Re: [PHP] PHP sessions expiring early

[Paul Waring]

On 07/09/11 13:42, Richard Quadling wrote:

On 7 September 2011 12:32, Paul Waring  wrote:

On 07/09/11 12:16, Richard Quadling wrote:


On 7 September 2011 11:20, Paul Waringwrote:


Can anyone suggest things which I could try? I cannot work out why this
problem is happening for some users but not me.


For browsers/extensions that do automatic read ahead (I load page A
and linked pages B and C are also retrieved).


I hadn't thought of that. However, we audit all user logins and logouts, as
well as all page requests. If the browser was pre-fetching the logout page,
we'd have 'user logout' entries in our logs, but the only notices we have
are for users logging in. If users were being logged out because of
pre-fetching, I'd expect to see each login entry have a corresponding logout
entry.


Is the potential for cached pages to be returned for a user NOT logged in?


Any pages which a user has viewed whilst logged in shouldn't be cached,
assuming the browser is respecting the headers. They are all sent with:

Cache-Control: no-store, no-cache, must-revalidate, post-check=0,
pre-check=0


How is your code determining if they need to be redirected back to the
login page?


The test is whether two $_SESSION elements are set and match ones in the 
database, plus whether the last page view by the user (stored in the 
database, updated on each request) was less than one hour ago.



What changes that information?


A page load changed the 'last page view time'. Nothing changes the other 
session data, except an explicit logout (which sets $_SESSION = array() 
and calls session_destroy).



Can you monitor it externally?


I'm not sure what you mean by 'externally'. Most of the site requires a 
login, so it's not possible for a third-party to monitor it if that's 
what you mean.


--
Paul Waring
http://www.phpdeveloper.org.uk

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP sessions expiring early

[Paul Waring]

On 07/09/11 12:16, Richard Quadling wrote:

On 7 September 2011 11:20, Paul Waring  wrote:

Can anyone suggest things which I could try? I cannot work out why this
problem is happening for some users but not me.


For browsers/extensions that do automatic read ahead (I load page A
and linked pages B and C are also retrieved).


I hadn't thought of that. However, we audit all user logins and logouts, 
as well as all page requests. If the browser was pre-fetching the logout 
page, we'd have 'user logout' entries in our logs, but the only notices 
we have are for users logging in. If users were being logged out because 
of pre-fetching, I'd expect to see each login entry have a corresponding 
logout entry.



Is the potential for cached pages to be returned for a user NOT logged in?


Any pages which a user has viewed whilst logged in shouldn't be cached, 
assuming the browser is respecting the headers. They are all sent with:


Cache-Control: no-store, no-cache, must-revalidate, post-check=0, 
pre-check=0


--
Paul Waring
http://www.phpdeveloper.org.uk

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP sessions expiring early

[Paul Waring]

On 07/09/11 12:20, vikash.i...@gmail.com wrote:

Just confirm once that you are not calling session_destroy somewhere.


The only place session_destroy is called is in the logout function, 
which itself is only called if a user clicks the logout link.


--
Paul Waring
http://www.phpdeveloper.org.uk

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP sessions expiring early

[Paul Waring]

On 07/09/11 12:15, Richard Quadling wrote:

How do you handle multiple logins?

If I login using my laptop and get Session A for my account and then I
login using my desktop and get Session B for my account, does Session
A get killed?


Session A is killed, your last login is always the current one.


Do you allow multiple, simultaneous logins per account?


No, but then each user is accessing their account from a single machine 
and browser anyway (i.e. they don't switch from desktop to laptop and 
then back again), so we don't even have people trying to have 
simultaneous logins.


--
Paul Waring
http://www.phpdeveloper.org.uk

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP sessions expiring early

[vikash . iitb]

Just confirm once that you are not calling session_destroy somewhere.


Thanks,
Vikash Kumar
--
http://vika.sh


On 7 September 2011 16:46, Richard Quadling  wrote:

> On 7 September 2011 11:20, Paul Waring  wrote:
> > Can anyone suggest things which I could try? I cannot work out why this
> > problem is happening for some users but not me.
>
> For browsers/extensions that do automatic read ahead (I load page A
> and linked pages B and C are also retrieved).
>
> Is the potential for cached pages to be returned for a user NOT logged in?
>
>
>
> --
> Richard Quadling
> Twitter : EE : Zend : PHPDoc
> @RQuadling : e-e.com/M_248814.html : bit.ly/9O8vFY : bit.ly/lFnVea
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

Re: [PHP] PHP sessions expiring early

[Richard Quadling]

On 7 September 2011 11:20, Paul Waring  wrote:
> Can anyone suggest things which I could try? I cannot work out why this
> problem is happening for some users but not me.

For browsers/extensions that do automatic read ahead (I load page A
and linked pages B and C are also retrieved).

Is the potential for cached pages to be returned for a user NOT logged in?



-- 
Richard Quadling
Twitter : EE : Zend : PHPDoc
@RQuadling : e-e.com/M_248814.html : bit.ly/9O8vFY : bit.ly/lFnVea

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP sessions expiring early

[Richard Quadling]

On 7 September 2011 11:20, Paul Waring  wrote:
> I'm having trouble with a PHP website which requires users to be logged in
> to access all content other than the home page and a couple of static pages
> (about us, contact us etc.). Several users have said they are being logged
> out every few minutes whilst using the site - they can login but will be
> shown the login form again after a few minutes. I can't confirm this myself
> as the site seems to work fine for me - even using the same browser as they
> are and under their accounts - but I'm wondering if this could be a problem
> with the session settings?
>
> The current settings I have are:
>
> session.auto_start      Off
> session.bug_compat_42   On
> session.bug_compat_warn On
> session.cache_expire    180
> session.cache_limiter   nocache
> session.cookie_domain   no value
> session.cookie_httponly Off
> session.cookie_lifetime 0
> session.cookie_path     /
> session.cookie_secure   Off
> session.entropy_file    no value
> session.entropy_length  0
> session.gc_divisor      100
> session.gc_maxlifetime  3600
> session.gc_probability  1
> session.hash_bits_per_character 4
> session.hash_function   0
> session.name    PHPSESSID
> session.referer_check   no value
> session.save_handler    files
> session.save_path       /shared/sessions
> session.serialize_handler       php
> session.use_cookies     On
> session.use_only_cookies        Off
> session.use_trans_sid   0
>
> The only options I have changed from the defaults are gc_maxlifetime,
> gc_probability and save_path. There are several sites on the same server,
> some are https, others just plain http. They all use the same session
> options. session_start() is called once on every page.
>
> The PHP version we're running is: PHP 5.2.6-1+lenny13 with Suhosin-Patch
> 0.9.6.2 (cli) (built: Jul  1 2011 16:01:01). I'm aware it's an old version
> before anyone tells me to upgrade (it's the latest stable version in Debian
> Lenny). :)
>
> Potential problems I have already ruled out:
>
> 1. I don't think it's a browser problem as the users have a variety of
> browsers and versions (we log the user agent for each login, they're mostly
> IE7/8 on XP/Vista/7 with a few Chrome users), and I can't reproduce the
> problem using the same browsers on my machine.
>
> 2. The server time is correct.
>
> 3. The sessions aren't stored in a directory which is being regularly
> cleared out, such as /var/lib/php5 or /tmp.
>
> 4. The web server has permission to write to the save_path directory, and I
> can see session files being created.
>
> 5. No output buffering functions are being used.
>
> Can anyone suggest things which I could try? I cannot work out why this
> problem is happening for some users but not me.
>
> Thanks in advance.
>
> Paul

How do you handle multiple logins?

If I login using my laptop and get Session A for my account and then I
login using my desktop and get Session B for my account, does Session
A get killed?

Do you allow multiple, simultaneous logins per account?



-- 
Richard Quadling
Twitter : EE : Zend : PHPDoc
@RQuadling : e-e.com/M_248814.html : bit.ly/9O8vFY : bit.ly/lFnVea

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP sessions expiring early

[Paul Waring]

On 07/09/11 11:47, Nilesh Govindarajan wrote:

On 09/07/2011 03:50 PM, Paul Waring wrote:

I'm having trouble with a PHP website which requires users to be logged
in to access all content other than the home page and a couple of static
pages (about us, contact us etc.). Several users have said they are
being logged out every few minutes whilst using the site - they can
login but will be shown the login form again after a few minutes. I
can't confirm this myself as the site seems to work fine for me - even
using the same browser as they are and under their accounts - but I'm
wondering if this could be a problem with the session settings?



You have set gc_maxlifetime to 3600 seconds. How much expire time have
you set?
Because, every 3600 seconds, session data stored is considered as
garbage and php clears them out itself.


Yes, I'm aware of that. However, users are being logged out after a few 
minutes, not one hour of inactivity (which is what I'd expect with 3600 
seconds).



If your expiration time is more than 3600 seconds, then this will not
work. You need to increase gc_maxlifetime.


If you mean the expiration time of the session cookie, it is set to 0, 
which means it shouldn't be deleted until the browser is closed (or the 
user logs out, at which point it is deleted immediately).


Paul

--
Paul Waring
http://www.phpdeveloper.org.uk

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP sessions expiring early

[Nilesh Govindarajan]

On 09/07/2011 03:50 PM, Paul Waring wrote:
> I'm having trouble with a PHP website which requires users to be logged
> in to access all content other than the home page and a couple of static
> pages (about us, contact us etc.). Several users have said they are
> being logged out every few minutes whilst using the site - they can
> login but will be shown the login form again after a few minutes. I
> can't confirm this myself as the site seems to work fine for me - even
> using the same browser as they are and under their accounts - but I'm
> wondering if this could be a problem with the session settings?
> 

You have set gc_maxlifetime to 3600 seconds. How much expire time have
you set?
Because, every 3600 seconds, session data stored is considered as
garbage and php clears them out itself.

If your expiration time is more than 3600 seconds, then this will not
work. You need to increase gc_maxlifetime.

For the other case, I'm clueless.

-- 
Nilesh Govindarajan
http://nileshgr.com

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP sessions - users being automatically logged out

[Paul Waring]

On 04/11/10 14:56, Alexander Holodny wrote:

Inc session.cache_expire. You have only 3 minutes.
This means browser will drop cookie containing session id in three
minutes, or even less, of clients inactivity.


According to the PHP manual:

"session.cache_expire specifies time-to-live for cached session pages in 
minutes, this has no effect for nocache limiter."


So the value of session.cache_expire should be ignored, as 
session.cache_limiter is set to nocache.


Paul

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP sessions - users being automatically logged out

[Alexander Holodny]

Inc session.cache_expire. You have only 3 minutes.
This means browser will drop cookie containing session id in three
minutes, or even less, of clients inactivity.
I prefer to set expire-time to zero. So, browser will never forget session id.
In other case, if security requires, i usually set it to 24 hours, to
avoid some mystic problems, in case of misconfigured servers and/or
clients TZ; they are rare.

2010/11/4, Paul Waring :
> I'm having trouble with a PHP site whereby some users are being logged
> out on a regular basis. This will usually happen after they have been
> using the site for a few minutes, they can login without any problems
> and access a few pages, but then suddenly they will request a page and
> be sent to the login form, which suggests that their session no longer
> exists. However, this doesn't affect all users - I can login and use the
> application without any problems, as can some other users.
>
> According to phpinfo(), the following session values are set (all are
> what I'd expect - either the default or something I've deliberately
> changed):
>
> session.auto_start = Off
> session.bug_compat_42 = On
> session.bug_compat_warn = On
> session.cache_expire = 180
> session.cache_limiter = nocache
> session.cookie_domain = no value
> session.cookie_httponly = Off
> session.cookie_lifetime = 0
> session.cookie_path = /
> session.cookie_secure = Off
> session.entropy_file = no value
> session.entropy_length = 0
> session.gc_divisor = 100
> session.gc_maxlifetime = 1440
> session.gc_probability = 1
> session.hash_bits_per_character = 4
> session.hash_function = 0
> session.name = PHPSESSID
> session.referer_check = no value
> session.save_handler = files
> session.save_path = /shared/sessions
> session.serialize_handler = php
> session.use_cookies = On
> session.use_only_cookies = Off
> session.use_trans_sid = 0
>
> I've tried checking a few obvious things:
>
> * IP addresses - the site doesn't use the IP address as part of the
> authentication process, and almost all our users (including the ones
> experiencing problems) have static IP addresses anyway.
>
> * Number of sessions - there are between 40-60 session files on disk at
> any one time, so I doubt there's a "maximum number of session files"
> limit being broken, if such a configuration option exists.
>
> * Permissions - the web server user (www-data) has read/write
> permissions to the directory where the sessions are stored and all the
> files within it, and they are all owned by this user.
>
> Is there anything else obvious which could be causing the problem? This
> seemed to occur when we moved hosts, and I haven't changed the site's
> session handling code for some time, so I suspect it might be a
> configuration issue but can't figure out what.
>
> Thanks,
>
> Paul
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>
>

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP Sessions

[Andre Polykanine]

Hello Martine,

Try to make on the second page a
print_r ($_SESSION);

-- 
With best regards from Ukraine,
Andre
Skype: Francophile; Wlm&MSN: arthaelon @ yandex.ru; Jabber: arthaelon @ 
jabber.org
Yahoo! messenger: andre.polykanine; ICQ: 191749952
Twitter: m_elensule

- Original message -
From: Martine Osias 
To: php-general@lists.php.net 
Date: Saturday, March 13, 2010, 2:29:41 AM
Subject: [PHP] PHP Sessions

Hi:

I need to store variables to send then between pages. I don't need the 
variables in a database so I try to send them with sessions. The variables 
don't seem to be there when I try to get them. What could be the problem. 
Here are the pages where I store and retrieve the variables.

