] = $row_scripture['ScriptureText']; $_SESSION['scripture_ref'] = $row_scripture['ScriptureRef']; ? Page 2 (variables retrieved): ?php session_start(); include(includes/config.php); ? !DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0 Transitional//EN http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd; html xmlns=http://www.w3.org/1999/xhtml; head /head body table width=100% align=center border=0 tr td align=left?=laquo;.$_SESSION['scripture_text'].raquo;?/td /tr tr td style=font-size: smaller; align=right?=$_SESSION['scripture_ref']?/td /tr /table /body /html Are there any errors, either displayed or in the error log? Thanks, Ash http://www.ashleysheridan.co.uk
Re: [PHP] PHP Sessions
Martine Osias wrote: Hi: I need to store variables to send then between pages. I don't need the variables in a database so I try to send them with sessions. The variables don't seem to be there when I try to get them. What could be the problem. Here are the pages where I store and retrieve the variables. Page 1 (variables stored): ?php session_start(); $_SESSION['scripture_text'] = $row_scripture['ScriptureText']; $_SESSION['scripture_ref'] = $row_scripture['ScriptureRef']; Do sessions work at all? Something simple, like ?php //a.php session_start(); $_SESSION['test']=foo; echo 'a href=b.phpClick me/a'; ? ?php //b.php session_start(); echo $_SESSION['test']; // should say foo ? * ... would be a good 1st test. If that works, I'd suspect that $row_scripture['ScriptureText'] and friends are empty. If it doesn't, I'd suspect a combination of very strict browser privacy settings (disallow all cookies) with lame server config (use_only_cookies), or that session support is missing or disabled. HTH, KDK -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Sessions
Forgot to mention, you could check into the privacy vs. server settings by doing: session_start(); echo session_id(); on both pages. If they're different, then this is the problem. KDK -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Sessions
Hello Martine, Try to make on the second page a print_r ($_SESSION); -- With best regards from Ukraine, Andre Skype: Francophile; WlmMSN: arthaelon @ yandex.ru; Jabber: arthaelon @ jabber.org Yahoo! messenger: andre.polykanine; ICQ: 191749952 Twitter: m_elensule - Original message - From: Martine Osias webi...@gmail.com To: php-general@lists.php.net php-general@lists.php.net Date: Saturday, March 13, 2010, 2:29:41 AM Subject: [PHP] PHP Sessions Hi: I need to store variables to send then between pages. I don't need the variables in a database so I try to send them with sessions. The variables don't seem to be there when I try to get them. What could be the problem. Here are the pages where I store and retrieve the variables. Page 1 (variables stored): ?php session_start(); $_SESSION['scripture_text'] = $row_scripture['ScriptureText']; $_SESSION['scripture_ref'] = $row_scripture['ScriptureRef']; ? Page 2 (variables retrieved): ?php session_start(); include(includes/config.php); ? !DOCTYPE html PUBLIC -//W3C//DTD XHTML 1.0 Transitional//EN http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd; html xmlns=http://www.w3.org/1999/xhtml; head /head body table width=100% align=center border=0 tr td align=left?=laquo;.$_SESSION['scripture_text'].raquo;?/td /tr tr td style=font-size: smaller; align=right?=$_SESSION['scripture_ref']?/td /tr /table /body /html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP sessions, AJAX, authentication and security.
Hi all. A question about PHP sessions and their interaction with AJAX. I have a database containing sensitive information and users need to log in to my PHP script and be authenticated before they are granted access. For one of the forms I would like to retrieve information using AJAX, and some of that information is sensitive also. The request from AJAX is handled by another, simpler PHP script. It occurs to me that the AJAX handler could be used to bypass the user authentication and a crafted request sent directly to the AJAX handler to get information without authentication. Can anyone offer some advice about how to piggy-back the session/authentication data that the user originally used to the AJAX so that only an authenticated user will get a valid response from the AJAX handler? I know I could embed authentication information into the web-page and send this with the AJAX request but I'm interested to know if there are other methods also. I hope the explanation is clear. Thanks in advance.
Re: [PHP] PHP sessions, AJAX, authentication and security.
You could use a one time token on each request Bastien Sent from my iPod On Nov 21, 2009, at 6:30 AM, Angus Mann angusm...@pobox.com wrote: Hi all. A question about PHP sessions and their interaction with AJAX. I have a database containing sensitive information and users need to log in to my PHP script and be authenticated before they are granted access. For one of the forms I would like to retrieve information using AJAX, and some of that information is sensitive also. The request from AJAX is handled by another, simpler PHP script. It occurs to me that the AJAX handler could be used to bypass the user authentication and a crafted request sent directly to the AJAX handler to get information without authentication. Can anyone offer some advice about how to piggy-back the session/ authentication data that the user originally used to the AJAX so that only an authenticated user will get a valid response from the AJAX handler? I know I could embed authentication information into the web-page and send this with the AJAX request but I'm interested to know if there are other methods also. I hope the explanation is clear. Thanks in advance. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP sessions, AJAX, authentication and security.
At 9:30 PM +1000 11/21/09, Angus Mann wrote: Hi all. A question about PHP sessions and their interaction with AJAX. I have a database containing sensitive information and users need to log in to my PHP script and be authenticated before they are granted access. For one of the forms I would like to retrieve information using AJAX, and some of that information is sensitive also. The request from AJAX is handled by another, simpler PHP script. It occurs to me that the AJAX handler could be used to bypass the user authentication and a crafted request sent directly to the AJAX handler to get information without authentication. Can anyone offer some advice about how to piggy-back the session/authentication data that the user originally used to the AJAX so that only an authenticated user will get a valid response from the AJAX handler? I know I could embed authentication information into the web-page and send this with the AJAX request but I'm interested to know if there are other methods also. I hope the explanation is clear. Thanks in advance. Angus: First, don't trust anything that comes from the client -- period. Second, Ajax is just another way to send stuff to the server. When the data gets to the server then authenticate and set a session variable to indicate such. This is not rocket science, but if you don't do it right you'll leave a crater. Cheers, tedd -- --- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP sessions possibly eating up inodes
PHP List, Recently, my web hosting server has been maxing out it's alloted hard drive space. It turns out that there are no single large files, but that I have been maxing out my inode usage. Not being a Unix expert, I have a limited understanding of inodes, but it seems they are related to files and, essentially, more files being written to by active process creates more inodes. I've eliminated log files and email spools as possible causes, and now I think the next most likely cause is PHP sessions not being properly cleared. This was suggested to me by my web hosting services support staff. It seems likely because a lot of PHP code that I wrote while early in the process of learning PHP is still in use, and so it is easy to believe that I had not properly cleared sessions. Actually, I thought sessions timed out and cleared automatically, so I erroneously haven't set up any specific cache clearing protocols. Anyway, I have now begun adding the following code to my scripts: $_SESSION = array(); session_unset(); session_destroy(); But, it seems that inodes related to earlier, not properly destroyed sessions might still be lingering. Is there a way I can: 1. Verify that sessions are in fact the cause of inodes being created? 2. Destroy them? Thank you for any advice. -- Dave M G -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php sessions and Google
On 6/7/06, tedd [EMAIL PROTECTED] wrote: Can someone shed some light on this for me? How can one do sessions and make Google bots happy? I think what they're getting at is don't use session id's unless they're logged in. -- Anthony Ettinger Signature: http://chovy.dyndns.org/hcard.html -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php sessions and Google (Solved)
At 12:47 PM +1000 6/8/06, Chris wrote: tedd wrote: At 10:56 AM +1000 6/8/06, Chris wrote: tedd wrote: Hi gang: I've read that php sessions can create problems for Google bots. -snip- Chris: Thanks -- after your lead, I found that my site's session.use_trans_sid was turned off by default. So, it wasn't the problem I thought it might have been. So your page urls don't automatically append the session id to the end? I might have the wrong variable name so if you're still seeing them, I obviously have it wrong... No, you're right and my url's are clean of SID's -- they always have been, that was the default. The problem I was trying to figure out was how the use of SID's cause SE's to fail and how that works. I figured that once I understand how that worked, then I could keep from doing it. I just needed to see for myself what it was. You know, one of my wonder why this works studies. While the problem wasn't present for me, which at the start of this I wasn't sure about, I did learn how it works and why SE's have problems with indexing url's that have ? in them. For those interested in this thread, this is what I believe is happening. If you have a web page that uses SID's in it's url, then it appears to a SE as something like this (using one of my sites as an example): http://ancientstones.com?PHPSESSID=1234 and not like: http://ancientstones.com/ So the SE grabs the page with the SID. The next time it travels your site, it see's: http://ancientstones.com?PHPSESSID=5678 and grabs that page. After a while, Google has numerous duplicate pages and has to pick one to be representative of your site and store all the others into it's supplemental index. Now when Google determines PageRank for your site, it does so by calculating how many sites link to your site (simple version). If Google has picked: http://ancientstones.com?PHPSESSID=5678 to be THE representative for your site, then you're sunk because no one uses a SID in their link to your site. Your site will always have a PR of 0 -- as it is with the referenced site. While the site ranks very high (currently #1) in a Google search for Custom Tile Medallions, it has a PR of 0. I was trying to figure out what was happening and if there was something I was doing in using php caused the low PR. I found that PHP wasn't the problem -- and now I know that. At least, that's the way I understand what's going on -- if I'm mistaken, please correct me. tedd -- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] php sessions and Google
Hi gang: I've read that php sessions can create problems for Google bots. For example, the following was taken from a Google Web Master Help Center: -- Quote -- Allow search bots to crawl your sites without session IDs or arguments that track their path through the site. These techniques are useful for tracking individual user behavior, but the access pattern of bots is entirely different. Using these techniques may result in incomplete indexing of your site, as bots may not be able to eliminate URLs that look different but actually point to the same page. -- Un-quote -- http://www.google.com/support/webmasters/bin/answer.py?answer=35770 I've also seen a comment here: http://www.weberdev.com/get_example-3431.html But, I'm not following what's happening. Can someone shed some light on this for me? How can one do sessions and make Google bots happy? Thanks in advance for any comments or suggestions. tedd -- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php sessions and Google