Page 1 (variables stored):



Page 2 (variables retrieved):


http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>
http://www.w3.org/1999/xhtml";>







 
 


 
 








-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP Sessions

[Kevin Kinsey]

Forgot to mention, you could check into the privacy
vs. server settings by doing:

   session_start();
   echo session_id();

on both pages.  If they're different, then
this is the problem.

KDK

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP Sessions

[Kevin Kinsey]

Martine Osias wrote:

Hi:

I need to store variables to send then between pages. I don't need the 
variables in a database so I try to send them with sessions. The 
variables don't seem to be there when I try to get them. What could be 
the problem. Here are the pages where I store and retrieve the variables.


Page 1 (variables stored):



Do sessions work at all?  Something simple, like


Click me';
?>


*

 ... would be a good 1st test.

If that works, I'd suspect that $row_scripture['ScriptureText']
and friends are empty.

If it doesn't, I'd suspect a combination of very strict
browser privacy settings (disallow all cookies) with lame server
config (use_only_cookies), or that session support is missing
or disabled.

HTH,

KDK

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP Sessions

[Ashley Sheridan]

On Fri, 2010-03-12 at 19:29 -0500, Martine Osias wrote:

> Hi:
> 
> I need to store variables to send then between pages. I don't need the 
> variables in a database so I try to send them with sessions. The variables 
> don't seem to be there when I try to get them. What could be the problem. 
> Here are the pages where I store and retrieve the variables.
> 
> Page 1 (variables stored):
> 
>  
> session_start();
> 
> $_SESSION['scripture_text']  = $row_scripture['ScriptureText'];
> $_SESSION['scripture_ref']  = $row_scripture['ScriptureRef'];
> 
> ?>
> 
> Page 2 (variables retrieved):
> 
>  session_start();
> include("includes/config.php");
> ?>
>  "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd";>
> http://www.w3.org/1999/xhtml";>
> 
> 
> 
> 
> 
> 
> 
>  
>  
> 
> 
>   align="right">
>  
> 
> 
> 
> 
> 
> 
> 
> 


Are there any errors, either displayed or in the error log?

Thanks,
Ash
http://www.ashleysheridan.co.uk

Re: [PHP] PHP sessions, AJAX, authentication and security.

[tedd]

At 9:30 PM +1000 11/21/09, Angus Mann wrote:

Hi all.

A question about PHP sessions and their interaction with AJAX.

I have a database containing sensitive information and users need to 
log in to my PHP script and be authenticated before they are granted 
access.


For one of the forms I would like to retrieve information using 
AJAX, and some of that information is sensitive also. The request 
from AJAX is handled by another, simpler PHP script.


It occurs to me that the AJAX handler could be used to bypass the 
user authentication and a crafted request sent directly to the AJAX 
handler to get information without authentication.


Can anyone offer some advice about how to piggy-back the 
session/authentication data that the user originally used to the 
AJAX so that only an authenticated user will get a valid response 
from the AJAX handler? I know I could embed authentication 
information into the web-page and send this with the AJAX request 
but I'm interested to know if there are other methods also.


I hope the explanation is clear.

Thanks in advance.


Angus:

First, don't trust anything that comes from the client -- period.

Second, Ajax is just another way to send stuff to the server. When 
the data gets to the server then authenticate and set a session 
variable to indicate such. This is not rocket science, but if you 
don't do it right you'll leave a crater.


Cheers,

tedd

--
---
http://sperling.com  http://ancientstones.com  http://earthstones.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP sessions, AJAX, authentication and security.

[Phpster]

You could use a one time token on each request

Bastien

Sent from my iPod

On Nov 21, 2009, at 6:30 AM, "Angus Mann"  wrote:


Hi all.

A question about PHP sessions and their interaction with AJAX.

I have a database containing sensitive information and users need to  
log in to my PHP script and be authenticated before they are granted  
access.


For one of the forms I would like to retrieve information using  
AJAX, and some of that information is sensitive also. The request  
from AJAX is handled by another, simpler PHP script.


It occurs to me that the AJAX handler could be used to bypass the  
user authentication and a crafted request sent directly to the AJAX  
handler to get information without authentication.


Can anyone offer some advice about how to piggy-back the session/ 
authentication data that the user originally used to the AJAX so  
that only an authenticated user will get a valid response from the  
AJAX handler? I know I could embed authentication information into  
the web-page and send this with the AJAX request but I'm interested  
to know if there are other methods also.


I hope the explanation is clear.

Thanks in advance.


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] php sessions and Google (Solved)

[tedd]

At 12:47 PM +1000 6/8/06, Chris wrote:
>tedd wrote:
>>At 10:56 AM +1000 6/8/06, Chris wrote:
>>>tedd wrote:
Hi gang:

I've read that php sessions can create problems for Google bots.

-snip-

>>Chris:
>>
>>Thanks -- after your lead, I found that my site's session.use_trans_sid was 
>>turned off by default.
>>
>>So, it wasn't the problem I thought it might have been.
>
>So your page urls don't automatically append the session id to the end? I 
>might have the wrong variable name so if you're still seeing them, I obviously 
>have it wrong...

No, you're right and my url's are clean of SID's -- they always have been, that 
was the default.

The "problem" I was trying to figure out was how the use of SID's cause SE's to 
fail and how that works. I figured that once I understand how that worked, then 
I could keep from doing it. I just needed to "see for myself" what it was. You 
know, one of my "wonder why this works" studies.

While the problem wasn't present for me, which at the start of this I wasn't 
sure about, I did learn how it works and why SE's have problems with indexing 
url's that have "?" in them.

For those interested in this thread, this is what I believe is happening.

If you have a web page that uses SID's in it's url, then it appears to a SE as 
something like this (using one of my sites as an example):

http://ancientstones.com?PHPSESSID=1234

and not like:

http://ancientstones.com/

So the SE grabs the page with the SID. The next time it travels your site, it 
see's:

http://ancientstones.com?PHPSESSID=5678

and grabs that page. After a while, Google has numerous duplicate pages and has 
to pick one to be representative of your site and store all the others into 
it's supplemental index.

Now when Google determines PageRank for your site, it does so by calculating 
how many sites link to your site (simple version). If Google has picked:

http://ancientstones.com?PHPSESSID=5678

to be THE representative for your site, then you're sunk because no one uses a 
SID in their link to your site. Your site will always have a PR of 0 -- as it 
is with the referenced site. While the site ranks very high (currently #1) in a 
Google search for "Custom Tile Medallions", it has a PR of 0. I was trying to 
figure out what was happening and if there was something I was doing in using 
php caused the low PR. I found that PHP wasn't the problem -- and now I know 
that.

At least, that's the way I understand what's going on -- if I'm mistaken, 
please correct me.

tedd

-- 

http://sperling.com  http://ancientstones.com  http://earthstones.com

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] php sessions and Google

[Anthony Ettinger]

On 6/7/06, tedd <[EMAIL PROTECTED]> wrote:

Can someone shed some light on this for me? How can one do sessions and make 
Google bots happy?


I think what they're getting at is don't use session id's unless
they're logged in.

--
Anthony Ettinger
Signature: http://chovy.dyndns.org/hcard.html

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] php sessions and Google

[Chris]

tedd wrote:

At 10:56 AM +1000 6/8/06, Chris wrote:

tedd wrote:

Hi gang:

I've read that php sessions can create problems for Google bots. For example, the 
following was taken from a Google "Web Master Help" Center:

-- Quote --
Allow search bots to crawl your sites without session IDs or arguments that 
track their path through the site. These techniques are useful for tracking 
individual user behavior, but the access pattern of bots is entirely different. 
Using these techniques may result in incomplete indexing of your site, as bots 
may not be able to eliminate URLs that look different but actually point to the 
same page.
-- Un-quote --



I've also seen a comment here:

http://www.weberdev.com/get_example-3431.html

But, I'm not following what's happening.

Can someone shed some light on this for me? How can one do sessions and make 
Google bots happy?

use_trans_sid (I think) will append the sessionid to all pages, so instead of:

/page.php

it will become

/page.php?PHPSESSID=x

much the same as if you do:



Bots don't like that, so where possible turn use_trans_sid off (check manual 
about when/how you can do this).



Chris:

Thanks -- after your lead, I found that my site's session.use_trans_sid was 
turned off by default.

So, it wasn't the problem I thought it might have been.


So your page urls don't automatically append the session id to the end? 
I might have the wrong variable name so if you're still seeing them, I 
obviously have it wrong...


--
Postgresql & php tutorials
http://www.designmagick.com/

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] php sessions and Google

[tedd]

At 10:56 AM +1000 6/8/06, Chris wrote:
>tedd wrote:
>>Hi gang:
>>
>>I've read that php sessions can create problems for Google bots. For example, 
>>the following was taken from a Google "Web Master Help" Center:
>>
>>-- Quote --
>>Allow search bots to crawl your sites without session IDs or arguments that 
>>track their path through the site. These techniques are useful for tracking 
>>individual user behavior, but the access pattern of bots is entirely 
>>different. Using these techniques may result in incomplete indexing of your 
>>site, as bots may not be able to eliminate URLs that look different but 
>>actually point to the same page.
>>-- Un-quote --
>>
>>
>>
>>I've also seen a comment here:
>>
>>http://www.weberdev.com/get_example-3431.html
>>
>>But, I'm not following what's happening.
>>
>>Can someone shed some light on this for me? How can one do sessions and make 
>>Google bots happy?
>
>use_trans_sid (I think) will append the sessionid to all pages, so instead of:
>
>/page.php
>
>it will become
>
>/page.php?PHPSESSID=x
>
>much the same as if you do:
>
>echo '/page.php?' . SID;
>?>
>
>Bots don't like that, so where possible turn use_trans_sid off (check manual 
>about when/how you can do this).
>

Chris:

Thanks -- after your lead, I found that my site's session.use_trans_sid was 
turned off by default.

So, it wasn't the problem I thought it might have been.

Thanks again.

tedd
 
-- 

http://sperling.com  http://ancientstones.com  http://earthstones.com

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] php sessions and Google

[Chris]

tedd wrote:

Hi gang:

I've read that php sessions can create problems for Google bots. For example, the 
following was taken from a Google "Web Master Help" Center:

-- Quote --
Allow search bots to crawl your sites without session IDs or arguments that 
track their path through the site. These techniques are useful for tracking 
individual user behavior, but the access pattern of bots is entirely different. 
Using these techniques may result in incomplete indexing of your site, as bots 
may not be able to eliminate URLs that look different but actually point to the 
same page.
-- Un-quote --



I've also seen a comment here:

http://www.weberdev.com/get_example-3431.html

But, I'm not following what's happening.

Can someone shed some light on this for me? How can one do sessions and make 
Google bots happy?


use_trans_sid (I think) will append the sessionid to all pages, so 
instead of:


/page.php

it will become

/page.php?PHPSESSID=x

much the same as if you do:



Bots don't like that, so where possible turn use_trans_sid off (check 
manual about when/how you can do this).


--
Postgresql & php tutorials
http://www.designmagick.com/

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] php, sessions and ie

[Dallas Cahker]

Thanks for the information

On 4/4/06, Chrome <[EMAIL PROTECTED]> wrote:
>
> I let GC and cookie expiration handle ending the session... The cookie was
> only set for 15 minutes
>
> Dan
>
>
> ---
> http://chrome.me.uk
>
>
> -Original Message-
> From: Dallas Cahker [mailto:[EMAIL PROTECTED]
> Sent: 04 April 2006 19:41
> To: php-general@lists.php.net
> Subject: Re: [PHP] php, sessions and ie
>
> How are you destroying the sessions if they leave the site (dont logout).
> do
> you check on activity or something else?
>
> On 4/4/06, Dan Parry <[EMAIL PROTECTED]> wrote:
> >
> > I have had some issues with sessions and IE in the past and used the
> > following code to start the session
> >
> >  > if (isset($SessID)){ session_id($SessID); }
> > session_start();
> > header("Cache-control: private"); // IE 6 Fix.
> > setcookie("SessID", session_id(), time() + 60 * 15);
> > ?>
> >
> > Now, though, I always use a DB to store sessions... Much nicer
> >
> > HTH
> >
> > Dan
> >
> > -
> > Dan Parry
> > Senior Developer
> > Virtua Webtech Ltd
> > http://www.virtuawebtech.co.uk
> > -Original Message-
> > From: Dallas Cahker [mailto:[EMAIL PROTECTED]
> > Sent: 04 April 2006 16:19
> > To: php-general@lists.php.net
> > Subject: [PHP] php, sessions and ie
> >
> > I've been hearing some of my friends saying there is an issue with
> Session
> > in PHP and IE having problems with them.  Is that true?  If it is how do
> > people get around this?  Session information saved to db?  Session id in
> > cookie?
> >
> >
> > __ NOD32 1.1454 (20060321) Information __
> >
> > This message was checked by NOD32 antivirus system.
> > http://www.eset.com
> >
> >
> >
>
>

RE: [PHP] php, sessions and ie

[Chrome]

I let GC and cookie expiration handle ending the session... The cookie was
only set for 15 minutes

Dan

 
---
http://chrome.me.uk
 

-Original Message-
From: Dallas Cahker [mailto:[EMAIL PROTECTED] 
Sent: 04 April 2006 19:41
To: php-general@lists.php.net
Subject: Re: [PHP] php, sessions and ie

How are you destroying the sessions if they leave the site (dont logout). do
you check on activity or something else?

On 4/4/06, Dan Parry <[EMAIL PROTECTED]> wrote:
>
> I have had some issues with sessions and IE in the past and used the
> following code to start the session
>
>  if (isset($SessID)){ session_id($SessID); }
> session_start();
> header("Cache-control: private"); // IE 6 Fix.
> setcookie("SessID", session_id(), time() + 60 * 15);
> ?>
>
> Now, though, I always use a DB to store sessions... Much nicer
>
> HTH
>
> Dan
>
> -
> Dan Parry
> Senior Developer
> Virtua Webtech Ltd
> http://www.virtuawebtech.co.uk
> -Original Message-
> From: Dallas Cahker [mailto:[EMAIL PROTECTED]
> Sent: 04 April 2006 16:19
> To: php-general@lists.php.net
> Subject: [PHP] php, sessions and ie
>
> I've been hearing some of my friends saying there is an issue with Session
> in PHP and IE having problems with them.  Is that true?  If it is how do
> people get around this?  Session information saved to db?  Session id in
> cookie?
>
>
> __ NOD32 1.1454 (20060321) Information __
>
> This message was checked by NOD32 antivirus system.
> http://www.eset.com
>
>
>

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] php, sessions and ie

[Dallas Cahker]

How are you destroying the sessions if they leave the site (dont logout). do
you check on activity or something else?

On 4/4/06, Dan Parry <[EMAIL PROTECTED]> wrote:
>
> I have had some issues with sessions and IE in the past and used the
> following code to start the session
>
>  if (isset($SessID)){ session_id($SessID); }
> session_start();
> header("Cache-control: private"); // IE 6 Fix.
> setcookie("SessID", session_id(), time() + 60 * 15);
> ?>
>
> Now, though, I always use a DB to store sessions... Much nicer
>
> HTH
>
> Dan
>
> -
> Dan Parry
> Senior Developer
> Virtua Webtech Ltd
> http://www.virtuawebtech.co.uk
> -Original Message-
> From: Dallas Cahker [mailto:[EMAIL PROTECTED]
> Sent: 04 April 2006 16:19
> To: php-general@lists.php.net
> Subject: [PHP] php, sessions and ie
>
> I've been hearing some of my friends saying there is an issue with Session
> in PHP and IE having problems with them.  Is that true?  If it is how do
> people get around this?  Session information saved to db?  Session id in
> cookie?
>
>
> __ NOD32 1.1454 (20060321) Information __
>
> This message was checked by NOD32 antivirus system.
> http://www.eset.com
>
>
>

RE: [PHP] php, sessions and ie

[Dan Parry]

I have had some issues with sessions and IE in the past and used the
following code to start the session



Now, though, I always use a DB to store sessions... Much nicer

HTH

Dan

-
Dan Parry
Senior Developer
Virtua Webtech Ltd
http://www.virtuawebtech.co.uk
-Original Message-
From: Dallas Cahker [mailto:[EMAIL PROTECTED] 
Sent: 04 April 2006 16:19
To: php-general@lists.php.net
Subject: [PHP] php, sessions and ie

I've been hearing some of my friends saying there is an issue with Session
in PHP and IE having problems with them.  Is that true?  If it is how do
people get around this?  Session information saved to db?  Session id in
cookie?


__ NOD32 1.1454 (20060321) Information __

This message was checked by NOD32 antivirus system.
http://www.eset.com



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] php, sessions and ie

[Wolf]

I used to use a database table which housed their information, and their
cookie housed their sessionID that the server assigned them when they
logged in.  Grabbing the sessionID only from the cookie (and their IP) I
was able to log most people in (even "dynamic" IPs don't change THAT
often).  For those whom were dealing with a changed IP, the system had
them verify just their password.  Wrong password dumped them back out
and asked for full login information.  no browser issues at the time.

Wolf

Dallas Cahker wrote:
> I've been hearing some of my friends saying there is an issue with Session
> in PHP and IE having problems with them.  Is that true?  If it is how do
> people get around this?  Session information saved to db?  Session id in
> cookie?
> 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP Sessions

[Jasper Bryant-Greene]

Chris Wagner wrote:

i recently started using PHP's sessions.  i am finding that the sessions
seem to "expire" after 20 or 30 minutes -- or, at least the variables
which i set, within $_SESSION, are getting cleared after this relatively
short amount of time.

before calling session_start(), i do a few initializations:

ini_set('session.use_cookies', 1);
ini_set('session.use_trans_sid', 0);
ini_set('session.save_handler', 'files');
ini_set('session.serialize_handler', 'php');
ini_set('session.name', 'session-id');

i am not setting the 'session.cache_expire' INI variable, and even did a
check to make sure it was not being modified, and i found that it
contains the default value of 180 (minutes).

furthermore, the *cookie* is not expiring.  i've also checked
'session.cookie_lifetime', and it is 0 (zero, for "until browser is
closed").  i've also checked the browser's cookie list, and the cookie
is still around at the time that i lose my session variables.

does anyone have any ideas as to why i may be losing my session
variables so early?


Check session.gc_lifetime or similar. That is the garbage collection 
routine that goes through and deletes any session data files (in /tmp or 
wherever your setup puts them) that are older than that config setting 
value.


--
Jasper Bryant-Greene
Freelance web developer
http://jasper.bryant-greene.name/

If you find my advice useful, please consider donating to a poor
student! You can choose whatever amount you think my advice was
worth to you. http://tinyurl.com/7oa5s

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP Sessions?

[rory walsh]

Yeah your right, I'm trying to walk before I can crawl! Cheers for the help,
Rory.
Chris W. Parker wrote:
rory walsh 
on Wednesday, March 02, 2005 2:08 PM said:

Thanks everyone, I'm getting closer. The only problem I have not is
that I keep entering that test, I modified it to change the session
variable once we enter the test but it somehow does not seem to
change it? This is the code,

Immediately I see:

if(strlen($_SESSION['loggedin']=="yes")){

That doesn't make sense. Do you mean?:
if($_SESSION['loggedin'] == "yes") {
And the next line:

$_SESSION['loggedin']="no";

Why are you reversing the value of 'loggedin'? Once the person is logged
in shouldn't they stay that way until session timeout or they log out?

When I click the logout button it works fine, but when I click on the
link inside the page it simply reloads the same page as if the session
variable has not changed at all? If I link to a page like this does it
call the script again, or does this need to be done with a form
submit? I must apologise for my lack of knowledge here! I program in
other languages and as a result I have that I can get really deep in
code I don't understand very fast!

Maybe you've already stated this in a previous email and I just don't
remember, what exactly is it that you're trying to accomplish?

Chris.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] PHP Sessions?

[Chris W. Parker]

rory walsh 
on Wednesday, March 02, 2005 2:38 PM said:

> Is it to do with the link:
> 
> does this call the script again, just as an action="script.php" in a
> form would? Cheers for the help on this.

Yes it does. But it doesn't erase the session values (it seems that's
what you think is happening?).

I think what you need to do (I do this sometimes too) is start from
scratch and create a very basic test page that works as expected. Then
slowly add in the features you want. It'll give you a much greater
understanding of how things work and where you're going wrong. Sure it's
tedious but it'll help you in the long run.

Here is a good base to start with:




hth,
Chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP Sessions?

[rory walsh]

Sorry bout that little mistake. You right I mean to check to see if
$_SESSION['loggedin'] == "yes"; That doesn't make a difference as it 
turns out. The reason that I immediately change this is that I want the 
content of the page to change, and in order to do that I want to stop it 
from going into this code? Actually I am not going to do this, I will 
use another variable, but by setting $_SESSION['loggedin'] to 'no' it 
should not go into this test, but it somehow does? Is it to do with the 
link:

does this call the script again, just as an action="script.php" in a 
form would? Cheers for the help on this.

Chris W. Parker wrote:
rory walsh 
on Wednesday, March 02, 2005 2:08 PM said:

Thanks everyone, I'm getting closer. The only problem I have not is
that I keep entering that test, I modified it to change the session
variable once we enter the test but it somehow does not seem to
change it? This is the code,

Immediately I see:

if(strlen($_SESSION['loggedin']=="yes")){

That doesn't make sense. Do you mean?:
if($_SESSION['loggedin'] == "yes") {
And the next line:

$_SESSION['loggedin']="no";

Why are you reversing the value of 'loggedin'? Once the person is logged
in shouldn't they stay that way until session timeout or they log out?

When I click the logout button it works fine, but when I click on the
link inside the page it simply reloads the same page as if the session
variable has not changed at all? If I link to a page like this does it
call the script again, or does this need to be done with a form
submit? I must apologise for my lack of knowledge here! I program in
other languages and as a result I have that I can get really deep in
code I don't understand very fast!

Maybe you've already stated this in a previous email and I just don't
remember, what exactly is it that you're trying to accomplish?

Chris.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] PHP Sessions?

[Chris W. Parker]

rory walsh 
on Wednesday, March 02, 2005 2:08 PM said:

> Thanks everyone, I'm getting closer. The only problem I have not is
> that I keep entering that test, I modified it to change the session
> variable once we enter the test but it somehow does not seem to
> change it? This is the code,

Immediately I see:

> if(strlen($_SESSION['loggedin']=="yes")){

That doesn't make sense. Do you mean?:

if($_SESSION['loggedin'] == "yes") {

And the next line:

> $_SESSION['loggedin']="no";

Why are you reversing the value of 'loggedin'? Once the person is logged
in shouldn't they stay that way until session timeout or they log out?

> When I click the logout button it works fine, but when I click on the
> link inside the page it simply reloads the same page as if the session
> variable has not changed at all? If I link to a page like this does it
> call the script again, or does this need to be done with a form
> submit? I must apologise for my lack of knowledge here! I program in
> other languages and as a result I have that I can get really deep in
> code I don't understand very fast!

Maybe you've already stated this in a previous email and I just don't
remember, what exactly is it that you're trying to accomplish?



Chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP Sessions?

[rory walsh]

Thanks everyone, I'm getting closer. The only problem I have not is that 
I keep entering that test, I modified it to change the session variable 
once we enter the test but it somehow does not seem to change it? This 
is the code,

		
if(strlen($_SESSION['loggedin']=="yes")){
$_SESSION['loggedin']="no";
$CONTENT = "You are currently logged in as ".$_POST["username"].
"


If you would like to change the text on the main page please click 
here Edit intro 
pageFile Upload. Any files 
will appear in the 'students' page of the website. Files that uploaded 
here are not availablre to the public and can only be acccessed by 
students who have logged in. Because of security issues only well know 
file types such as word, acrobat and text files are legible for upload.