tedd wrote: Hi gang: I've read that php sessions can create problems for Google bots. For example, the following was taken from a Google Web Master Help Center: -- Quote -- Allow search bots to crawl your sites without session IDs or arguments that track their path through the site. These techniques are useful for tracking individual user behavior, but the access pattern of bots is entirely different. Using these techniques may result in incomplete indexing of your site, as bots may not be able to eliminate URLs that look different but actually point to the same page. -- Un-quote -- http://www.google.com/support/webmasters/bin/answer.py?answer=35770 I've also seen a comment here: http://www.weberdev.com/get_example-3431.html But, I'm not following what's happening. Can someone shed some light on this for me? How can one do sessions and make Google bots happy? use_trans_sid (I think) will append the sessionid to all pages, so instead of: /page.php it will become /page.php?PHPSESSID=x much the same as if you do: ?php echo '/page.php?' . SID; ? Bots don't like that, so where possible turn use_trans_sid off (check manual about when/how you can do this). -- Postgresql php tutorials http://www.designmagick.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php sessions and Google
At 10:56 AM +1000 6/8/06, Chris wrote: tedd wrote: Hi gang: I've read that php sessions can create problems for Google bots. For example, the following was taken from a Google Web Master Help Center: -- Quote -- Allow search bots to crawl your sites without session IDs or arguments that track their path through the site. These techniques are useful for tracking individual user behavior, but the access pattern of bots is entirely different. Using these techniques may result in incomplete indexing of your site, as bots may not be able to eliminate URLs that look different but actually point to the same page. -- Un-quote -- http://www.google.com/support/webmasters/bin/answer.py?answer=35770 I've also seen a comment here: http://www.weberdev.com/get_example-3431.html But, I'm not following what's happening. Can someone shed some light on this for me? How can one do sessions and make Google bots happy? use_trans_sid (I think) will append the sessionid to all pages, so instead of: /page.php it will become /page.php?PHPSESSID=x much the same as if you do: ?php echo '/page.php?' . SID; ? Bots don't like that, so where possible turn use_trans_sid off (check manual about when/how you can do this). Chris: Thanks -- after your lead, I found that my site's session.use_trans_sid was turned off by default. So, it wasn't the problem I thought it might have been. Thanks again. tedd -- http://sperling.com http://ancientstones.com http://earthstones.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php sessions and Google
tedd wrote: At 10:56 AM +1000 6/8/06, Chris wrote: tedd wrote: Hi gang: I've read that php sessions can create problems for Google bots. For example, the following was taken from a Google Web Master Help Center: -- Quote -- Allow search bots to crawl your sites without session IDs or arguments that track their path through the site. These techniques are useful for tracking individual user behavior, but the access pattern of bots is entirely different. Using these techniques may result in incomplete indexing of your site, as bots may not be able to eliminate URLs that look different but actually point to the same page. -- Un-quote -- http://www.google.com/support/webmasters/bin/answer.py?answer=35770 I've also seen a comment here: http://www.weberdev.com/get_example-3431.html But, I'm not following what's happening. Can someone shed some light on this for me? How can one do sessions and make Google bots happy? use_trans_sid (I think) will append the sessionid to all pages, so instead of: /page.php it will become /page.php?PHPSESSID=x much the same as if you do: ?php echo '/page.php?' . SID; ? Bots don't like that, so where possible turn use_trans_sid off (check manual about when/how you can do this). Chris: Thanks -- after your lead, I found that my site's session.use_trans_sid was turned off by default. So, it wasn't the problem I thought it might have been. So your page urls don't automatically append the session id to the end? I might have the wrong variable name so if you're still seeing them, I obviously have it wrong... -- Postgresql php tutorials http://www.designmagick.com/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php, sessions and ie
Thanks for the information On 4/4/06, Chrome [EMAIL PROTECTED] wrote: I let GC and cookie expiration handle ending the session... The cookie was only set for 15 minutes Dan --- http://chrome.me.uk -Original Message- From: Dallas Cahker [mailto:[EMAIL PROTECTED] Sent: 04 April 2006 19:41 To: php-general@lists.php.net Subject: Re: [PHP] php, sessions and ie How are you destroying the sessions if they leave the site (dont logout). do you check on activity or something else? On 4/4/06, Dan Parry [EMAIL PROTECTED] wrote: I have had some issues with sessions and IE in the past and used the following code to start the session ?php if (isset($SessID)){ session_id($SessID); } session_start(); header(Cache-control: private); // IE 6 Fix. setcookie(SessID, session_id(), time() + 60 * 15); ? Now, though, I always use a DB to store sessions... Much nicer HTH Dan - Dan Parry Senior Developer Virtua Webtech Ltd http://www.virtuawebtech.co.uk -Original Message- From: Dallas Cahker [mailto:[EMAIL PROTECTED] Sent: 04 April 2006 16:19 To: php-general@lists.php.net Subject: [PHP] php, sessions and ie I've been hearing some of my friends saying there is an issue with Session in PHP and IE having problems with them. Is that true? If it is how do people get around this? Session information saved to db? Session id in cookie? __ NOD32 1.1454 (20060321) Information __ This message was checked by NOD32 antivirus system. http://www.eset.com
[PHP] php, sessions and ie
I've been hearing some of my friends saying there is an issue with Session in PHP and IE having problems with them. Is that true? If it is how do people get around this? Session information saved to db? Session id in cookie?
Re: [PHP] php, sessions and ie
I used to use a database table which housed their information, and their cookie housed their sessionID that the server assigned them when they logged in. Grabbing the sessionID only from the cookie (and their IP) I was able to log most people in (even dynamic IPs don't change THAT often). For those whom were dealing with a changed IP, the system had them verify just their password. Wrong password dumped them back out and asked for full login information. no browser issues at the time. Wolf Dallas Cahker wrote: I've been hearing some of my friends saying there is an issue with Session in PHP and IE having problems with them. Is that true? If it is how do people get around this? Session information saved to db? Session id in cookie? -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] php, sessions and ie
I have had some issues with sessions and IE in the past and used the following code to start the session ?php if (isset($SessID)){ session_id($SessID); } session_start(); header(Cache-control: private); // IE 6 Fix. setcookie(SessID, session_id(), time() + 60 * 15); ? Now, though, I always use a DB to store sessions... Much nicer HTH Dan - Dan Parry Senior Developer Virtua Webtech Ltd http://www.virtuawebtech.co.uk -Original Message- From: Dallas Cahker [mailto:[EMAIL PROTECTED] Sent: 04 April 2006 16:19 To: php-general@lists.php.net Subject: [PHP] php, sessions and ie I've been hearing some of my friends saying there is an issue with Session in PHP and IE having problems with them. Is that true? If it is how do people get around this? Session information saved to db? Session id in cookie? __ NOD32 1.1454 (20060321) Information __ This message was checked by NOD32 antivirus system. http://www.eset.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php, sessions and ie
How are you destroying the sessions if they leave the site (dont logout). do you check on activity or something else? On 4/4/06, Dan Parry [EMAIL PROTECTED] wrote: I have had some issues with sessions and IE in the past and used the following code to start the session ?php if (isset($SessID)){ session_id($SessID); } session_start(); header(Cache-control: private); // IE 6 Fix. setcookie(SessID, session_id(), time() + 60 * 15); ? Now, though, I always use a DB to store sessions... Much nicer HTH Dan - Dan Parry Senior Developer Virtua Webtech Ltd http://www.virtuawebtech.co.uk -Original Message- From: Dallas Cahker [mailto:[EMAIL PROTECTED] Sent: 04 April 2006 16:19 To: php-general@lists.php.net Subject: [PHP] php, sessions and ie I've been hearing some of my friends saying there is an issue with Session in PHP and IE having problems with them. Is that true? If it is how do people get around this? Session information saved to db? Session id in cookie? __ NOD32 1.1454 (20060321) Information __ This message was checked by NOD32 antivirus system. http://www.eset.com
RE: [PHP] php, sessions and ie
I let GC and cookie expiration handle ending the session... The cookie was only set for 15 minutes Dan --- http://chrome.me.uk -Original Message- From: Dallas Cahker [mailto:[EMAIL PROTECTED] Sent: 04 April 2006 19:41 To: php-general@lists.php.net Subject: Re: [PHP] php, sessions and ie How are you destroying the sessions if they leave the site (dont logout). do you check on activity or something else? On 4/4/06, Dan Parry [EMAIL PROTECTED] wrote: I have had some issues with sessions and IE in the past and used the following code to start the session ?php if (isset($SessID)){ session_id($SessID); } session_start(); header(Cache-control: private); // IE 6 Fix. setcookie(SessID, session_id(), time() + 60 * 15); ? Now, though, I always use a DB to store sessions... Much nicer HTH Dan - Dan Parry Senior Developer Virtua Webtech Ltd http://www.virtuawebtech.co.uk -Original Message- From: Dallas Cahker [mailto:[EMAIL PROTECTED] Sent: 04 April 2006 16:19 To: php-general@lists.php.net Subject: [PHP] php, sessions and ie I've been hearing some of my friends saying there is an issue with Session in PHP and IE having problems with them. Is that true? If it is how do people get around this? Session information saved to db? Session id in cookie? __ NOD32 1.1454 (20060321) Information __ This message was checked by NOD32 antivirus system. http://www.eset.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP Sessions
hello, i recently started using PHP's sessions. i am finding that the sessions seem to expire after 20 or 30 minutes -- or, at least the variables which i set, within $_SESSION, are getting cleared after this relatively short amount of time. before calling session_start(), i do a few initializations: ini_set('session.use_cookies', 1); ini_set('session.use_trans_sid', 0); ini_set('session.save_handler', 'files'); ini_set('session.serialize_handler', 'php'); ini_set('session.name', 'session-id'); i am not setting the 'session.cache_expire' INI variable, and even did a check to make sure it was not being modified, and i found that it contains the default value of 180 (minutes). furthermore, the *cookie* is not expiring. i've also checked 'session.cookie_lifetime', and it is 0 (zero, for until browser is closed). i've also checked the browser's cookie list, and the cookie is still around at the time that i lose my session variables. does anyone have any ideas as to why i may be losing my session variables so early? thank you! -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Sessions
Chris Wagner wrote: i recently started using PHP's sessions. i am finding that the sessions seem to expire after 20 or 30 minutes -- or, at least the variables which i set, within $_SESSION, are getting cleared after this relatively short amount of time. before calling session_start(), i do a few initializations: ini_set('session.use_cookies', 1); ini_set('session.use_trans_sid', 0); ini_set('session.save_handler', 'files'); ini_set('session.serialize_handler', 'php'); ini_set('session.name', 'session-id'); i am not setting the 'session.cache_expire' INI variable, and even did a check to make sure it was not being modified, and i found that it contains the default value of 180 (minutes). furthermore, the *cookie* is not expiring. i've also checked 'session.cookie_lifetime', and it is 0 (zero, for until browser is closed). i've also checked the browser's cookie list, and the cookie is still around at the time that i lose my session variables. does anyone have any ideas as to why i may be losing my session variables so early? Check session.gc_lifetime or similar. That is the garbage collection routine that goes through and deletes any session data files (in /tmp or wherever your setup puts them) that are older than that config setting value. -- Jasper Bryant-Greene Freelance web developer http://jasper.bryant-greene.name/ If you find my advice useful, please consider donating to a poor student! You can choose whatever amount you think my advice was worth to you. http://tinyurl.com/7oa5s -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP Sessions?