Send this file: 

	
";
}	

When I click the logout button it works fine, but when I click on the 
link inside the page it simply reloads the same page as if the session 
variable has not changed at all? If I link to a page like this does it 
call the script again, or does this need to be done with a form submit? 
I must apologise for my lack of knowledge here! I program in other 
languages and as a result I have that I can get really deep in code I 
don't understand very fast!

Rory Walsh wrote:
Yes I see what you mean. I only wanted to start a session IF the user 
logged in, but I see your point, the session can be started as soon as 
anyone opens the main page. I'll give it a go and see if that helps, 
cheers,
Rory.

Chris W. Parker wrote:
rory walsh 
on Wednesday, March 02, 2005 1:26 PM said:

The problem there is that I have to test if the user has logged on so
I need to include the if statement? Can the session_start not be
called from within an if statement? Does it really have to be the
very first thing in the script, if so I imagine that this means a
single script cannot be used to manage a complete website?

No session_start(); can go anywhere. It's just that it appears that your
logic is setup in such a way that session_start(); is not being called
when you need it be. By putting it before everything else you can avoid
this.
And as well, is there a reason you wouldn't want to just start the
session at the beginning of the page? I mean, why wait till the user has
submitted the form to start the session?

Chris.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP Sessions?

[Jochem Maas]

rory walsh wrote:
The problem there is that I have to test if the user has logged on so I 
need to include the if statement? 
there are 2 tests to do:
1. check to see whether the user is logged on already
2. check to see whether the user is trying to log on
Can the session_start not be called 
from within an if statement? 
not really, well you can but I can't think
of any reason that you would want to conditionally start the
session.
> Does it really have to be the very first
thing in the script, 
you have to call it before you use the session
(i.e. data stored in it).
if so I imagine that this means a single script 
cannot be used to manage a complete website?
it can. maybe if I rewrite you code a little
it will help you understand:

session_start(); // always start the session.
// you want something more secure as a login procedure!
if($_POST["username"]=="rory") {
// if user logs in as rory
// then mark the user as logged in
// in the session
$_SESSION['loggedin'] = "yes";
}
if ($_SESSION['loggedin'] == "yes") {
header("Cache-control: private");
}
Chris W. Parker wrote:
rory walsh 
on Wednesday, March 02, 2005 11:19 AM said:


Put session_start(); at the *very* beginning of your script. See if that
helps.

Chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP Sessions?

[rory walsh]

Yes I see what you mean. I only wanted to start a session IF the user 
logged in, but I see your point, the session can be started as soon as 
anyone opens the main page. I'll give it a go and see if that helps, cheers,
Rory.

Chris W. Parker wrote:
rory walsh 
on Wednesday, March 02, 2005 1:26 PM said:

The problem there is that I have to test if the user has logged on so
I need to include the if statement? Can the session_start not be
called from within an if statement? Does it really have to be the
very first thing in the script, if so I imagine that this means a
single script cannot be used to manage a complete website?

No session_start(); can go anywhere. It's just that it appears that your
logic is setup in such a way that session_start(); is not being called
when you need it be. By putting it before everything else you can avoid
this.
And as well, is there a reason you wouldn't want to just start the
session at the beginning of the page? I mean, why wait till the user has
submitted the form to start the session?

Chris.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] PHP Sessions?

[Chris W. Parker]

rory walsh 
on Wednesday, March 02, 2005 1:26 PM said:

> The problem there is that I have to test if the user has logged on so
> I need to include the if statement? Can the session_start not be
> called from within an if statement? Does it really have to be the
> very first thing in the script, if so I imagine that this means a
> single script cannot be used to manage a complete website?

No session_start(); can go anywhere. It's just that it appears that your
logic is setup in such a way that session_start(); is not being called
when you need it be. By putting it before everything else you can avoid
this.

And as well, is there a reason you wouldn't want to just start the
session at the beginning of the page? I mean, why wait till the user has
submitted the form to start the session?



Chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP Sessions?

[rory walsh]

The problem there is that I have to test if the user has logged on so I 
need to include the if statement? Can the session_start not be called 
from within an if statement? Does it really have to be the very first 
thing in the script, if so I imagine that this means a single script 
cannot be used to manage a complete website?

Chris W. Parker wrote:
rory walsh 
on Wednesday, March 02, 2005 11:19 AM said:


Put session_start(); at the *very* beginning of your script. See if that
helps.

Chris.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] PHP Sessions?

[Chris W. Parker]

rory walsh 
on Wednesday, March 02, 2005 11:19 AM said:

>  if($_POST["username"]=="rory"){//if user logs in as rory start session
> session_start();
> header("Cache-control: private");
> $_SESSION['loggedin'] = "yes";
> }

Put session_start(); at the *very* beginning of your script. See if that
helps.



Chris.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] php sessions question

[Reinhart Viane]

>I normally do as you have suggested here - but why do you suggest that 
>this method is better?
>  
>

One reason is for security. You cannot ever rule out the possibility of 
a user injecting someone else's data into the session to get access to 
information that he should not have. Of course he can fake the userid 
too. That's why each time you retrieve the userid from the session  you 
should check if that id has been logged in. I do this (so do many 
others) by keeping two column table with session id and userid in it.

-- 
Raditha Dissanayake.

Do you have an example or dou you know of any tutorials where this
method is used?
Thx
Reinhart

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] php sessions question

[raditha dissanayake]

Pete wrote:

 

You should only save the userId in the session, everything else should 
be retrieved from your database using that id.
   

I normally do as you have suggested here - but why do you suggest that
this method is better?
 

One reason is for security. You cannot ever rule out the possibility of 
a user injecting someone else's data into the session to get access to 
information that he should not have. Of course he can fake the userid 
too. That's why each time you retrieve the userid from the session  you 
should check if that id has been logged in. I do this (so do many 
others) by keeping two column table with session id and userid in it.



--
Raditha Dissanayake.

http://www.radinks.com/sftp/ | http://www.raditha.com/megaupload
Lean and mean Secure FTP applet with | Mega Upload - PHP file uploader
Graphical User Inteface. Just 128 KB | with progress bar.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] php sessions question

[Pete]

In message <[EMAIL PROTECTED]>, raditha dissanayake
<[EMAIL PROTECTED]> writes
>Reinhart Viane wrote:
>
>>in a page checkuser i do this after the user is logged in:
>>  PHP Code
>>  // Register some session variables!
>>  session_register('userid');
>>  $_SESSION['userid'] = $userid;
>>  session_register('first_name');
>>  $_SESSION['first_name'] = $first_name;
>>  session_register('last_name');
>>  $_SESSION['last_name'] = $last_name;
>>  session_register('email_address');
>>  $_SESSION['email_address'] = $email_address;
>>  session_register('user_level');
>>  $_SESSION['user_level'] = $user_level;
>>  
>>
>You should only save the userId in the session, everything else should 
>be retrieved from your database using that id.

I normally do as you have suggested here - but why do you suggest that
this method is better?

-- 
Pete Clark

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] php sessions question

[raditha dissanayake]

Reinhart Viane wrote:
in a page checkuser i do this after the user is logged in:
 PHP Code
 // Register some session variables!
 session_register('userid');
 $_SESSION['userid'] = $userid;
 session_register('first_name');
 $_SESSION['first_name'] = $first_name;
 session_register('last_name');
 $_SESSION['last_name'] = $last_name;
 session_register('email_address');
 $_SESSION['email_address'] = $email_address;
 session_register('user_level');
 $_SESSION['user_level'] = $user_level;
 

You should only save the userId in the session, everything else should 
be retrieved from your database using that id.


Now let's say user 1 logs in, his session is registered (with userid from 
database is 5 and first_name is XXX)
Then another user logs in, again his session is registered (with userid from 
database is 1 and first_name is YYY)

 

Are both user's in the same computer? then there may be a question about 
the old cookie being sent back to the server (if it's expiration time 
has not been exceeded). If the users are not using the same computer the 
chances are you have a bug in your code.

Now user 1 leaves the pages (closes the browser) and user 2 uploads a 
document (with my own script).

When the document is succesfully uploaded i display this:
 PHP Code
 echo ($_SESSION['first_name']).", the document has been succesfully 
added";
 echo ($_SESSION['userid']);


This results in the folowing output:
YYY, the document has been succesfully added
5
Meaning the $_SESSION['first_name'] is correct, but the $_SESSION['userid'] 
is the one of the user who logged out...

Now when using user_id in all places it seems to work correctly...
Is userid something that is defined by the server when making sessions?
 

no.
If not, i don't have any clue what is going wrong...
Can someone help me on this? So i know what is wrong?
 


Thx in advance
Pout
 


--
Raditha Dissanayake.

http://www.radinks.com/sftp/ | http://www.raditha.com/megaupload
Lean and mean Secure FTP applet with | Mega Upload - PHP file uploader
Graphical User Inteface. Just 128 KB | with progress bar.
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP Sessions Question

[Tim Traver]

It could be a case that your provider is load balancing across several 
machines. If they are, and they aren't storing the session data in a 
central location, then that might account for the issue.

That would explain the intermittent failure. The user might be making 
keepalive requests to the same box and being ok, and then get bounced once 
it hits a machine that doesn't have the session data...

You might ask them about it...
Tim.

At 09:43 PM 7/8/2004, Ed Lazor wrote:
What kind of problems could be happening server-side that would result in
PHP sessions randomly disappearing?  And, is there a way to log or track
this information?  Oh, and best of all, any recommendations on solutions?

I have a PHP / MySQL application that's been running at a host provider for
almost a year now.  PHP sessions are used to track logged in users, For
example, $_SESSION["UserID"].  If the UserID isn't stored as a session
variable, the user must not be logged in, so prompt them with a login
screen.

Most recent updates were made last week and everything has been working fine
until this afternoon.  Session data is somehow being lost.  It seems random.
A person will be logged in and navigating through the site when they
suddenly get a login screen.  They'll log back in and continue navigating
for a little while when it will happen again - sometimes within seconds and
othertimes within minutes.  Sometimes it won't even happen for 30 minutes
and then it suddenly begins to occur again.

Thanks in advance for any ideas or recommendations that I can forward to my
hosting provider on how to fix the problem.

-Ed



SimpleNet's Back !
http://www.simplenet.com

Re: [PHP] PHP Sessions on Windows

[John W. Holmes]

David Mitchell wrote:

I first attempted to edit the php.ini so that the session save path was
C:\Temp. No matter what I did, the save path always showed up in phpinfo()
as /tmp. So I created folder on the root of C: called tmp and everything
worked.
You were not editing the correct php.ini, then.

--
---John Holmes...
Amazon Wishlist: www.amazon.com/o/registry/3BEXC84AB3A5E/

php|architect: The Magazine for PHP Professionals – www.phparch.com

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] PHP Sessions on Windows

[Daniel Clark]

I think you need to restart PHP to pickup the new php.ini changes.

My php.ini is in the windows directory (I believe).

>> -Original Message-
>> From: David Mitchell [mailto:[EMAIL PROTECTED]
>> Sent: 12 May 2004 13:21
>>
>> OK, I managed to get it working.
>>
>> I first attempted to edit the php.ini so that the session
>> save path was C:\Temp. No matter what I did, the save path
>> always showed up in phpinfo() as /tmp. So I created folder on
>> the root of C: called tmp and everything worked.
>
> This still looks like PHP is not looking for the php.ini file where you
> think it is.  I strongly suggest you follow the previous advice to work
> out
> where PHP is actually expecting your php.ini to be, before you have a need
> to change another initialization parameter.
>
> Cheers!
>
> Mike

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] PHP Sessions on Windows

[Ford, Mike [LSS]]

> -Original Message-
> From: David Mitchell [mailto:[EMAIL PROTECTED] 
> Sent: 12 May 2004 13:21
> 
> OK, I managed to get it working. 
> 
> I first attempted to edit the php.ini so that the session 
> save path was C:\Temp. No matter what I did, the save path 
> always showed up in phpinfo() as /tmp. So I created folder on 
> the root of C: called tmp and everything worked.

This still looks like PHP is not looking for the php.ini file where you
think it is.  I strongly suggest you follow the previous advice to work out
where PHP is actually expecting your php.ini to be, before you have a need
to change another initialization parameter.

Cheers!

Mike

-
Mike Ford,  Electronic Information Services Adviser,
Learning Support Services, Learning & Information Services, JG125, James
Graham Building, Leeds Metropolitan University, Beckett Park, LEEDS,  LS6
3QS,  United Kingdom
Email: [EMAIL PROTECTED]
Tel: +44 113 283 2600 extn 4730  Fax:  +44 113 283 3211

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] PHP Sessions on Windows

[David Mitchell]

OK, I managed to get it working. 