Hi everyone, I am trying to work with the idea of sessions in PHP. Basically I have a self-processing script called index.php but somehow I keep losing my session variable, it works the first time around but when I call it the second time around its gone? I do not reset the variable or destroy the session are there any other reasons why this might occur? The basic layout of the script is this(note this is not the full script, I've just posted the relevant code and left out the other stuff.) ?php if($_POST[username]==rory){//if user logs in as rory start session session_start(); header(Cache-control: private); $_SESSION['loggedin'] = yes; } /*It enters the first time but when I call the script again from the form below this one the session variable is empty?*/ if(strlen($_SESSION['loggedin'])2){ if($_POST[verify]==yes){ die(test); $CONTENT .= font color = \red\Your changes have been made./fontbr; } $CONTENT = You are currently logged in as .$_POST[username]. form action=\index.php\ method=\POST\ input type=\submit\ value=\Log out\ / input type=\hidden\ name=\logout\ value=\yes\//form hrIf you would like to change the text on the main page please click here a href=\index.php?page=$PAGE_TITLEaction=edit\font color=\blue\Edit intro page/afont color =\#136863\hrh3File Upload./h1hr Any files will appear in the 'students' page of the website. Files that uploaded here are not availablre to the public and can only be acccessed by students who have logged in. Because of security issues only well know file types such as word, acrobat and text files are legible for upload. form enctype=\multipart/form-data\ action=\index.php\ method=\POST\ !-- MAX_FILE_SIZE must precede the file input field -- input type=\hidden\ name=\MAX_FILE_SIZE\ value=\3\ / !-- Name of input element determines name in $_FILES array -- Send this file: input name=\userfile\ type=\file\ / input type=\submit\ value=\Upload\ / input type=\hidden\ name=\arg1\ value=\yes\ /form; } if ($action == edit) /*when user submits this is should call teh script again and enter the test above but it doesn't?*/ { $CONTENT = form method=\post\ action=\index.php\ textarea name=\content\ cols=\60\ rows=\20\$CONTENT/textarea input type=\hidden\ name=\page\ value=\$PAGE_TITLE\ /br/ input type=\submit\ value=\$DONE_BUTTON\ / input type=\hidden\ name=\verify\ value=\yes\//form; } Cheers, Rory. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] PHP Sessions?
rory walsh mailto:[EMAIL PROTECTED] on Wednesday, March 02, 2005 11:19 AM said: ?php if($_POST[username]==rory){//if user logs in as rory start session session_start(); header(Cache-control: private); $_SESSION['loggedin'] = yes; } Put session_start(); at the *very* beginning of your script. See if that helps. Chris. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Sessions?
The problem there is that I have to test if the user has logged on so I need to include the if statement? Can the session_start not be called from within an if statement? Does it really have to be the very first thing in the script, if so I imagine that this means a single script cannot be used to manage a complete website? Chris W. Parker wrote: rory walsh mailto:[EMAIL PROTECTED] on Wednesday, March 02, 2005 11:19 AM said: ?php if($_POST[username]==rory){//if user logs in as rory start session session_start(); header(Cache-control: private); $_SESSION['loggedin'] = yes; } Put session_start(); at the *very* beginning of your script. See if that helps. Chris. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] PHP Sessions?
rory walsh mailto:[EMAIL PROTECTED] on Wednesday, March 02, 2005 1:26 PM said: The problem there is that I have to test if the user has logged on so I need to include the if statement? Can the session_start not be called from within an if statement? Does it really have to be the very first thing in the script, if so I imagine that this means a single script cannot be used to manage a complete website? No session_start(); can go anywhere. It's just that it appears that your logic is setup in such a way that session_start(); is not being called when you need it be. By putting it before everything else you can avoid this. And as well, is there a reason you wouldn't want to just start the session at the beginning of the page? I mean, why wait till the user has submitted the form to start the session? Chris. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Sessions?
Yes I see what you mean. I only wanted to start a session IF the user logged in, but I see your point, the session can be started as soon as anyone opens the main page. I'll give it a go and see if that helps, cheers, Rory. Chris W. Parker wrote: rory walsh mailto:[EMAIL PROTECTED] on Wednesday, March 02, 2005 1:26 PM said: The problem there is that I have to test if the user has logged on so I need to include the if statement? Can the session_start not be called from within an if statement? Does it really have to be the very first thing in the script, if so I imagine that this means a single script cannot be used to manage a complete website? No session_start(); can go anywhere. It's just that it appears that your logic is setup in such a way that session_start(); is not being called when you need it be. By putting it before everything else you can avoid this. And as well, is there a reason you wouldn't want to just start the session at the beginning of the page? I mean, why wait till the user has submitted the form to start the session? Chris. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Sessions?
rory walsh wrote: The problem there is that I have to test if the user has logged on so I need to include the if statement? there are 2 tests to do: 1. check to see whether the user is logged on already 2. check to see whether the user is trying to log on Can the session_start not be called from within an if statement? not really, well you can but I can't think of any reason that you would want to conditionally start the session. Does it really have to be the very first thing in the script, you have to call it before you use the session (i.e. data stored in it). if so I imagine that this means a single script cannot be used to manage a complete website? it can. maybe if I rewrite you code a little it will help you understand: ?php session_start(); // always start the session. // you want something more secure as a login procedure! if($_POST[username]==rory) { // if user logs in as rory // then mark the user as logged in // in the session $_SESSION['loggedin'] = yes; } if ($_SESSION['loggedin'] == yes) { header(Cache-control: private); } Chris W. Parker wrote: rory walsh mailto:[EMAIL PROTECTED] on Wednesday, March 02, 2005 11:19 AM said: ?php if($_POST[username]==rory){//if user logs in as rory start session session_start(); header(Cache-control: private); $_SESSION['loggedin'] = yes; } Put session_start(); at the *very* beginning of your script. See if that helps. Chris. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Sessions?
Thanks everyone, I'm getting closer. The only problem I have not is that I keep entering that test, I modified it to change the session variable once we enter the test but it somehow does not seem to change it? This is the code, if(strlen($_SESSION['loggedin']==yes)){ $_SESSION['loggedin']=no; $CONTENT = You are currently logged in as .$_POST[username]. form action=\index.php\ method=\POST\ input type=\submit\ value=\Log out\ / input type=\hidden\ name=\logout\ value=\yes\//form hrIf you would like to change the text on the main page please click here a href=\index.php?action=edit\font color=\blue\Edit intro page/afont color =\#136863\hrh3File Upload./h1hr Any files will appear in the 'students' page of the website. Files that uploaded here are not availablre to the public and can only be acccessed by students who have logged in. Because of security issues only well know file types such as word, acrobat and text files are legible for upload. form enctype=\multipart/form-data\ action=\index.php\ method=\POST\ !-- MAX_FILE_SIZE must precede the file input field -- input type=\hidden\ name=\MAX_FILE_SIZE\ value=\3\ / !-- Name of input element determines name in $_FILES array -- Send this file: input name=\userfile\ type=\file\ / input type=\submit\ value=\Upload\ / input type=\hidden\ name=\arg1\ value=\yes\ /form; } When I click the logout button it works fine, but when I click on the link inside the page it simply reloads the same page as if the session variable has not changed at all? If I link to a page like this does it call the script again, or does this need to be done with a form submit? I must apologise for my lack of knowledge here! I program in other languages and as a result I have that I can get really deep in code I don't understand very fast! Rory Walsh wrote: Yes I see what you mean. I only wanted to start a session IF the user logged in, but I see your point, the session can be started as soon as anyone opens the main page. I'll give it a go and see if that helps, cheers, Rory. Chris W. Parker wrote: rory walsh mailto:[EMAIL PROTECTED] on Wednesday, March 02, 2005 1:26 PM said: The problem there is that I have to test if the user has logged on so I need to include the if statement? Can the session_start not be called from within an if statement? Does it really have to be the very first thing in the script, if so I imagine that this means a single script cannot be used to manage a complete website? No session_start(); can go anywhere. It's just that it appears that your logic is setup in such a way that session_start(); is not being called when you need it be. By putting it before everything else you can avoid this. And as well, is there a reason you wouldn't want to just start the session at the beginning of the page? I mean, why wait till the user has submitted the form to start the session? Chris. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] PHP Sessions?
rory walsh mailto:[EMAIL PROTECTED] on Wednesday, March 02, 2005 2:08 PM said: Thanks everyone, I'm getting closer. The only problem I have not is that I keep entering that test, I modified it to change the session variable once we enter the test but it somehow does not seem to change it? This is the code, Immediately I see: if(strlen($_SESSION['loggedin']==yes)){ That doesn't make sense. Do you mean?: if($_SESSION['loggedin'] == yes) { And the next line: $_SESSION['loggedin']=no; Why are you reversing the value of 'loggedin'? Once the person is logged in shouldn't they stay that way until session timeout or they log out? When I click the logout button it works fine, but when I click on the link inside the page it simply reloads the same page as if the session variable has not changed at all? If I link to a page like this does it call the script again, or does this need to be done with a form submit? I must apologise for my lack of knowledge here! I program in other languages and as a result I have that I can get really deep in code I don't understand very fast! Maybe you've already stated this in a previous email and I just don't remember, what exactly is it that you're trying to accomplish? Chris. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Sessions?