I first attempted to edit the php.ini so that the session save path was
C:\Temp. No matter what I did, the save path always showed up in phpinfo()
as /tmp. So I created folder on the root of C: called tmp and everything
worked.

Thanks,

Dave

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] PHP Sessions on Windows

[rich]

> How does one get sessions working on Windows? I have modified my php.ini
> file so that session.save_path = C:\Temp, restarted and Apache.
> Still I get
> this error message:
>
> Warning: session_start(): open(/tmp\sess_26310affee160329c9e50f27663f8971,
> O_RDWR) failed: No such file or directory (2) in
> c:\apache\htdocs\dbmdata\admin\61646d696e.php on line 2
>

check you have edited the correct php.ini -- run  and check
where the ini file is to make sure you changed the correct one...

hth
rich

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP Sessions on Windows

[Daniel Clark]

Sounds right.

Do you have a C:\temp directory?

>>How does one get sessions working on Windows? I have modified my php.ini
>>file so that session.save_path = C:\Temp, restarted and Apache. Still I get
>>this error message:
>>
>>Warning: session_start(): open(/tmp\sess_26310affee160329c9e50f27663f8971,
>>O_RDWR) failed: No such file or directory (2) in
>>c:\apache\htdocs\dbmdata\admin\61646d696e.php on line 2
>>
>>This is the code that is triggering the error. It seems very straightforward
>>to me:
>>
>>session_start();
>>  echo $_SESSION['user'];
>>

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] PHP Sessions - Cookies Not Saving

[electroteque]

 but it will
> save on my Linux box.

As sending cookies is pretty much a generic procedure which is not platform 
dependent it would suggest that your WinXP box is broken (needless to say I'm 
assuming that you have already ensured that your browser is configured to 
accept cookies). Have you tried any other browsers/platforms?

The above snippet means it works on  his linux box which is why i suggested to see if 
the session is storing in /tmp, he could prob have spyware running on his machine, i 
advice check out adaware.

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP Sessions - Cookies Not Saving

[Jason Wong]

On Friday 05 March 2004 13:05, Paul Higgins wrote:
> When I thought about what the compay really told me...it didn't make sense.
> All I know is that that cookie will not save on my WinXP box, but it will
> save on my Linux box.

As sending cookies is pretty much a generic procedure which is not platform 
dependent it would suggest that your WinXP box is broken (needless to say I'm 
assuming that you have already ensured that your browser is configured to 
accept cookies). Have you tried any other browsers/platforms?

-- 
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
--
Search the list archives before you post
http://marc.theaimsgroup.com/?l=php-general
--
/*
All vacations and holidays create problems, except for one's own
-- Murphy's Laws on Work n34
*/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] PHP Sessions - Cookies Not Saving

[Ford, Mike [LSS]]

On 05 March 2004 03:33, Paul Higgins wrote:

> When I do:  print_r($_COOKIE); I get the following:
> Array ( [PHPSESSID] => 11781ce29c68ca7ef563110f37e43f38 )
> 
> Does that mean its setting the Cookie?

Yes.

Cheers!

Mike

-
Mike Ford,  Electronic Information Services Adviser,
Learning Support Services, Learning & Information Services,
JG125, James Graham Building, Leeds Metropolitan University,
Beckett Park, LEEDS,  LS6 3QS,  United Kingdom
Email: [EMAIL PROTECTED]
Tel: +44 113 283 2600 extn 4730  Fax:  +44 113 283 3211 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP Sessions - Cookies Not Saving

[Paul Higgins]

When I thought about what the compay really told me...it didn't make sense.  
All I know is that that cookie will not save on my WinXP box, but it will 
save on my Linux box.

Are there any special headers that I could use?

Paul


From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: Re: [PHP] PHP Sessions - Cookies Not Saving
Date: Fri, 5 Mar 2004 15:24:32 +1100 (EST)
Is it a non default /tmp ? If so it should be in php.ini or u have to set
where it is with an ini_set , hope that helps.
> AAAGGGH!!
>
> I asked my hosting company where they were stored...on the server...I
> am so  mad at myself...all that time wasted.  Thanks for the help
> though...it was  much appreciated!
>
> Paul
>
>
>>From: <[EMAIL PROTECTED]>
>>To: <[EMAIL PROTECTED]>
>>Subject: Re: [PHP] PHP Sessions - Cookies Not Saving
>>Date: Fri, 5 Mar 2004 14:25:53 +1100 (EST)
>>
>>Are the hosts u looking at the same ? Like is it the very same link ?
>>Check on the XP box if you have cookies disabled, u can always check if
>>the session is being stored on the server too, look in /tmp first. Try
>>a  print_r
>>($_COOKIE); aswell.
>>
>>
>> > Hi everyone,
>> >
>> > I'm trying to create a session with PHP.  I'm using the following
>> > code:
>> >
>> > > >session_start( );
>> >
>> >print( session_id( ) );
>> >
>> >print( '');
>> >print( '' );
>> >print( '   > > "http://www.mysite.com/shopping_cart/Test2.php";>Here' );
>> >print( '' );
>> >print( '' );
>> > ?>
>> >
>> > Now, I'm trying to view this site on a WinXP box.  However, the
>> > cookies are  not being saved onto my machine.  I've viewed the site
>> > with Mozilla on a  Linux box, and it works fine.  What could be
>> > wrong?  Any help would be  greatly appreciated.
>> >
>> > I read somewhere that PHP had some issues with writing cookies to an
>> > NTFS  box.  Could that have anything to do with it?
>> >
>> > Thanks,
>> >
>> > Paul
>> >
>> > _
>> > FREE pop-up blocking with the new MSN Toolbar – get it now!
>> > http://clk.atdmt.com/AVE/go/onm00200415ave/direct/01/
>> >
>> > --
>> > PHP General Mailing List (http://www.php.net/)
>> > To unsubscribe, visit: http://www.php.net/unsub.php
>>
>>--
>>PHP General Mailing List (http://www.php.net/)
>>To unsubscribe, visit: http://www.php.net/unsub.php
>>
>
> _
> FREE pop-up blocking with the new MSN Toolbar – get it now!
> http://clk.atdmt.com/AVE/go/onm00200415ave/direct/01/
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
_
Get business advice and resources to improve your work life, from bCentral. 
http://special.msn.com/bcentral/loudclear.armx

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP Sessions - Cookies Not Saving

[daniel]

Ahh is it showing in the url ? Usually it stores as a cookie, or via url, i
think that is also set in php.ini, someone want to ellaborate here ?

> If there is something in $_COOKIE, what does that mean?  That there is
> a  cookie somewhere?  Or is it appending the Session ID to the URL?
>
> Paul
>
>
>>From: <[EMAIL PROTECTED]>
>>To: <[EMAIL PROTECTED]>
>>Subject: Re: [PHP] PHP Sessions - Cookies Not Saving
>>Date: Fri, 5 Mar 2004 15:24:32 +1100 (EST)
>>
>>Is it a non default /tmp ? If so it should be in php.ini or u have to
>>set where it is with an ini_set , hope that helps.
>>
>> > AAAGGGH!!
>> >
>> > I asked my hosting company where they were stored...on the
>> > server...I am so  mad at myself...all that time wasted.  Thanks for
>> > the help though...it was  much appreciated!
>> >
>> > Paul
>> >
>> >
>> >>From: <[EMAIL PROTECTED]>
>> >>To: <[EMAIL PROTECTED]>
>> >>Subject: Re: [PHP] PHP Sessions - Cookies Not Saving
>> >>Date: Fri, 5 Mar 2004 14:25:53 +1100 (EST)
>> >>
>> >>Are the hosts u looking at the same ? Like is it the very same link
>> >>? Check on the XP box if you have cookies disabled, u can always
>> >>check if the session is being stored on the server too, look in /tmp
>> >>first. Try a  print_r
>> >>($_COOKIE); aswell.
>> >>
>> >>
>> >> > Hi everyone,
>> >> >
>> >> > I'm trying to create a session with PHP.  I'm using the following
>> >> > code:
>> >> >
>> >> > > >> >session_start( );
>> >> >
>> >> >print( session_id( ) );
>> >> >
>> >> >print( '');
>> >> >print( '' );
>> >> >print( ' > >> > "http://www.mysite.com/shopping_cart/Test2.php";>Here' );
>> >> >print( '' );
>> >> >print( '' );
>> >> > ?>
>> >> >
>> >> > Now, I'm trying to view this site on a WinXP box.  However, the
>> >> > cookies are  not being saved onto my machine.  I've viewed the
>> >> > site with Mozilla on a  Linux box, and it works fine.  What could
>> >> > be wrong?  Any help would be  greatly appreciated.
>> >> >
>> >> > I read somewhere that PHP had some issues with writing cookies to
>> >> > an NTFS  box.  Could that have anything to do with it?
>> >> >
>> >> > Thanks,
>> >> >
>> >> > Paul
>> >> >
>> >> > _
>> >> > FREE pop-up blocking with the new MSN Toolbar – get it now!
>> >> > http://clk.atdmt.com/AVE/go/onm00200415ave/direct/01/
>> >> >
>> >> > --
>> >> > PHP General Mailing List (http://www.php.net/)
>> >> > To unsubscribe, visit: http://www.php.net/unsub.php
>> >>
>> >>--
>> >>PHP General Mailing List (http://www.php.net/)
>> >>To unsubscribe, visit: http://www.php.net/unsub.php
>> >>
>> >
>> > _
>> > FREE pop-up blocking with the new MSN Toolbar – get it now!
>> > http://clk.atdmt.com/AVE/go/onm00200415ave/direct/01/
>> >
>> > --
>> > PHP General Mailing List (http://www.php.net/)
>> > To unsubscribe, visit: http://www.php.net/unsub.php
>>
>>
>>--
>>PHP General Mailing List (http://www.php.net/)
>>To unsubscribe, visit: http://www.php.net/unsub.php
>>
>
> _
> Get a FREE online computer virus scan from McAfee when you click here.
> http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP Sessions - Cookies Not Saving

[Paul Higgins]

If there is something in $_COOKIE, what does that mean?  That there is a 
cookie somewhere?  Or is it appending the Session ID to the URL?

Paul


From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: Re: [PHP] PHP Sessions - Cookies Not Saving
Date: Fri, 5 Mar 2004 15:24:32 +1100 (EST)
Is it a non default /tmp ? If so it should be in php.ini or u have to set
where it is with an ini_set , hope that helps.
> AAAGGGH!!
>
> I asked my hosting company where they were stored...on the server...I
> am so  mad at myself...all that time wasted.  Thanks for the help
> though...it was  much appreciated!
>
> Paul
>
>
>>From: <[EMAIL PROTECTED]>
>>To: <[EMAIL PROTECTED]>
>>Subject: Re: [PHP] PHP Sessions - Cookies Not Saving
>>Date: Fri, 5 Mar 2004 14:25:53 +1100 (EST)
>>
>>Are the hosts u looking at the same ? Like is it the very same link ?
>>Check on the XP box if you have cookies disabled, u can always check if
>>the session is being stored on the server too, look in /tmp first. Try
>>a  print_r
>>($_COOKIE); aswell.
>>
>>
>> > Hi everyone,
>> >
>> > I'm trying to create a session with PHP.  I'm using the following
>> > code:
>> >
>> > > >session_start( );
>> >
>> >print( session_id( ) );
>> >
>> >print( '');
>> >print( '' );
>> >print( '   > > "http://www.mysite.com/shopping_cart/Test2.php";>Here' );
>> >print( '' );
>> >print( '' );
>> > ?>
>> >
>> > Now, I'm trying to view this site on a WinXP box.  However, the
>> > cookies are  not being saved onto my machine.  I've viewed the site
>> > with Mozilla on a  Linux box, and it works fine.  What could be
>> > wrong?  Any help would be  greatly appreciated.
>> >
>> > I read somewhere that PHP had some issues with writing cookies to an
>> > NTFS  box.  Could that have anything to do with it?
>> >
>> > Thanks,
>> >
>> > Paul
>> >
>> > _
>> > FREE pop-up blocking with the new MSN Toolbar – get it now!
>> > http://clk.atdmt.com/AVE/go/onm00200415ave/direct/01/
>> >
>> > --
>> > PHP General Mailing List (http://www.php.net/)
>> > To unsubscribe, visit: http://www.php.net/unsub.php
>>
>>--
>>PHP General Mailing List (http://www.php.net/)
>>To unsubscribe, visit: http://www.php.net/unsub.php
>>
>
> _
> FREE pop-up blocking with the new MSN Toolbar – get it now!
> http://clk.atdmt.com/AVE/go/onm00200415ave/direct/01/
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
_
Get a FREE online computer virus scan from McAfee when you click here. 
http://clinic.mcafee.com/clinic/ibuy/campaign.asp?cid=3963

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP Sessions - Cookies Not Saving

[daniel]

Is it a non default /tmp ? If so it should be in php.ini or u have to set
where it is with an ini_set , hope that helps.