Sorry bout that little mistake. You right I mean to check to see if $_SESSION['loggedin'] == yes; That doesn't make a difference as it turns out. The reason that I immediately change this is that I want the content of the page to change, and in order to do that I want to stop it from going into this code? Actually I am not going to do this, I will use another variable, but by setting $_SESSION['loggedin'] to 'no' it should not go into this test, but it somehow does? Is it to do with the link: a href=\index.php?action=edit\ does this call the script again, just as an action=script.php in a form would? Cheers for the help on this. Chris W. Parker wrote: rory walsh mailto:[EMAIL PROTECTED] on Wednesday, March 02, 2005 2:08 PM said: Thanks everyone, I'm getting closer. The only problem I have not is that I keep entering that test, I modified it to change the session variable once we enter the test but it somehow does not seem to change it? This is the code, Immediately I see: if(strlen($_SESSION['loggedin']==yes)){ That doesn't make sense. Do you mean?: if($_SESSION['loggedin'] == yes) { And the next line: $_SESSION['loggedin']=no; Why are you reversing the value of 'loggedin'? Once the person is logged in shouldn't they stay that way until session timeout or they log out? When I click the logout button it works fine, but when I click on the link inside the page it simply reloads the same page as if the session variable has not changed at all? If I link to a page like this does it call the script again, or does this need to be done with a form submit? I must apologise for my lack of knowledge here! I program in other languages and as a result I have that I can get really deep in code I don't understand very fast! Maybe you've already stated this in a previous email and I just don't remember, what exactly is it that you're trying to accomplish? Chris. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] PHP Sessions?
rory walsh mailto:[EMAIL PROTECTED] on Wednesday, March 02, 2005 2:38 PM said: Is it to do with the link: a href=\index.php?action=edit\ does this call the script again, just as an action=script.php in a form would? Cheers for the help on this. Yes it does. But it doesn't erase the session values (it seems that's what you think is happening?). I think what you need to do (I do this sometimes too) is start from scratch and create a very basic test page that works as expected. Then slowly add in the features you want. It'll give you a much greater understanding of how things work and where you're going wrong. Sure it's tedious but it'll help you in the long run. Here is a good base to start with: ?php session_start(); if(isset($_GET['var']) !empty($_GET['var'])) { $_SESSION['myVariable'] = from form; } else { $_SESSION['myVariable'] = direct request; } print_r($_SESSION); ? hth, Chris. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Sessions?
Yeah your right, I'm trying to walk before I can crawl! Cheers for the help, Rory. Chris W. Parker wrote: rory walsh mailto:[EMAIL PROTECTED] on Wednesday, March 02, 2005 2:08 PM said: Thanks everyone, I'm getting closer. The only problem I have not is that I keep entering that test, I modified it to change the session variable once we enter the test but it somehow does not seem to change it? This is the code, Immediately I see: if(strlen($_SESSION['loggedin']==yes)){ That doesn't make sense. Do you mean?: if($_SESSION['loggedin'] == yes) { And the next line: $_SESSION['loggedin']=no; Why are you reversing the value of 'loggedin'? Once the person is logged in shouldn't they stay that way until session timeout or they log out? When I click the logout button it works fine, but when I click on the link inside the page it simply reloads the same page as if the session variable has not changed at all? If I link to a page like this does it call the script again, or does this need to be done with a form submit? I must apologise for my lack of knowledge here! I program in other languages and as a result I have that I can get really deep in code I don't understand very fast! Maybe you've already stated this in a previous email and I just don't remember, what exactly is it that you're trying to accomplish? Chris. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] php sessions question
in a page checkuser i do this after the user is logged in: PHP Code // Register some session variables! session_register('userid'); $_SESSION['userid'] = $userid; session_register('first_name'); $_SESSION['first_name'] = $first_name; session_register('last_name'); $_SESSION['last_name'] = $last_name; session_register('email_address'); $_SESSION['email_address'] = $email_address; session_register('user_level'); $_SESSION['user_level'] = $user_level; Now let's say user 1 logs in, his session is registered (with userid from database is 5 and first_name is XXX) Then another user logs in, again his session is registered (with userid from database is 1 and first_name is YYY) Now user 1 leaves the pages (closes the browser) and user 2 uploads a document (with my own script). When the document is succesfully uploaded i display this: PHP Code echo ($_SESSION['first_name'])., the document has been succesfully added; echo ($_SESSION['userid']); This results in the folowing output: YYY, the document has been succesfully added 5 Meaning the $_SESSION['first_name'] is correct, but the $_SESSION['userid'] is the one of the user who logged out... Now when using user_id in all places it seems to work correctly... Is userid something that is defined by the server when making sessions? If not, i don't have any clue what is going wrong... Can someone help me on this? So i know what is wrong? Thx in advance Pout -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php sessions question
Reinhart Viane wrote: in a page checkuser i do this after the user is logged in: PHP Code // Register some session variables! session_register('userid'); $_SESSION['userid'] = $userid; session_register('first_name'); $_SESSION['first_name'] = $first_name; session_register('last_name'); $_SESSION['last_name'] = $last_name; session_register('email_address'); $_SESSION['email_address'] = $email_address; session_register('user_level'); $_SESSION['user_level'] = $user_level; You should only save the userId in the session, everything else should be retrieved from your database using that id. Now let's say user 1 logs in, his session is registered (with userid from database is 5 and first_name is XXX) Then another user logs in, again his session is registered (with userid from database is 1 and first_name is YYY) Are both user's in the same computer? then there may be a question about the old cookie being sent back to the server (if it's expiration time has not been exceeded). If the users are not using the same computer the chances are you have a bug in your code. Now user 1 leaves the pages (closes the browser) and user 2 uploads a document (with my own script). When the document is succesfully uploaded i display this: PHP Code echo ($_SESSION['first_name'])., the document has been succesfully added; echo ($_SESSION['userid']); This results in the folowing output: YYY, the document has been succesfully added 5 Meaning the $_SESSION['first_name'] is correct, but the $_SESSION['userid'] is the one of the user who logged out... Now when using user_id in all places it seems to work correctly... Is userid something that is defined by the server when making sessions? no. If not, i don't have any clue what is going wrong... Can someone help me on this? So i know what is wrong? Thx in advance Pout -- Raditha Dissanayake. http://www.radinks.com/sftp/ | http://www.raditha.com/megaupload Lean and mean Secure FTP applet with | Mega Upload - PHP file uploader Graphical User Inteface. Just 128 KB | with progress bar. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php sessions question
In message [EMAIL PROTECTED], raditha dissanayake [EMAIL PROTECTED] writes Reinhart Viane wrote: in a page checkuser i do this after the user is logged in: PHP Code // Register some session variables! session_register('userid'); $_SESSION['userid'] = $userid; session_register('first_name'); $_SESSION['first_name'] = $first_name; session_register('last_name'); $_SESSION['last_name'] = $last_name; session_register('email_address'); $_SESSION['email_address'] = $email_address; session_register('user_level'); $_SESSION['user_level'] = $user_level; You should only save the userId in the session, everything else should be retrieved from your database using that id. I normally do as you have suggested here - but why do you suggest that this method is better? -- Pete Clark -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php sessions question
Pete wrote: You should only save the userId in the session, everything else should be retrieved from your database using that id. I normally do as you have suggested here - but why do you suggest that this method is better? One reason is for security. You cannot ever rule out the possibility of a user injecting someone else's data into the session to get access to information that he should not have. Of course he can fake the userid too. That's why each time you retrieve the userid from the session you should check if that id has been logged in. I do this (so do many others) by keeping two column table with session id and userid in it. -- Raditha Dissanayake. http://www.radinks.com/sftp/ | http://www.raditha.com/megaupload Lean and mean Secure FTP applet with | Mega Upload - PHP file uploader Graphical User Inteface. Just 128 KB | with progress bar. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] php sessions question
I normally do as you have suggested here - but why do you suggest that this method is better? One reason is for security. You cannot ever rule out the possibility of a user injecting someone else's data into the session to get access to information that he should not have. Of course he can fake the userid too. That's why each time you retrieve the userid from the session you should check if that id has been logged in. I do this (so do many others) by keeping two column table with session id and userid in it. -- Raditha Dissanayake. Do you have an example or dou you know of any tutorials where this method is used? Thx Reinhart -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP Sessions Question
What kind of problems could be happening server-side that would result in PHP sessions randomly disappearing? And, is there a way to log or track this information? Oh, and best of all, any recommendations on solutions? I have a PHP / MySQL application that's been running at a host provider for almost a year now. PHP sessions are used to track logged in users, For example, $_SESSION[UserID]. If the UserID isn't stored as a session variable, the user must not be logged in, so prompt them with a login screen. Most recent updates were made last week and everything has been working fine until this afternoon. Session data is somehow being lost. It seems random. A person will be logged in and navigating through the site when they suddenly get a login screen. They'll log back in and continue navigating for a little while when it will happen again - sometimes within seconds and othertimes within minutes. Sometimes it won't even happen for 30 minutes and then it suddenly begins to occur again. Thanks in advance for any ideas or recommendations that I can forward to my hosting provider on how to fix the problem. -Ed
Re: [PHP] PHP Sessions Question
It could be a case that your provider is load balancing across several machines. If they are, and they aren't storing the session data in a central location, then that might account for the issue. That would explain the intermittent failure. The user might be making keepalive requests to the same box and being ok, and then get bounced once it hits a machine that doesn't have the session data... You might ask them about it... Tim. At 09:43 PM 7/8/2004, Ed Lazor wrote: What kind of problems could be happening server-side that would result in PHP sessions randomly disappearing? And, is there a way to log or track this information? Oh, and best of all, any recommendations on solutions? I have a PHP / MySQL application that's been running at a host provider for almost a year now. PHP sessions are used to track logged in users, For example, $_SESSION[UserID]. If the UserID isn't stored as a session variable, the user must not be logged in, so prompt them with a login screen. Most recent updates were made last week and everything has been working fine until this afternoon. Session data is somehow being lost. It seems random. A person will be logged in and navigating through the site when they suddenly get a login screen. They'll log back in and continue navigating for a little while when it will happen again - sometimes within seconds and othertimes within minutes. Sometimes it won't even happen for 30 minutes and then it suddenly begins to occur again. Thanks in advance for any ideas or recommendations that I can forward to my hosting provider on how to fix the problem. -Ed SimpleNet's Back ! http://www.simplenet.com
RE: [PHP] PHP Sessions on Windows
How does one get sessions working on Windows? I have modified my php.ini file so that session.save_path = C:\Temp, restarted and Apache. Still I get this error message: Warning: session_start(): open(/tmp\sess_26310affee160329c9e50f27663f8971, O_RDWR) failed: No such file or directory (2) in c:\apache\htdocs\dbmdata\admin\61646d696e.php on line 2 check you have edited the correct php.ini -- run ? phpinfo() ? and check where the ini file is to make sure you changed the correct one... hth rich -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] PHP Sessions on Windows
OK, I managed to get it working. I first attempted to edit the php.ini so that the session save path was C:\Temp. No matter what I did, the save path always showed up in phpinfo() as /tmp. So I created folder on the root of C: called tmp and everything worked. Thanks, Dave -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] PHP Sessions on Windows
-Original Message- From: David Mitchell [mailto:[EMAIL PROTECTED] Sent: 12 May 2004 13:21 OK, I managed to get it working. I first attempted to edit the php.ini so that the session save path was C:\Temp. No matter what I did, the save path always showed up in phpinfo() as /tmp. So I created folder on the root of C: called tmp and everything worked. This still looks like PHP is not looking for the php.ini file where you think it is. I strongly suggest you follow the previous advice to work out where PHP is actually expecting your php.ini to be, before you have a need to change another initialization parameter. Cheers! Mike - Mike Ford, Electronic Information Services Adviser, Learning Support Services, Learning Information Services, JG125, James Graham Building, Leeds Metropolitan University, Beckett Park, LEEDS, LS6 3QS, United Kingdom Email: [EMAIL PROTECTED] Tel: +44 113 283 2600 extn 4730 Fax: +44 113 283 3211 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] PHP Sessions on Windows
I think you need to restart PHP to pickup the new php.ini changes. My php.ini is in the windows directory (I believe). -Original Message- From: David Mitchell [mailto:[EMAIL PROTECTED] Sent: 12 May 2004 13:21 OK, I managed to get it working. I first attempted to edit the php.ini so that the session save path was C:\Temp. No matter what I did, the save path always showed up in phpinfo() as /tmp. So I created folder on the root of C: called tmp and everything worked. This still looks like PHP is not looking for the php.ini file where you think it is. I strongly suggest you follow the previous advice to work out where PHP is actually expecting your php.ini to be, before you have a need to change another initialization parameter. Cheers! Mike -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Sessions on Windows
David Mitchell wrote: I first attempted to edit the php.ini so that the session save path was C:\Temp. No matter what I did, the save path always showed up in phpinfo() as /tmp. So I created folder on the root of C: called tmp and everything worked. You were not editing the correct php.ini, then. -- ---John Holmes... Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/ php|architect: The Magazine for PHP Professionals www.phparch.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP Sessions on Windows
Hello, How does one get sessions working on Windows? I have modified my php.ini file so that session.save_path = C:\Temp, restarted and Apache. Still I get this error message: Warning: session_start(): open(/tmp\sess_26310affee160329c9e50f27663f8971, O_RDWR) failed: No such file or directory (2) in c:\apache\htdocs\dbmdata\admin\61646d696e.php on line 2 This is the code that is triggering the error. It seems very straightforward to me: session_start(); echo $_SESSION['user']; Why is this so incredibly difficult? Thanks, Dave -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Sessions on Windows
Sounds right. Do you have a C:\temp directory? How does one get sessions working on Windows? I have modified my php.ini file so that session.save_path = C:\Temp, restarted and Apache. Still I get this error message: Warning: session_start(): open(/tmp\sess_26310affee160329c9e50f27663f8971, O_RDWR) failed: No such file or directory (2) in c:\apache\htdocs\dbmdata\admin\61646d696e.php on line 2 This is the code that is triggering the error. It seems very straightforward to me: session_start(); echo $_SESSION['user']; -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP Sessions - One Server, Many Terminals
I'm having a problem related to PHP sessions in a school computer lab environment. I have a script that uses sessions to keep track of a user and their work on the system. It is being used by a school in a computer lab in which the students just have terminals -- they all access the same server computer to run programs and do not have hard drives of their own. They are running software called ClassLink (see www.classlink2000.com) in this lab (I'm not sure if that is really an important detail or not). The problem is that everyone that students accessing the script on these different terminals start seeing eachother's work, which implies that the session information is not unique to each terminal (I expect that if I printed out the session ID on all of these different terminals, they would all be the same). Is there anything that I can do about this? How do I get my script to recognize that it is being accessed by different terminals, even though it is really only one physical computer (the server that all of these terminals have a view into)? Is there any other solution? Cheers, Damon -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] PHP Sessions - Cookies Not Saving
On 05 March 2004 03:33, Paul Higgins wrote: When I do: print_r($_COOKIE); I get the following: Array ( [PHPSESSID] = 11781ce29c68ca7ef563110f37e43f38 ) Does that mean its setting the Cookie? Yes. Cheers! Mike - Mike Ford, Electronic Information Services Adviser, Learning Support Services, Learning Information Services, JG125, James Graham Building, Leeds Metropolitan University, Beckett Park, LEEDS, LS6 3QS, United Kingdom Email: [EMAIL PROTECTED] Tel: +44 113 283 2600 extn 4730 Fax: +44 113 283 3211 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Sessions - Cookies Not Saving
On Friday 05 March 2004 13:05, Paul Higgins wrote: When I thought about what the compay really told me...it didn't make sense. All I know is that that cookie will not save on my WinXP box, but it will save on my Linux box. As sending cookies is pretty much a generic procedure which is not platform dependent it would suggest that your WinXP box is broken (needless to say I'm assuming that you have already ensured that your browser is configured to accept cookies). Have you tried any other browsers/platforms? -- Jason Wong - Gremlins Associates - www.gremlins.biz Open Source Software Systems Integrators * Web Design Hosting * Internet Intranet Applications Development * -- Search the list archives before you post http://marc.theaimsgroup.com/?l=php-general -- /* All vacations and holidays create problems, except for one's own -- Murphy's Laws on Work n34 */ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] PHP Sessions - Cookies Not Saving
but it will save on my Linux box. As sending cookies is pretty much a generic procedure which is not platform dependent it would suggest that your WinXP box is broken (needless to say I'm assuming that you have already ensured that your browser is configured to accept cookies). Have you tried any other browsers/platforms? The above snippet means it works on his linux box which is why i suggested to see if the session is storing in /tmp, he could prob have spyware running on his machine, i advice check out adaware. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP Sessions - Cookies Not Saving
Hi everyone, I'm trying to create a session with PHP. I'm using the following code: ?php session_start( ); print( session_id( ) ); print( 'HTML'); print( 'BODY' ); print( ' a href = http://www.mysite.com/shopping_cart/Test2.php;Here/a' ); print( '/BODY' ); print( '/HTML' ); ? Now, I'm trying to view this site on a WinXP box. However, the cookies are not being saved onto my machine. I've viewed the site with Mozilla on a Linux box, and it works fine. What could be wrong? Any help would be greatly appreciated. I read somewhere that PHP had some issues with writing cookies to an NTFS box. Could that have anything to do with it? Thanks, Paul _ FREE pop-up blocking with the new MSN Toolbar get it now! http://clk.atdmt.com/AVE/go/onm00200415ave/direct/01/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Sessions - Cookies Not Saving
Are the hosts u looking at the same ? Like is it the very same link ? Check on the XP box if you have cookies disabled, u can always check if the session is being stored on the server too, look in /tmp first. Try a print_r ($_COOKIE); aswell. Hi everyone, I'm trying to create a session with PHP. I'm using the following code: ?php session_start( ); print( session_id( ) ); print( 'HTML'); print( 'BODY' ); print( ' a href = http://www.mysite.com/shopping_cart/Test2.php;Here/a' ); print( '/BODY' ); print( '/HTML' ); ? Now, I'm trying to view this site on a WinXP box. However, the cookies are not being saved onto my machine. I've viewed the site with Mozilla on a Linux box, and it works fine. What could be wrong? Any help would be greatly appreciated. I read somewhere that PHP had some issues with writing cookies to an NTFS box. Could that have anything to do with it? Thanks, Paul _ FREE pop-up blocking with the new MSN Toolbar get it now! http://clk.atdmt.com/AVE/go/onm00200415ave/direct/01/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Sessions - Cookies Not Saving
When I do: print_r($_COOKIE); I get the following: Array ( [PHPSESSID] = 11781ce29c68ca7ef563110f37e43f38 ) Does that mean its setting the Cookie? I can't see the cookie on my computer. I don't have cookies disabled because I'm getting cookies from other sites. The privacy setting is set to Medium. Thanks, Paul From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: [PHP] PHP Sessions - Cookies Not Saving Date: Fri, 5 Mar 2004 14:25:53 +1100 (EST) Are the hosts u looking at the same ? Like is it the very same link ? Check on the XP box if you have cookies disabled, u can always check if the session is being stored on the server too, look in /tmp first. Try a print_r ($_COOKIE); aswell. Hi everyone, I'm trying to create a session with PHP. I'm using the following code: ?php session_start( ); print( session_id( ) ); print( 'HTML'); print( 'BODY' ); print( 'a href = http://www.mysite.com/shopping_cart/Test2.php;Here/a' ); print( '/BODY' ); print( '/HTML' ); ? Now, I'm trying to view this site on a WinXP box. However, the cookies are not being saved onto my machine. I've viewed the site with Mozilla on a Linux box, and it works fine. What could be wrong? Any help would be greatly appreciated. I read somewhere that PHP had some issues with writing cookies to an NTFS box. Could that have anything to do with it? Thanks, Paul _ FREE pop-up blocking with the new MSN Toolbar get it now! http://clk.atdmt.com/AVE/go/onm00200415ave/direct/01/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php _ FREE pop-up blocking with the new MSN Toolbar get it now! http://clk.atdmt.com/AVE/go/onm00200415ave/direct/01/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Sessions - Cookies Not Saving
AAAGGGH!! I asked my hosting company where they were stored...on the server...I am so mad at myself...all that time wasted. Thanks for the help though...it was much appreciated! Paul From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: [PHP] PHP Sessions - Cookies Not Saving Date: Fri, 5 Mar 2004 14:25:53 +1100 (EST) Are the hosts u looking at the same ? Like is it the very same link ? Check on the XP box if you have cookies disabled, u can always check if the session is being stored on the server too, look in /tmp first. Try a print_r ($_COOKIE); aswell. Hi everyone, I'm trying to create a session with PHP. I'm using the following code: ?php session_start( ); print( session_id( ) ); print( 'HTML'); print( 'BODY' ); print( 'a href = http://www.mysite.com/shopping_cart/Test2.php;Here/a' ); print( '/BODY' ); print( '/HTML' ); ? Now, I'm trying to view this site on a WinXP box. However, the cookies are not being saved onto my machine. I've viewed the site with Mozilla on a Linux box, and it works fine. What could be wrong? Any help would be greatly appreciated. I read somewhere that PHP had some issues with writing cookies to an NTFS box. Could that have anything to do with it? Thanks, Paul _ FREE pop-up blocking with the new MSN Toolbar get it now! http://clk.atdmt.com/AVE/go/onm00200415ave/direct/01/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php _ FREE pop-up blocking with the new MSN Toolbar get it now! http://clk.atdmt.com/AVE/go/onm00200415ave/direct/01/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Sessions - Cookies Not Saving