> AAAGGGH!!
>
> I asked my hosting company where they were stored...on the server...I
> am so  mad at myself...all that time wasted.  Thanks for the help
> though...it was  much appreciated!
>
> Paul
>
>
>>From: <[EMAIL PROTECTED]>
>>To: <[EMAIL PROTECTED]>
>>Subject: Re: [PHP] PHP Sessions - Cookies Not Saving
>>Date: Fri, 5 Mar 2004 14:25:53 +1100 (EST)
>>
>>Are the hosts u looking at the same ? Like is it the very same link ?
>>Check on the XP box if you have cookies disabled, u can always check if
>>the session is being stored on the server too, look in /tmp first. Try
>>a  print_r
>>($_COOKIE); aswell.
>>
>>
>> > Hi everyone,
>> >
>> > I'm trying to create a session with PHP.  I'm using the following
>> > code:
>> >
>> > > >session_start( );
>> >
>> >print( session_id( ) );
>> >
>> >print( '');
>> >print( '' );
>> >print( '> > "http://www.mysite.com/shopping_cart/Test2.php";>Here' );
>> >print( '' );
>> >print( '' );
>> > ?>
>> >
>> > Now, I'm trying to view this site on a WinXP box.  However, the
>> > cookies are  not being saved onto my machine.  I've viewed the site
>> > with Mozilla on a  Linux box, and it works fine.  What could be
>> > wrong?  Any help would be  greatly appreciated.
>> >
>> > I read somewhere that PHP had some issues with writing cookies to an
>> > NTFS  box.  Could that have anything to do with it?
>> >
>> > Thanks,
>> >
>> > Paul
>> >
>> > _
>> > FREE pop-up blocking with the new MSN Toolbar – get it now!
>> > http://clk.atdmt.com/AVE/go/onm00200415ave/direct/01/
>> >
>> > --
>> > PHP General Mailing List (http://www.php.net/)
>> > To unsubscribe, visit: http://www.php.net/unsub.php
>>
>>--
>>PHP General Mailing List (http://www.php.net/)
>>To unsubscribe, visit: http://www.php.net/unsub.php
>>
>
> _
> FREE pop-up blocking with the new MSN Toolbar – get it now!
> http://clk.atdmt.com/AVE/go/onm00200415ave/direct/01/
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP Sessions - Cookies Not Saving

[Paul Higgins]

AAAGGGH!!

I asked my hosting company where they were stored...on the server...I am so 
mad at myself...all that time wasted.  Thanks for the help though...it was 
much appreciated!

Paul


From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: Re: [PHP] PHP Sessions - Cookies Not Saving
Date: Fri, 5 Mar 2004 14:25:53 +1100 (EST)
Are the hosts u looking at the same ? Like is it the very same link ? Check
on the XP box if you have cookies disabled, u can always check if the
session is being stored on the server too, look in /tmp first. Try a 
print_r
($_COOKIE); aswell.

> Hi everyone,
>
> I'm trying to create a session with PHP.  I'm using the following code:
>
> session_start( );
>
>print( session_id( ) );
>
>print( '');
>print( '' );
>print( ' "http://www.mysite.com/shopping_cart/Test2.php";>Here' );
>print( '' );
>print( '' );
> ?>
>
> Now, I'm trying to view this site on a WinXP box.  However, the cookies
> are  not being saved onto my machine.  I've viewed the site with
> Mozilla on a  Linux box, and it works fine.  What could be wrong?  Any
> help would be  greatly appreciated.
>
> I read somewhere that PHP had some issues with writing cookies to an
> NTFS  box.  Could that have anything to do with it?
>
> Thanks,
>
> Paul
>
> _
> FREE pop-up blocking with the new MSN Toolbar – get it now!
> http://clk.atdmt.com/AVE/go/onm00200415ave/direct/01/
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
_
FREE pop-up blocking with the new MSN Toolbar – get it now! 
http://clk.atdmt.com/AVE/go/onm00200415ave/direct/01/

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP Sessions - Cookies Not Saving

[Paul Higgins]

When I do:  print_r($_COOKIE); I get the following:
Array ( [PHPSESSID] => 11781ce29c68ca7ef563110f37e43f38 )
Does that mean its setting the Cookie?  I can't see the cookie on my 
computer.  I don't have cookies disabled because I'm getting cookies from 
other sites.  The privacy setting is set to Medium.

Thanks,

Paul


From: <[EMAIL PROTECTED]>
To: <[EMAIL PROTECTED]>
Subject: Re: [PHP] PHP Sessions - Cookies Not Saving
Date: Fri, 5 Mar 2004 14:25:53 +1100 (EST)
Are the hosts u looking at the same ? Like is it the very same link ? Check
on the XP box if you have cookies disabled, u can always check if the
session is being stored on the server too, look in /tmp first. Try a 
print_r
($_COOKIE); aswell.

> Hi everyone,
>
> I'm trying to create a session with PHP.  I'm using the following code:
>
> session_start( );
>
>print( session_id( ) );
>
>print( '');
>print( '' );
>print( ' "http://www.mysite.com/shopping_cart/Test2.php";>Here' );
>print( '' );
>print( '' );
> ?>
>
> Now, I'm trying to view this site on a WinXP box.  However, the cookies
> are  not being saved onto my machine.  I've viewed the site with
> Mozilla on a  Linux box, and it works fine.  What could be wrong?  Any
> help would be  greatly appreciated.
>
> I read somewhere that PHP had some issues with writing cookies to an
> NTFS  box.  Could that have anything to do with it?
>
> Thanks,
>
> Paul
>
> _
> FREE pop-up blocking with the new MSN Toolbar – get it now!
> http://clk.atdmt.com/AVE/go/onm00200415ave/direct/01/
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php
_
FREE pop-up blocking with the new MSN Toolbar – get it now! 
http://clk.atdmt.com/AVE/go/onm00200415ave/direct/01/

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP Sessions - Cookies Not Saving

[daniel]

Are the hosts u looking at the same ? Like is it the very same link ? Check
on the XP box if you have cookies disabled, u can always check if the
session is being stored on the server too, look in /tmp first. Try a print_r
($_COOKIE); aswell.


> Hi everyone,
>
> I'm trying to create a session with PHP.  I'm using the following code:
>
> session_start( );
>
>print( session_id( ) );
>
>print( '');
>print( '' );
>print( '"http://www.mysite.com/shopping_cart/Test2.php";>Here' );
>print( '' );
>print( '' );
> ?>
>
> Now, I'm trying to view this site on a WinXP box.  However, the cookies
> are  not being saved onto my machine.  I've viewed the site with
> Mozilla on a  Linux box, and it works fine.  What could be wrong?  Any
> help would be  greatly appreciated.
>
> I read somewhere that PHP had some issues with writing cookies to an
> NTFS  box.  Could that have anything to do with it?
>
> Thanks,
>
> Paul
>
> _
> FREE pop-up blocking with the new MSN Toolbar – get it now!
> http://clk.atdmt.com/AVE/go/onm00200415ave/direct/01/
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP Sessions

[Tom Rogers]

Hi,

Monday, March 1, 2004, 3:04:13 AM, you wrote:
PH> Hello everyone,

PH> I'm beginning to experiment with PHP sessions.  I was wondering if it is
PH> possible to place objects into the session?

PH> Thanks,

PH> Paul

PH> _
PH> Take off on a romantic weekend or a family adventure to these great U.S.
PH> locations. http://special.msn.com/local/hotdestinations.armx


You can, but you must make sure that the object is declared on the
next page before you do session_start();

-- 
regards,
Tom

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] php sessions

[Pablo Gosse]

On Tuesday, October 28, 2003 2:13 PM CPT John W. Holmes wrote:

> It may depend upon how you open the second window, too. Control-N may
use
> the same cookies whereas starting a whole new instance may not.

This is the case with IE.  If I'm in my CMS and ctrl-N to get a new
window, I can operate under both windows using the same session.  If I
open a new instance of IE and go to a page in the CMS beyond the login
screen, it boots me back to the login screen.

Cheers,
Pablo

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] php sessions

[CPT John W. Holmes]

From: "Chris Shiflett" <[EMAIL PROTECTED]>
> > But I was talking about cookies anyway. Which is where different
> > browsers have different behaviors. In IE, by default, it will not
> > pass a cookie from a new browser window.
>
> This is very interesting. I might try to research this a bit more and see
what
> the motivation was for doing this. From a user perspective, it seems very
> counterintuitive. Thanks for the info.

It may depend upon how you open the second window, too. Control-N may use
the same cookies whereas starting a whole new instance may not.

---John Holmes...

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] php sessions

[Chris Shiflett]

--- Rob Adams <[EMAIL PROTECTED]> wrote:
> That doesn't seem to be what he's saying.
> 
> "because of the different session IDs."
> 
> It seems to me a better example of what he is saying would be:
> http://example.org/foo.php?PHPSESSID=12345
> vs.
> http://example.org/foo.php?PHPSESSID=67890

Perhaps I should have elaborated a bit more.

Browser instance A:
1. Request http://example.org/foo.php
2. PHP assigns PHPSESSID of 12345
3. Returned page has a link for http://example.org/bar.php?PHPSESSID=12345
4. Request http://example.org/bar.php?PHPSESSID=12345

Browser instance B:
1. Request http://example.org/foo.php
2. PHP assigns PHPSESSID of 67890
3. Returned page has a link for http://example.org/bar.php?PHPSESSID=67890
4. Request http://example.org/bar.php?PHPSESSID=67890

Because A4 and B4 are different requests, they get different responses. So, in
a way, the server is able to distinguish between the two instances, but only
because of that. If instance A sends the request in B4, it will get the same
response as instance B would have.

That wasn't a great explanation, but maybe it is at least better than my last
attempt.

> But I was talking about cookies anyway. Which is where different
> browsers have different behaviors. In IE, by default, it will not
> pass a cookie from a new browser window.

This is very interesting. I might try to research this a bit more and see what
the motivation was for doing this. From a user perspective, it seems very
counterintuitive. Thanks for the info.

Chris

=
My Blog
 http://shiflett.org/
HTTP Developer's Handbook
 http://httphandbook.org/
RAMP Training Courses
 http://www.nyphp.org/ramp

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] php sessions

[Rob Adams]

"Chris Shiflett" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> --- "CPT John W. Holmes" <[EMAIL PROTECTED]> wrote:
> > If you are not relying on a cookie based session, then this will
> > work. Each login could be assigned a different session ID, so the
> > requests for each browser will be different because of the different
> > session IDs.
>
> What John is explaining here is that the URLs could be different if that
is how
> the session ID is propogated, thus making the requests different (they're
for
> different URLs). So, if you click a link from:

That doesn't seem to be what he's saying.

"because of the different session IDs."

 It seems to me a better example of what he is saying would be:
http://example.org/foo.php?PHPSESSID=12345
vs.
http://example.org/foo.php?PHPSESSID=67890

But I was talking about cookies anyway.  Which is where different browsers
have different behaviors.  In IE, by default, it will not pass a cookie from
a new browser window.  In Mozilla, by default, a new window keeps all the
cookies currently set.  I've mostly used IE, so I've always thought that it
never passed cookies from a new browser window.  Apparently, it just depends
on which browser you're using and how it is setup.

  -- Rob




>
> http://example.org/foo.php?PHPSESSID=12345
>
> it could be for:
>
> http://example.org/bar.php?PHPSESSID=12345
>
> Hope that helps.
>
> Chris
>
> =
> My Blog
>  http://shiflett.org/
> HTTP Developer's Handbook
>  http://httphandbook.org/
> RAMP Training Courses
>  http://www.nyphp.org/ramp

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] php sessions

[Chris Shiflett]

--- "CPT John W. Holmes" <[EMAIL PROTECTED]> wrote:
> If you are not relying on a cookie based session, then this will
> work. Each login could be assigned a different session ID, so the
> requests for each browser will be different because of the different
> session IDs.

What John is explaining here is that the URLs could be different if that is how
the session ID is propogated, thus making the requests different (they're for
different URLs). So, if you click a link from:

http://example.org/foo.php?PHPSESSID=12345

it could be for:

http://example.org/bar.php?PHPSESSID=12345

Hope that helps.