Is it a non default /tmp ? If so it should be in php.ini or u have to set where it is with an ini_set , hope that helps. AAAGGGH!! I asked my hosting company where they were stored...on the server...I am so mad at myself...all that time wasted. Thanks for the help though...it was much appreciated! Paul From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: [PHP] PHP Sessions - Cookies Not Saving Date: Fri, 5 Mar 2004 14:25:53 +1100 (EST) Are the hosts u looking at the same ? Like is it the very same link ? Check on the XP box if you have cookies disabled, u can always check if the session is being stored on the server too, look in /tmp first. Try a print_r ($_COOKIE); aswell. Hi everyone, I'm trying to create a session with PHP. I'm using the following code: ?php session_start( ); print( session_id( ) ); print( 'HTML'); print( 'BODY' ); print( 'a href = http://www.mysite.com/shopping_cart/Test2.php;Here/a' ); print( '/BODY' ); print( '/HTML' ); ? Now, I'm trying to view this site on a WinXP box. However, the cookies are not being saved onto my machine. I've viewed the site with Mozilla on a Linux box, and it works fine. What could be wrong? Any help would be greatly appreciated. I read somewhere that PHP had some issues with writing cookies to an NTFS box. Could that have anything to do with it? Thanks, Paul _ FREE pop-up blocking with the new MSN Toolbar get it now! http://clk.atdmt.com/AVE/go/onm00200415ave/direct/01/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php _ FREE pop-up blocking with the new MSN Toolbar get it now! http://clk.atdmt.com/AVE/go/onm00200415ave/direct/01/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Sessions - Cookies Not Saving
If there is something in $_COOKIE, what does that mean? That there is a cookie somewhere? Or is it appending the Session ID to the URL? Paul From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: [PHP] PHP Sessions - Cookies Not Saving Date: Fri, 5 Mar 2004 15:24:32 +1100 (EST) Is it a non default /tmp ? If so it should be in php.ini or u have to set where it is with an ini_set , hope that helps. AAAGGGH!! I asked my hosting company where they were stored...on the server...I am so mad at myself...all that time wasted. Thanks for the help though...it was much appreciated! Paul From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: [PHP] PHP Sessions - Cookies Not Saving Date: Fri, 5 Mar 2004 14:25:53 +1100 (EST) Are the hosts u looking at the same ? Like is it the very same link ? Check on the XP box if you have cookies disabled, u can always check if the session is being stored on the server too, look in /tmp first. Try a print_r ($_COOKIE); aswell. Hi everyone, I'm trying to create a session with PHP. I'm using the following code: ?php session_start( ); print( session_id( ) ); print( 'HTML'); print( 'BODY' ); print( ' a href = http://www.mysite.com/shopping_cart/Test2.php;Here/a' ); print( '/BODY' ); print( '/HTML' ); ? Now, I'm trying to view this site on a WinXP box. However, the cookies are not being saved onto my machine. I've viewed the site with Mozilla on a Linux box, and it works fine. What could be wrong? Any help would be greatly appreciated. I read somewhere that PHP had some issues with writing cookies to an NTFS box. Could that have anything to do with it? Thanks, Paul _ FREE pop-up blocking with the new MSN Toolbar get it now! http://clk.atdmt.com/AVE/go/onm00200415ave/direct/01/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php _ FREE pop-up blocking with the new MSN Toolbar get it now! http://clk.atdmt.com/AVE/go/onm00200415ave/direct/01/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php _ Get a FREE online computer virus scan from McAfee when you click here. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Sessions - Cookies Not Saving
Ahh is it showing in the url ? Usually it stores as a cookie, or via url, i think that is also set in php.ini, someone want to ellaborate here ? If there is something in $_COOKIE, what does that mean? That there is a cookie somewhere? Or is it appending the Session ID to the URL? Paul From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: [PHP] PHP Sessions - Cookies Not Saving Date: Fri, 5 Mar 2004 15:24:32 +1100 (EST) Is it a non default /tmp ? If so it should be in php.ini or u have to set where it is with an ini_set , hope that helps. AAAGGGH!! I asked my hosting company where they were stored...on the server...I am so mad at myself...all that time wasted. Thanks for the help though...it was much appreciated! Paul From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: [PHP] PHP Sessions - Cookies Not Saving Date: Fri, 5 Mar 2004 14:25:53 +1100 (EST) Are the hosts u looking at the same ? Like is it the very same link ? Check on the XP box if you have cookies disabled, u can always check if the session is being stored on the server too, look in /tmp first. Try a print_r ($_COOKIE); aswell. Hi everyone, I'm trying to create a session with PHP. I'm using the following code: ?php session_start( ); print( session_id( ) ); print( 'HTML'); print( 'BODY' ); print( ' a href = http://www.mysite.com/shopping_cart/Test2.php;Here/a' ); print( '/BODY' ); print( '/HTML' ); ? Now, I'm trying to view this site on a WinXP box. However, the cookies are not being saved onto my machine. I've viewed the site with Mozilla on a Linux box, and it works fine. What could be wrong? Any help would be greatly appreciated. I read somewhere that PHP had some issues with writing cookies to an NTFS box. Could that have anything to do with it? Thanks, Paul _ FREE pop-up blocking with the new MSN Toolbar get it now! http://clk.atdmt.com/AVE/go/onm00200415ave/direct/01/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php _ FREE pop-up blocking with the new MSN Toolbar get it now! http://clk.atdmt.com/AVE/go/onm00200415ave/direct/01/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php _ Get a FREE online computer virus scan from McAfee when you click here. http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963 -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Sessions - Cookies Not Saving
When I thought about what the compay really told me...it didn't make sense. All I know is that that cookie will not save on my WinXP box, but it will save on my Linux box. Are there any special headers that I could use? Paul From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: [PHP] PHP Sessions - Cookies Not Saving Date: Fri, 5 Mar 2004 15:24:32 +1100 (EST) Is it a non default /tmp ? If so it should be in php.ini or u have to set where it is with an ini_set , hope that helps. AAAGGGH!! I asked my hosting company where they were stored...on the server...I am so mad at myself...all that time wasted. Thanks for the help though...it was much appreciated! Paul From: [EMAIL PROTECTED] To: [EMAIL PROTECTED] Subject: Re: [PHP] PHP Sessions - Cookies Not Saving Date: Fri, 5 Mar 2004 14:25:53 +1100 (EST) Are the hosts u looking at the same ? Like is it the very same link ? Check on the XP box if you have cookies disabled, u can always check if the session is being stored on the server too, look in /tmp first. Try a print_r ($_COOKIE); aswell. Hi everyone, I'm trying to create a session with PHP. I'm using the following code: ?php session_start( ); print( session_id( ) ); print( 'HTML'); print( 'BODY' ); print( ' a href = http://www.mysite.com/shopping_cart/Test2.php;Here/a' ); print( '/BODY' ); print( '/HTML' ); ? Now, I'm trying to view this site on a WinXP box. However, the cookies are not being saved onto my machine. I've viewed the site with Mozilla on a Linux box, and it works fine. What could be wrong? Any help would be greatly appreciated. I read somewhere that PHP had some issues with writing cookies to an NTFS box. Could that have anything to do with it? Thanks, Paul _ FREE pop-up blocking with the new MSN Toolbar get it now! http://clk.atdmt.com/AVE/go/onm00200415ave/direct/01/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php _ FREE pop-up blocking with the new MSN Toolbar get it now! http://clk.atdmt.com/AVE/go/onm00200415ave/direct/01/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php _ Get business advice and resources to improve your work life, from bCentral. http://special.msn.com/bcentral/loudclear.armx -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP Sessions and Cookies
I have a couple of questions regarding sessions and cookies: 1) Is there a way to append information to a cookie? I have read that it is, but I have also read many problems. Is there any particular way to do this? I ask this because cookies are being generated by two different types of scripts. However, they are both on the same site. So, I have access to them, no problem. I just want to append information to the same cookie. 2) If I append the PHP session id to every url, will PHP skip the cookies completely? I know this is more insecure. This option is only important if I cannot append information to the cookie. Thanks, Paul _ FREE pop-up blocking with the new MSN Toolbar get it now! http://clk.atdmt.com/AVE/go/onm00200415ave/direct/01/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP Sessions
Hello everyone, I'm beginning to experiment with PHP sessions. I was wondering if it is possible to place objects into the session? Thanks, Paul _ Take off on a romantic weekend or a family adventure to these great U.S. locations. http://special.msn.com/local/hotdestinations.armx -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Sessions
Hi, Monday, March 1, 2004, 3:04:13 AM, you wrote: PH Hello everyone, PH I'm beginning to experiment with PHP sessions. I was wondering if it is PH possible to place objects into the session? PH Thanks, PH Paul PH _ PH Take off on a romantic weekend or a family adventure to these great U.S. PH locations. http://special.msn.com/local/hotdestinations.armx You can, but you must make sure that the object is declared on the next page before you do session_start(); -- regards, Tom -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] php sessions
Hi, I'm developing a web application which is making use of sessions. I have the following configuration is my php.ini file session.use_cookies = 0 session.use_trans_sid = 1 session.auto_start = 0 register_globals = On This does not give me a new session_id when the application is opened in the same machine. If opened from different machines it gives me a different session_id. I create sessions using session_register() function. My php version is 4.2.2 How to create a unique session for every new browser instance? -vimala/. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php sessions
--- S.P.Vimala [EMAIL PROTECTED] wrote: How to create a unique session for every new browser instance? I'm not sure if this fits your definition of new browser instance, but there is no way for a remote Web server to distinguish between two instances of the same browser running on the client machine. Maybe that explains something? Chris = My Blog http://shiflett.org/ HTTP Developer's Handbook http://httphandbook.org/ RAMP Training Courses http://www.nyphp.org/ramp -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php sessions
Chris Shiflett [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] --- S.P.Vimala [EMAIL PROTECTED] wrote: How to create a unique session for every new browser instance? I'm not sure if this fits your definition of new browser instance, but there is no way for a remote Web server to distinguish between two instances of the same browser running on the client machine. That can't be true. I don't claim to understand exactly how it works, but here is what happens for me. I have an application that I log into. Once I'm logged in, if I open the URL in another browser window, it just gives me the login page. My guess is that the first browser window is passing a cookie identifying the session that the second one doesn't know about. In your case, when you're not using cookies, the session ID must be passed on the URL. I don't know much about using trans_sid, so i can't help you further. -- Rob Maybe that explains something? Chris = My Blog http://shiflett.org/ HTTP Developer's Handbook http://httphandbook.org/ RAMP Training Courses http://www.nyphp.org/ramp -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php sessions
--- Rob Adams [EMAIL PROTECTED] wrote: I'm not sure if this fits your definition of new browser instance, but there is no way for a remote Web server to distinguish between two instances of the same browser running on the client machine. That can't be true. It can, and it is. The only way a Web server could distinguish between them is if the browsers sent something unique per instance within the HTTP request. So, you could write a browser that does this in theory, but that doesn't really do you much good unless you can convince your users to use it. It would be very unusual behavior, so I doubt anyone would want this. Chris = My Blog http://shiflett.org/ HTTP Developer's Handbook http://httphandbook.org/ RAMP Training Courses http://www.nyphp.org/ramp -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php sessions
Chris Shiflett [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] --- Rob Adams [EMAIL PROTECTED] wrote: I'm not sure if this fits your definition of new browser instance, but there is no way for a remote Web server to distinguish between two instances of the same browser running on the client machine. That can't be true. It can, and it is. The only way a Web server could distinguish between them is if the browsers So there is a way, and it's not true. Test it yourself. Login to a PHP app using a standard browser and session cookies and see for yourself. I understand the philosophy of the web server only seeing what the client sends it, but it looks like my client (IE6, right here) does send different requests per instance. It's not just 'in theory.' sent something unique per instance within the HTTP request. So, you could write a browser that does this in theory, but that doesn't really do you much good unless you can convince your users to use it. It would be very unusual behavior, so I doubt anyone would want this. Chris = My Blog http://shiflett.org/ HTTP Developer's Handbook http://httphandbook.org/ RAMP Training Courses http://www.nyphp.org/ramp -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php sessions
--- Rob Adams [EMAIL PROTECTED] wrote: Test it yourself. With all due respect, it seems you should be doing the testing. Login to a PHP app using a standard browser and session cookies and see for yourself. I understand the philosophy of the web server only seeing what the client sends it, but it looks like my client (IE6, right here) does send different requests per instance. Then show us these requests and point out how they are different. Otherwise, I have to assume you have no idea what you're talking about. Chris = My Blog http://shiflett.org/ HTTP Developer's Handbook http://httphandbook.org/ RAMP Training Courses http://www.nyphp.org/ramp -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php sessions
I will test it, because it seems I don't understand this issue as much as I could. But I can already tell you results I see right now: I open a web browser (IE) and login to my application. I open another window (IE) and goto the web application, and it asks me to login. This is all on the same computer. (As I've explained all this before.) Now, perhaps I don't know what I'm talking about, and this is a different issue. If so, I'm pretty sure you'll certainly try to set me straight. If not, then it certainly seems relevant to the discussion, and that my one client (IE) is sending two different requests from two different windows on the same computer. -- Rob Chris Shiflett [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] --- Rob Adams [EMAIL PROTECTED] wrote: Test it yourself. With all due respect, it seems you should be doing the testing. Login to a PHP app using a standard browser and session cookies and see for yourself. I understand the philosophy of the web server only seeing what the client sends it, but it looks like my client (IE6, right here) does send different requests per instance. Then show us these requests and point out how they are different. Otherwise, I have to assume you have no idea what you're talking about. Chris = My Blog http://shiflett.org/ HTTP Developer's Handbook http://httphandbook.org/ RAMP Training Courses http://www.nyphp.org/ramp -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php sessions
From: Chris Shiflett [EMAIL PROTECTED] --- Rob Adams [EMAIL PROTECTED] wrote: Test it yourself. With all due respect, it seems you should be doing the testing. Login to a PHP app using a standard browser and session cookies and see for yourself. I understand the philosophy of the web server only seeing what the client sends it, but it looks like my client (IE6, right here) does send different requests per instance. Then show us these requests and point out how they are different. Otherwise, I have to assume you have no idea what you're talking about. If you are not relying on a cookie based session, then this will work. Each login could be assigned a different session ID, so the requests for each browser will be different because of the different session IDs. ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] php sessions
Hi Rob. That seems perfectly logical. I've written a Content Management System which (when it's finished in a couple of months ;o) run the website at the university where I work. I can presently open an instance of the CMS in IE, login as admin, then open a new window and request another instance of the CMS, and login as a less-privelidged user. I can then use these two separate instances and work as two individual users in the CMS at the same time. Cheers, Pablo -Original Message- From: Rob Adams [mailto:[EMAIL PROTECTED] Sent: Tuesday, October 28, 2003 11:56 AM To: [EMAIL PROTECTED] Subject: Re: [PHP] php sessions I will test it, because it seems I don't understand this issue as much as I could. But I can already tell you results I see right now: I open a web browser (IE) and login to my application. I open another window (IE) and goto the web application, and it asks me to login. This is all on the same computer. (As I've explained all this before.) Now, perhaps I don't know what I'm talking about, and this is a different issue. If so, I'm pretty sure you'll certainly try to set me straight. If not, then it certainly seems relevant to the discussion, and that my one client (IE) is sending two different requests from two different windows on the same computer. -- Rob Chris Shiflett [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] --- Rob Adams [EMAIL PROTECTED] wrote: Test it yourself. With all due respect, it seems you should be doing the testing. Login to a PHP app using a standard browser and session cookies and see for yourself. I understand the philosophy of the web server only seeing what the client sends it, but it looks like my client (IE6, right here) does send different requests per instance. Then show us these requests and point out how they are different. Otherwise, I have to assume you have no idea what you're talking about. Chris = My Blog http://shiflett.org/ HTTP Developer's Handbook http://httphandbook.org/ RAMP Training Courses http://www.nyphp.org/ramp -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php sessions
So you're saying if the session ID is passed in on the URL it will work. But I'm using cookies. The only thing that gets passed on the URL is a pagename. Perhaps there is something funky about my setup, but it has always worked this way for me. -- Rob Cpt John W. Holmes [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] From: Chris Shiflett [EMAIL PROTECTED] --- Rob Adams [EMAIL PROTECTED] wrote: Test it yourself. With all due respect, it seems you should be doing the testing. Login to a PHP app using a standard browser and session cookies and see for yourself. I understand the philosophy of the web server only seeing what the client sends it, but it looks like my client (IE6, right here) does send different requests per instance. Then show us these requests and point out how they are different. Otherwise, I have to assume you have no idea what you're talking about. If you are not relying on a cookie based session, then this will work. Each login could be assigned a different session ID, so the requests for each browser will be different because of the different session IDs. ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php sessions
* Thus wrote Rob Adams ([EMAIL PROTECTED]): I will test it, because it seems I don't understand this issue as much as I could. But I can already tell you results I see right now: I open a web browser (IE) and login to my application. I open another window (IE) and goto the web application, and it asks me to login. This is all on the same computer. (As I've explained all this before.) Now, perhaps I don't know what I'm talking about, and this is a different issue. If so, I'm pretty sure you'll certainly try to set me straight. If not, then it certainly seems relevant to the discussion, and that my one client (IE) is sending two different requests from two different windows on the same computer. This is entirely up to the client, deciding to send a cookie or not when opening a new browser window. You can even turn the behaviour, you describe, off in IE. The problem is the php script doesn't know that the browser you opened (that give you back the login screen) is even related to the other browser window. All the php script knows is that you simply don't have a cookie. Curt -- My PHP key is worn out PHP List stats since 1997: http://zirzow.dyndns.org/html/mlists/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php sessions
Curt Zirzow [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] * Thus wrote Rob Adams ([EMAIL PROTECTED]): I will test it, because it seems I don't understand this issue as much as I could. But I can already tell you results I see right now: I open a web browser (IE) and login to my application. I open another window (IE) and goto the web application, and it asks me to login. This is all on the same computer. (As I've explained all this before.) Now, perhaps I don't know what I'm talking about, and this is a different issue. If so, I'm pretty sure you'll certainly try to set me straight. If not, then it certainly seems relevant to the discussion, and that my one client (IE) is sending two different requests from two different windows on the same computer. This is entirely up to the client, deciding to send a cookie or not when opening a new browser window. You can even turn the behaviour, you describe, off in IE. The problem is the php script doesn't know that the browser you opened (that give you back the login screen) is even related to the other browser window. All the php script knows is that you simply don't have a cookie. That has been my point all along. Perhaps I misunderstood you: there is no way for a remote Web server to distinguish between two instances of the same browser running on the client machine. vs. The problem is the php script doesn't know that the browser you opened (that give you back the login screen) is even related to the other browser window. Aren't these almost exactly opposite statements? Isn't the web server distinguishing between the two instances? Using the cookie? -- Rob Curt -- My PHP key is worn out PHP List stats since 1997: http://zirzow.dyndns.org/html/mlists/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php sessions
Another test: I just downloaded and installed Mozilla (1.5). I logged into my site, opened another window, and was logged in there also. I logged out of the second window, hit a Home link on the first window, and got a login screen. This is new behavior for a browser for me, but now I understand how it works. Thanks for the discussion. -- Rob Rob Adams [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] Curt Zirzow [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] * Thus wrote Rob Adams ([EMAIL PROTECTED]): I will test it, because it seems I don't understand this issue as much as I could. But I can already tell you results I see right now: I open a web browser (IE) and login to my application. I open another window (IE) and goto the web application, and it asks me to login. This is all on the same computer. (As I've explained all this before.) Now, perhaps I don't know what I'm talking about, and this is a different issue. If so, I'm pretty sure you'll certainly try to set me straight. If not, then it certainly seems relevant to the discussion, and that my one client (IE) is sending two different requests from two different windows on the same computer. This is entirely up to the client, deciding to send a cookie or not when opening a new browser window. You can even turn the behaviour, you describe, off in IE. The problem is the php script doesn't know that the browser you opened (that give you back the login screen) is even related to the other browser window. All the php script knows is that you simply don't have a cookie. That has been my point all along. Perhaps I misunderstood you: there is no way for a remote Web server to distinguish between two instances of the same browser running on the client machine. vs. The problem is the php script doesn't know that the browser you opened (that give you back the login screen) is even related to the other browser window. Aren't these almost exactly opposite statements? Isn't the web server distinguishing between the two instances? Using the cookie? -- Rob Curt -- My PHP key is worn out PHP List stats since 1997: http://zirzow.dyndns.org/html/mlists/ -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php sessions