Chris

=
My Blog
 http://shiflett.org/
HTTP Developer's Handbook
 http://httphandbook.org/
RAMP Training Courses
 http://www.nyphp.org/ramp

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] php sessions

[Rob Adams]

Another test:

I just downloaded and installed Mozilla (1.5).  I logged into my site,
opened another window, and was logged in there also.  I logged out of the
second window, hit a "Home" link on the first window, and got a login
screen.  This is new behavior for a browser for me, but now I understand how
it works.  Thanks for the discussion.

  -- Rob



"Rob Adams" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
>
> "Curt Zirzow" <[EMAIL PROTECTED]> wrote in message
> news:[EMAIL PROTECTED]
> > * Thus wrote Rob Adams ([EMAIL PROTECTED]):
> > > I will test it, because it seems I don't understand this issue as much
> as I
> > > could.  But I can already tell you results I see right now:
> > >
> > > I open a web browser (IE) and login to my application.  I open another
> > > window (IE) and goto the web application, and it asks me to login.
This
> is
> > > all on the same computer.  (As I've explained all this before.)  Now,
> > > perhaps I don't know what I'm talking about, and this is a different
> issue.
> > > If so, I'm pretty sure you'll certainly try to set me straight.  If
not,
> > > then it certainly seems relevant to the discussion, and that my one
> client
> > > (IE) is sending two different requests from two different windows on
the
> > > same computer.
> >
> > This is entirely up to the client, deciding to send a cookie or not
> > when opening a new browser window.  You can even turn the behaviour,
> > you describe, off in IE.
> >
> > The problem is the php script doesn't know that the browser you
> > opened (that give you back the login screen) is even related to the
> > other browser window.  All the php script knows is that you simply
> > don't have a cookie.
>
> That has been my point all along.  Perhaps I misunderstood you:
>
> "there is no way for a remote Web server to distinguish between two
> instances of the
> same browser running on the client machine."
> vs.
> "The problem is the php script doesn't know that the browser you
>  opened (that give you back the login screen) is even related to the
>  other browser window."
>
> Aren't these almost exactly opposite statements?
> Isn't the web server distinguishing between the two instances?   Using the
> cookie?
>
>   -- Rob
>
>
>
>
> >
> >
> > Curt
> > -- 
> > "My PHP key is worn out"
> >
> >   PHP List stats since 1997:
> > http://zirzow.dyndns.org/html/mlists/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] php sessions

[Rob Adams]

"Curt Zirzow" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> * Thus wrote Rob Adams ([EMAIL PROTECTED]):
> > I will test it, because it seems I don't understand this issue as much
as I
> > could.  But I can already tell you results I see right now:
> >
> > I open a web browser (IE) and login to my application.  I open another
> > window (IE) and goto the web application, and it asks me to login.  This
is
> > all on the same computer.  (As I've explained all this before.)  Now,
> > perhaps I don't know what I'm talking about, and this is a different
issue.
> > If so, I'm pretty sure you'll certainly try to set me straight.  If not,
> > then it certainly seems relevant to the discussion, and that my one
client
> > (IE) is sending two different requests from two different windows on the
> > same computer.
>
> This is entirely up to the client, deciding to send a cookie or not
> when opening a new browser window.  You can even turn the behaviour,
> you describe, off in IE.
>
> The problem is the php script doesn't know that the browser you
> opened (that give you back the login screen) is even related to the
> other browser window.  All the php script knows is that you simply
> don't have a cookie.

That has been my point all along.  Perhaps I misunderstood you:

"there is no way for a remote Web server to distinguish between two
instances of the
same browser running on the client machine."
vs.
"The problem is the php script doesn't know that the browser you
 opened (that give you back the login screen) is even related to the
 other browser window."

Aren't these almost exactly opposite statements?
Isn't the web server distinguishing between the two instances?   Using the
cookie?

  -- Rob




>
>
> Curt
> -- 
> "My PHP key is worn out"
>
>   PHP List stats since 1997:
> http://zirzow.dyndns.org/html/mlists/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] php sessions

[Curt Zirzow]

* Thus wrote Rob Adams ([EMAIL PROTECTED]):
> I will test it, because it seems I don't understand this issue as much as I
> could.  But I can already tell you results I see right now:
> 
> I open a web browser (IE) and login to my application.  I open another
> window (IE) and goto the web application, and it asks me to login.  This is
> all on the same computer.  (As I've explained all this before.)  Now,
> perhaps I don't know what I'm talking about, and this is a different issue.
> If so, I'm pretty sure you'll certainly try to set me straight.  If not,
> then it certainly seems relevant to the discussion, and that my one client
> (IE) is sending two different requests from two different windows on the
> same computer.

This is entirely up to the client, deciding to send a cookie or not
when opening a new browser window.  You can even turn the behaviour,
you describe, off in IE.

The problem is the php script doesn't know that the browser you
opened (that give you back the login screen) is even related to the
other browser window.  All the php script knows is that you simply
don't have a cookie.


Curt
-- 
"My PHP key is worn out"

  PHP List stats since 1997: 
http://zirzow.dyndns.org/html/mlists/

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] php sessions

[Rob Adams]

So you're saying if the session ID is passed in on the URL it will work.
But I'm using cookies.  The only thing that gets passed on the URL is a
pagename.  Perhaps there is something funky about my setup, but it has
always worked this way for me.

  -- Rob


"Cpt John W. Holmes" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> From: "Chris Shiflett" <[EMAIL PROTECTED]>
>
>
> > --- Rob Adams <[EMAIL PROTECTED]> wrote:
> > > Test it yourself.
> >
> > With all due respect, it seems you should be doing the testing.
> >
> > > Login to a PHP app using a standard browser and session cookies
> > > and see for yourself. I understand the philosophy of the web
> > > server only seeing what the client sends it, but it looks like my
> > > client (IE6, right here) does send different requests per instance.
> >
> > Then show us these requests and point out how they are different.
> Otherwise, I
> > have to assume you have no idea what you're talking about.
>
> If you are not relying on a cookie based session, then this will work.
Each
> login could be assigned a different session ID, so the requests for each
> browser will be different because of the different session IDs.
>
> ---John Holmes...

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] php sessions

[Pablo Gosse]

Hi Rob.  That seems perfectly logical.  I've written a Content
Management System which (when it's finished in a couple of months ;o)
run the website at the university where I work.

I can presently open an instance of the CMS in IE, login as admin, then
open a new window and request another instance of the CMS, and login as
a less-privelidged user.

I can then use these two separate instances and work as two individual
users in the CMS at the same time.

Cheers,
Pablo

-Original Message-
From: Rob Adams [mailto:[EMAIL PROTECTED] 
Sent: Tuesday, October 28, 2003 11:56 AM
To: [EMAIL PROTECTED]
Subject: Re: [PHP] php sessions

I will test it, because it seems I don't understand this issue as much
as I
could.  But I can already tell you results I see right now:

I open a web browser (IE) and login to my application.  I open another
window (IE) and goto the web application, and it asks me to login.  This
is
all on the same computer.  (As I've explained all this before.)  Now,
perhaps I don't know what I'm talking about, and this is a different
issue.
If so, I'm pretty sure you'll certainly try to set me straight.  If not,
then it certainly seems relevant to the discussion, and that my one
client
(IE) is sending two different requests from two different windows on the
same computer.

  -- Rob


"Chris Shiflett" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> --- Rob Adams <[EMAIL PROTECTED]> wrote:
> > Test it yourself.
>
> With all due respect, it seems you should be doing the testing.
>
> > Login to a PHP app using a standard browser and session cookies
> > and see for yourself. I understand the philosophy of the web
> > server only seeing what the client sends it, but it looks like my
> > client (IE6, right here) does send different requests per instance.
>
> Then show us these requests and point out how they are different.
Otherwise, I
> have to assume you have no idea what you're talking about.
>
> Chris
>
> =
> My Blog
>  http://shiflett.org/
> HTTP Developer's Handbook
>  http://httphandbook.org/
> RAMP Training Courses
>  http://www.nyphp.org/ramp

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] php sessions

[CPT John W. Holmes]

From: "Chris Shiflett" <[EMAIL PROTECTED]>


> --- Rob Adams <[EMAIL PROTECTED]> wrote:
> > Test it yourself.
>
> With all due respect, it seems you should be doing the testing.
>
> > Login to a PHP app using a standard browser and session cookies
> > and see for yourself. I understand the philosophy of the web
> > server only seeing what the client sends it, but it looks like my
> > client (IE6, right here) does send different requests per instance.
>
> Then show us these requests and point out how they are different.
Otherwise, I
> have to assume you have no idea what you're talking about.

If you are not relying on a cookie based session, then this will work. Each
login could be assigned a different session ID, so the requests for each
browser will be different because of the different session IDs.

---John Holmes...

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] php sessions

[Rob Adams]

I will test it, because it seems I don't understand this issue as much as I
could.  But I can already tell you results I see right now:

I open a web browser (IE) and login to my application.  I open another
window (IE) and goto the web application, and it asks me to login.  This is
all on the same computer.  (As I've explained all this before.)  Now,
perhaps I don't know what I'm talking about, and this is a different issue.
If so, I'm pretty sure you'll certainly try to set me straight.  If not,
then it certainly seems relevant to the discussion, and that my one client
(IE) is sending two different requests from two different windows on the
same computer.

  -- Rob


"Chris Shiflett" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> --- Rob Adams <[EMAIL PROTECTED]> wrote:
> > Test it yourself.
>
> With all due respect, it seems you should be doing the testing.
>
> > Login to a PHP app using a standard browser and session cookies
> > and see for yourself. I understand the philosophy of the web
> > server only seeing what the client sends it, but it looks like my
> > client (IE6, right here) does send different requests per instance.
>
> Then show us these requests and point out how they are different.
Otherwise, I
> have to assume you have no idea what you're talking about.
>
> Chris
>
> =
> My Blog
>  http://shiflett.org/
> HTTP Developer's Handbook
>  http://httphandbook.org/
> RAMP Training Courses
>  http://www.nyphp.org/ramp

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] php sessions

[Chris Shiflett]

--- Rob Adams <[EMAIL PROTECTED]> wrote:
> Test it yourself.

With all due respect, it seems you should be doing the testing.

> Login to a PHP app using a standard browser and session cookies
> and see for yourself. I understand the philosophy of the web
> server only seeing what the client sends it, but it looks like my
> client (IE6, right here) does send different requests per instance.

Then show us these requests and point out how they are different. Otherwise, I
have to assume you have no idea what you're talking about.

Chris

=
My Blog
 http://shiflett.org/
HTTP Developer's Handbook
 http://httphandbook.org/
RAMP Training Courses
 http://www.nyphp.org/ramp

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] php sessions

[Rob Adams]

"Chris Shiflett" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> --- Rob Adams <[EMAIL PROTECTED]> wrote:
> > > I'm not sure if this fits your definition of "new browser
> > > instance", but there is no way for a remote Web server to
> > > distinguish between two instances of the same browser running
> > > on the client machine.
> >
> > That can't be true.
>
> It can, and it is.
>
> The only way a Web server could distinguish between them is if the
browsers

So there is a way, and it's not true.

Test it yourself.  Login to a PHP app using a standard browser and session
cookies and see for yourself.  I understand the philosophy of the web server
only seeing what the client sends it, but it looks like my client (IE6,
right here) does send different requests per instance.  It's not just 'in
theory.'


> sent something unique per instance within the HTTP request. So, you could
write
> a browser that does this in theory, but that doesn't really do you much
good
> unless you can convince your users to use it.
>
> It would be very unusual behavior, so I doubt anyone would want this.
>
> Chris
>
> =
> My Blog
>  http://shiflett.org/
> HTTP Developer's Handbook
>  http://httphandbook.org/
> RAMP Training Courses
>  http://www.nyphp.org/ramp

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] php sessions

[Chris Shiflett]

--- Rob Adams <[EMAIL PROTECTED]> wrote:
> > I'm not sure if this fits your definition of "new browser
> > instance", but there is no way for a remote Web server to
> > distinguish between two instances of the same browser running
> > on the client machine.
> 
> That can't be true.

It can, and it is.

The only way a Web server could distinguish between them is if the browsers
sent something unique per instance within the HTTP request. So, you could write
a browser that does this in theory, but that doesn't really do you much good
unless you can convince your users to use it.

It would be very unusual behavior, so I doubt anyone would want this.

Chris

=
My Blog
 http://shiflett.org/
HTTP Developer's Handbook
 http://httphandbook.org/
RAMP Training Courses
 http://www.nyphp.org/ramp

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] php sessions

[Rob Adams]

"Chris Shiflett" <[EMAIL PROTECTED]> wrote in message
news:[EMAIL PROTECTED]
> --- "S.P.Vimala" <[EMAIL PROTECTED]> wrote:
> > How to create a unique session for every new browser instance?
>
> I'm not sure if this fits your definition of "new browser instance", but
there
> is no way for a remote Web server to distinguish between two instances of
the
> same browser running on the client machine.