--- CPT John W. Holmes [EMAIL PROTECTED] wrote: If you are not relying on a cookie based session, then this will work. Each login could be assigned a different session ID, so the requests for each browser will be different because of the different session IDs. What John is explaining here is that the URLs could be different if that is how the session ID is propogated, thus making the requests different (they're for different URLs). So, if you click a link from: http://example.org/foo.php?PHPSESSID=12345 it could be for: http://example.org/bar.php?PHPSESSID=12345 Hope that helps. Chris = My Blog http://shiflett.org/ HTTP Developer's Handbook http://httphandbook.org/ RAMP Training Courses http://www.nyphp.org/ramp -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php sessions
Chris Shiflett [EMAIL PROTECTED] wrote in message news:[EMAIL PROTECTED] --- CPT John W. Holmes [EMAIL PROTECTED] wrote: If you are not relying on a cookie based session, then this will work. Each login could be assigned a different session ID, so the requests for each browser will be different because of the different session IDs. What John is explaining here is that the URLs could be different if that is how the session ID is propogated, thus making the requests different (they're for different URLs). So, if you click a link from: That doesn't seem to be what he's saying. because of the different session IDs. It seems to me a better example of what he is saying would be: http://example.org/foo.php?PHPSESSID=12345 vs. http://example.org/foo.php?PHPSESSID=67890 But I was talking about cookies anyway. Which is where different browsers have different behaviors. In IE, by default, it will not pass a cookie from a new browser window. In Mozilla, by default, a new window keeps all the cookies currently set. I've mostly used IE, so I've always thought that it never passed cookies from a new browser window. Apparently, it just depends on which browser you're using and how it is setup. -- Rob http://example.org/foo.php?PHPSESSID=12345 it could be for: http://example.org/bar.php?PHPSESSID=12345 Hope that helps. Chris = My Blog http://shiflett.org/ HTTP Developer's Handbook http://httphandbook.org/ RAMP Training Courses http://www.nyphp.org/ramp -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php sessions
--- Rob Adams [EMAIL PROTECTED] wrote: That doesn't seem to be what he's saying. because of the different session IDs. It seems to me a better example of what he is saying would be: http://example.org/foo.php?PHPSESSID=12345 vs. http://example.org/foo.php?PHPSESSID=67890 Perhaps I should have elaborated a bit more. Browser instance A: 1. Request http://example.org/foo.php 2. PHP assigns PHPSESSID of 12345 3. Returned page has a link for http://example.org/bar.php?PHPSESSID=12345 4. Request http://example.org/bar.php?PHPSESSID=12345 Browser instance B: 1. Request http://example.org/foo.php 2. PHP assigns PHPSESSID of 67890 3. Returned page has a link for http://example.org/bar.php?PHPSESSID=67890 4. Request http://example.org/bar.php?PHPSESSID=67890 Because A4 and B4 are different requests, they get different responses. So, in a way, the server is able to distinguish between the two instances, but only because of that. If instance A sends the request in B4, it will get the same response as instance B would have. That wasn't a great explanation, but maybe it is at least better than my last attempt. But I was talking about cookies anyway. Which is where different browsers have different behaviors. In IE, by default, it will not pass a cookie from a new browser window. This is very interesting. I might try to research this a bit more and see what the motivation was for doing this. From a user perspective, it seems very counterintuitive. Thanks for the info. Chris = My Blog http://shiflett.org/ HTTP Developer's Handbook http://httphandbook.org/ RAMP Training Courses http://www.nyphp.org/ramp -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] php sessions
From: Chris Shiflett [EMAIL PROTECTED] But I was talking about cookies anyway. Which is where different browsers have different behaviors. In IE, by default, it will not pass a cookie from a new browser window. This is very interesting. I might try to research this a bit more and see what the motivation was for doing this. From a user perspective, it seems very counterintuitive. Thanks for the info. It may depend upon how you open the second window, too. Control-N may use the same cookies whereas starting a whole new instance may not. ---John Holmes... -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
RE: [PHP] php sessions
On Tuesday, October 28, 2003 2:13 PM CPT John W. Holmes wrote: It may depend upon how you open the second window, too. Control-N may use the same cookies whereas starting a whole new instance may not. This is the case with IE. If I'm in my CMS and ctrl-N to get a new window, I can operate under both windows using the same session. If I open a new instance of IE and go to a page in the CMS beyond the login screen, it boots me back to the login screen. Cheers, Pablo -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP Sessions
Hi All, I have a login page that which verifies he username password against a MySql database and then passes the username to another page as a session. I created this on my PC, which is running PHP version 4.3.2, and it works with no problem. My host has the following set on the server which is running PHP Version 4.3.3: 1. register_globals set to off, 2. Session.bug_compa4_42 set to on 3. Session.bug.Compat-Warn set to on. When I submit the form I get a warning about : Warning: Unknown(): Your script possibly relies on a session side-effect which existed until PHP 4.2.3. Please be advised that the session extension does not consider global variables as a source of data, unless register_globals is enabled. You can disable this functionality and this warning by setting session.bug_compat_42 or session.bug_compat_warn to off, respectively. in Unknown on line 0 I have tried using : ini_set (session.bug_compat_42, 0) and ini_set (session.bug_compat_warn, 0), to override the PHP.ini on the server but now when I submit the form on the Login page the server just hangs and then the services on that server stop. Can anyone shed any light on why a simple login page could crash a server.? Thanks for any advice so that I can pass information to my host to rectify what maybe a configuration error. Thanks again. Phil. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP SESSIONS and FRAMES
I have a shopping cart with affiliate sales support. What's happening is that some affiliates are using frames to use their domain while using our shopping cart. So they are using a frameset like this: frameset rows=1,* FRAMEBORDER=0 BORDER=0 frame MARGINWIDTH=0 MARGINHEIGHT=0 name=board src=top.html frame MARGINWIDTH=0 MARGINHEIGHT=0 name=post src=http://www.domain.com/?store_id=15008; /frameset The problem I'm having is that sessions are not being passed properly or are expiring. Anybody experience this kind of problem? If so can you provide any advice on passing sessions through frames? Thanks. -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP Sessions
Hi Curt, No I didn't see a post about space on /tmp... Using df it shows the file system to only be about 70% full, so there's plenty of space there. Did you mean something else? Any other thoughts on where to look? Thanks, Lee * Thus wrote Lee Stewart ([EMAIL PROTECTED]): Using the $_SESSION[] style produces the same results... Zero length session file in /tmp, and no data passed... (available at http://4.43.81.92/page1a.php) You did see my post about space left on /tmp? So where do I go from here...Is there any way to debug it? Like I said, I suspect it's not a PHP code bug, but I'm at a loss as to where to go from here (other than re-writing the entire application in some other language -- which I really don't want to do)... another language? how dare you say such thing here on this list :) Curt -- I used to think I was indecisive, but now I'm not so sure. -- Lee Stewart, Senior SE Sytek Services, a Division of DSG (719) 566-0188 , Fax (719) 566-0655 [EMAIL PROTECTED] www.sytek-services.com www.dsgroup.com -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP Sessions and Cookies
Guys/Gals, I've built a registration page on a site that stores a unique id for a user when they register. That id is then stored in a database and set as a session variable and as a cookie and is used to register personal user preferences. The reason I use both is that I don't really want to make people log in everytime they revisit the site. I use the session so that people who have cookies turned off can still benefit from the personalisation. The cookie is used so that when a user revisits the site, they don't have to log in again. I then have a script that I call in every page that checks for the session variable and the cookie. I have been testing the script using echo $_SESSION['usr']; and echo $_COOKIE['usr']; and I get correct values for both. Unfortunately if I then close the browser, reopen it and visit the site, both the cookie and the session produce no values. Obviously, the session value should be blank, but the cookie should produce a value. This is my 'global' cookie/session checker script: ?php session_start(); // CHECK IF SESSION EXISTS. if (!isset($_SESSION['usr'])) { // IF NO, THEN CHECK FOR COOKIE if (isset($_COOKIE['usr'])) { // IF 'YES' THEN START SESSION $_SESSION['usr'] = $_COOKIE['usr']; } // IF 'YES' THEN QUIT } else { // IF THE SESSION EXISTS, MAKE SURE [EMAIL PROTECTED] VALUE MATCHES THAT OF THE COOKIE setcookie(usr, $_SESSION['usr'], mktime(21,00,0,12,31,2014),/,bigbarn0.kbnet.net, 0); // END } ? If anyone can point out an error, please do! Thanks, Matt -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
Re: [PHP] PHP Sessions Not Saving
At around Tue, Feb 04, 2003 at 02:06:35PM +0800, Jason Wong constructed the following notation: Recompile, why? How about a link? ln -s /sbin/sendmail /usr/sbin/sendmail During the ./configure part of the installation, PHP checks for sendmail, but only in /sbin/sendmail. If it doesn't find it, the function mail() isn't complied in. I just get 'call to undefined function mail()' in x/y.php on z. But according to the manual configure should check both locations? I can't remember where i saw it (i think it was on a mailing list), but someone said it'll only check /sbin/sendmail, which seams to be the case. sendmail.path is set to '/usr/sbin/sendmail' in php.ini, but that doesn't has an effect. well, either way it hasn't been compiled in so a recompile will be needed. it's only a 10 minute job anyway. -- jonathan wright [EMAIL PROTECTED] | www.djnauk.co.uk -- life has no meaning unless we can enjoy what we've been given -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php
[PHP] PHP Sessions Not Saving
Hiya, I'm currently trying to create a logon script for my web site, and i'm having problems with sessions. I've set up the server (httpd-2.0.44) with php (4.3.0) and switched on sessions. The sessions are only avalibale via cookies over a secure connection (i've got session.cookie_secure = true) In the script i've got: if ($db-num_rows($query) == 1) { $_SESSION['success'] = true; $_SESSION['username'] = $_POST['username'] ... } ... if (isset($_SESSION['success']) $_SESSION['success'] == true) { //output welcome message } else { //output logon page } Everything seams to be working. If you enter the details, you log on and all is fine, until you come back to the page again. It asks you to log on again. I've checked phpinfo() and $_COOKIES['session'] (session being the name for the php session) has a value ('83260f6c7261052f2ff377d104871484' the last time i checked, but nothing for $_SESSION shows up. The interesting thing comes when I look in the /tmp folder (where all the session storage files have been placed). There's a load of sess_* files, including sess_83260f6c7261052f2ff377d104871484, but all of them are 0 bytes in size - empty. The directory has 1777 permissions, and is owned by root:root. All of the files are 0600 and httpd:httpd (the user the web servers running under): -rw--- 1 httpd httpd0 Fed 3 17:26 sess_83260f6c7261052f2ff377d104871484 The settings are avaliable via http://www.djnauk.co.uk/phpinfo.php. I can't see why the server isn't writing to the files, despite the fact it's creating them no problem. there's no errors in sys.log (where php is reporting to at the moment) or in the httpd error fle. Anyone come accross the problem? -- jonathan wright [EMAIL PROTECTED] | www.djnauk.co.uk -- life has no meaning unless we can enjoy what we've been given -- PHP General Mailing List (http://www.php.net/) To unsubscribe, visit: http://www.php.net/unsub.php