That can't be true.  I don't claim to understand exactly how it works, but
here is what happens for me.  I have an application that I log into.  Once
I'm logged in, if I open the URL in another browser window, it just gives me
the login page.  My guess is that the first browser window is passing a
cookie identifying the session that the second one doesn't know about.  In
your case, when you're not using cookies, the session ID must be passed on
the URL.  I don't know much about using trans_sid, so i can't help you
further.

  -- Rob




>
> Maybe that explains something?
>
> Chris
>
> =
> My Blog
>  http://shiflett.org/
> HTTP Developer's Handbook
>  http://httphandbook.org/
> RAMP Training Courses
>  http://www.nyphp.org/ramp

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] php sessions

[Chris Shiflett]

--- "S.P.Vimala" <[EMAIL PROTECTED]> wrote:
> How to create a unique session for every new browser instance?

I'm not sure if this fits your definition of "new browser instance", but there
is no way for a remote Web server to distinguish between two instances of the
same browser running on the client machine.

Maybe that explains something?

Chris

=
My Blog
 http://shiflett.org/
HTTP Developer's Handbook
 http://httphandbook.org/
RAMP Training Courses
 http://www.nyphp.org/ramp

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP Sessions Not Saving

[Jonathan Wright]

At around Tue, Feb 04, 2003 at 02:06:35PM +0800, Jason Wong constructed the following 
notation:
> > >
> > > Recompile, why?  How about a link?
> > >
> > > ln -s /sbin/sendmail /usr/sbin/sendmail
> >
> > During the ./configure part of the installation, PHP checks for
> > sendmail, but only in /sbin/sendmail. If it doesn't find it, the
> > function mail() isn't complied in.
> >
> > I just get 'call to undefined function mail()' in x/y.php on z.
> 
> But according to the manual configure should check both locations?

I can't remember where i saw it (i think it was on a mailing list), but
someone said it'll only check /sbin/sendmail, which seams to be the
case. sendmail.path is set to '/usr/sbin/sendmail' in php.ini, but that
doesn't has an effect.

well, either way it hasn't been compiled in so a recompile will be
needed. it's only a 10 minute job anyway. 

-- 
jonathan wright  [EMAIL PROTECTED] | www.djnauk.co.uk
--
life has no meaning unless we can enjoy what we've been given

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: Re: [PHP] PHP Sessions Not Saving

[nick]

This is a system automated E-Mail reply.

If you email is a request for support then please visit the below URL and lodge 
your support request.
If you cannot access the below URL, then please email [EMAIL PROTECTED] for prompt 
support.
http://www.wildcomm.net/support.php

If this is not a support related E-Mail then disregard this E-Mail.

Regards.
Support Response
Wildthing Communications 
Mob: 0421 556847
PO Box 1841
SUNSHINE PLAZA
Maroochydore
QLD 4558
http://www.wildcomm.net
ICQ# 64851373





-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP Sessions Not Saving

[Jason Wong]

On Tuesday 04 February 2003 06:30, Jonathan Wright wrote:
> At around Mon, Feb 03, 2003 at 04:20:03PM -0600, Greg Donald constructed the 
following notation:
> > On Mon, 3 Feb 2003, Jonathan Wright wrote:
> > >Aside from this, PHP's running like a dream. I haven't had a single
> > >problem (other than mail() not working, but I found that's because I use
> > >/usr/sbin/sendmail, not /sbin/sendmail, so I'll just need to recompile).
> >
> > Recompile, why?  How about a link?
> >
> > ln -s /sbin/sendmail /usr/sbin/sendmail
>
> During the ./configure part of the installation, PHP checks for
> sendmail, but only in /sbin/sendmail. If it doesn't find it, the
> function mail() isn't complied in.
>
> I just get 'call to undefined function mail()' in x/y.php on z.

But according to the manual configure should check both locations?

-- 
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *
--
Search the list archives before you post
http://marc.theaimsgroup.com/?l=php-general
--
/*
Romeo wasn't bilked in a day.
-- Walt Kelly, "Ten Ever-Lovin' Blue-Eyed Years With Pogo"
*/


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP Sessions Not Saving

[Greg Donald]

> During the ./configure part of the installation, PHP checks for
> sendmail, but only in /sbin/sendmail. If it doesn't find it, the
> function mail() isn't complied in.
> 
> I just get 'call to undefined function mail()' in x/y.php on z.

Ok, make your link this way then:

ln -s /usr/sbin/sendmail /sbin/sendmail 

--
Greg Donald



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP Sessions Not Saving

[Jonathan Wright]

At around Mon, Feb 03, 2003 at 04:20:03PM -0600, Greg Donald constructed the following 
notation:
> On Mon, 3 Feb 2003, Jonathan Wright wrote:
> 
> >Aside from this, PHP's running like a dream. I haven't had a single
> >problem (other than mail() not working, but I found that's because I use
> >/usr/sbin/sendmail, not /sbin/sendmail, so I'll just need to recompile).
> 
> Recompile, why?  How about a link?
> 
> ln -s /sbin/sendmail /usr/sbin/sendmail

During the ./configure part of the installation, PHP checks for
sendmail, but only in /sbin/sendmail. If it doesn't find it, the
function mail() isn't complied in.

I just get 'call to undefined function mail()' in x/y.php on z.

-- 
jonathan wright  [EMAIL PROTECTED] | www.djnauk.co.uk
--
life has no meaning unless we can enjoy what we've been given

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP Sessions Not Saving

[Greg Donald]

On Mon, 3 Feb 2003, Jonathan Wright wrote:

>Aside from this, PHP's running like a dream. I haven't had a single
>problem (other than mail() not working, but I found that's because I use
>/usr/sbin/sendmail, not /sbin/sendmail, so I'll just need to recompile).

Recompile, why?  How about a link?

ln -s /sbin/sendmail /usr/sbin/sendmail


-- 
Greg Donald
http://destiney.com


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP Sessions Not Saving

[Jonathan Wright]

At around Mon, Feb 03, 2003 at 10:42:47AM -0800, Chris Shiflett constructed the 
following notation:
> --- Jonathan Wright <[EMAIL PROTECTED]> wrote:
> > i'm having problems with sessions. I've set up the server
> > (httpd-2.0.44) with php (4.3.0) and switched on sessions.
> 
> I would recommend not using Apache 2 with PHP right now.
> Stick with the latest stable 1.3.x version.
> 
> Chris

Aside from this, PHP's running like a dream. I haven't had a single
problem (other than mail() not working, but I found that's because I use
/usr/sbin/sendmail, not /sbin/sendmail, so I'll just need to recompile).

Although it's running under httpd, surley the fact that PHP's not
writing to the files on the drive (only 'touch'ing them so to speak) is
more of a PHP problem than an Apache problem?

Thanks,

-- 
jonathan wright  [EMAIL PROTECTED] | www.djnauk.co.uk
--
life has no meaning unless we can enjoy what we've been given

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP Sessions Not Saving

[Chris Shiflett]

--- Jonathan Wright <[EMAIL PROTECTED]> wrote:
> i'm having problems with sessions. I've set up the server
> (httpd-2.0.44) with php (4.3.0) and switched on sessions.

I would recommend not using Apache 2 with PHP right now.
Stick with the latest stable 1.3.x version.

Chris

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP & Sessions generates Segment Faults

[Justin French]

I can say with near certainty that there is a problem with the session
handler you've chosen, for you to be getting these segfaults.  As I pointed
out, and as you've stated, if the sessions work fine with the 'files'
handler type, then the issue must be with the alternate handler.

So, if you wrote it yourself, perhaps it's got a bug.
If it's a library script, perhaps it has a bug, or has a FAQ, or some
support.

There's also the option that there's a bug with PHP in this/these version(s)
which is causing the problems.

Is there a reason why you can't just use 'files'???


Justin French



on 23/01/03 3:17 AM, Blaster ([EMAIL PROTECTED]) wrote:

> Hey, I'm back =)
> 
> I was unable to get it to run, I've setup the most basic session handler i
> could think of, a simple counter,
> if any of you could test it, I'd be very thankful, the URL is
> http://fatboy.blaster.nu/~blaster/sess_test/
> 
> Now, it does not "cut" the content, not sure why it doesn't do that, but
> I'm pretty sure it generates segment faults,
> cause at several occations when you click Destroy Session and then return,
> it will display "Cannot find server" in
> MSIE, and I've checked with my sniffer, Apache simply closes the TCP
> connection as soon as my request is sent
> which probably means the child handling my request segment faulted.
> 
> Still, if ANYONE has ANYTHING on Segment faults with PHP session, I'd like
> to hear about it, I'm willing to try pretty
> much anything!
> 
> I've already tried several different DB libs and Session handler libs, I'm
> aware of the "MM" lib which many have had
> problems with before, I don't use that.
> 
> One thing that really bugs me though, is that if I don't touch the
> "session.save_handler" option and leave it to "files",
> EVERYTHING works just great! This kinda makes me think all the DB libs I
> have tried is invalid, but that cannot possible
> be the case, I've even tried PEAR sessionlib, which is coded by a team
> supported by the PHP group (?). Is it possible
> that the way PHP handles the "files" session and "user" sessions is
> different? Like, they patched one of the methods but
> forgot to fix the "user" mode? :)
> 
> Also, while searching google, I came across a very interesting URL,
> http://www.phpbuilder.com/mail/php-developer-list/21/0600.php
> 
> However, the BUG description ID to http://bugs.php.net/ seems to be
> invalid, it only takes me to the frontpage, and
> searching for it gives me nothing, is this bug fixed? If so, in what version?
> 
> Thanks for your time, again, anything related to PHP session and possible
> segment faults is MUCH appreciated!
> 
> At 21:15 2003-01-21 +1100, you wrote:
>> I don't really have an answer... try to get the REALLY basic session example
>> from the manual to work... this will ruke out your save handler and all
>> sorts of other stuff, if you're still getting the errors with basic code and
>> default handlers.
>> 
>> Justin
>> 
>> 
>> on 21/01/03 9:01 PM, Blaster ([EMAIL PROTECTED]) wrote:
>> 
>>> Okay, I'm not using "mm" as my session handler, in PHP.ini, I still have
>>> "files",
>>> but in my script, I temporariliy modify this with
>>> 
>>> if (!ini_set("session.save_handler", "user"))
>>> echo("Unable to switch to Session User mode.");
>>> 
>>> if (!session_set_save_handler("db_session_open", "db_session_close",
>>> "db_session_read", "db_session_write", "db_session_destroy",
>>> "db_session_garbage"))
>>> echo("Unable to init custom session handlers!");
>>> 
>>> These are my own handlers, working with MySQL.
>>> 
>>> I have however also tried setting it to user and only doing the
>>> "session_set_save_handler()" part, but gives me random segment faults
>>> either way. The strange part
>>> is that it doesn't always crash, i can view the same page 10 times, and it
>>> only segment faults on one of the views,.. how is this possible?
>>> 
>>> Please advice =)
>>> 
>>> At 12:51 2003-01-21 +1100, you wrote:
 Hi,
 
 I had this problem a few weeks back.  The host changed the sessions from
 'mm' to 'files' in php.ini and restarted, and all was ok...
 
 not sure of the reasons behind the faults, but I had this EXACT problem
 (with standard session stuff).
 
 
 Justin
 
 
 on 21/01/03 2:29 AM, Blaster ([EMAIL PROTECTED]) wrote:
 
> Hi
> 
> OS: Debian Linux (Woody), kernel 2.2.20
> PHP: v4.1.2
> 
> I'm having some troubles with my sessions, when the page is sent to the
> visitor, it sometimes stops after ½ the page or so. 90% of the times, it
> works perfectly
> to visit the page, so this appears to be totally random. However, I have
> reason to believe it has something to do with my sessions, I have
>> written a
> custom session
> lib which works with MySQL, and then set it up with
 session_set_save_handler()
> 
> Now, I checked the error logs of my Apache HTTP, and it's filled with
> [Mon Jan 20 15:20:54 2003] [notice] chi

Re: [PHP] PHP & Sessions generates Segment Faults

[Blaster]

Hey, I'm back =)

I was unable to get it to run, I've setup the most basic session handler i 
could think of, a simple counter,
if any of you could test it, I'd be very thankful, the URL is 
http://fatboy.blaster.nu/~blaster/sess_test/

Now, it does not "cut" the content, not sure why it doesn't do that, but 
I'm pretty sure it generates segment faults,
cause at several occations when you click Destroy Session and then return, 
it will display "Cannot find server" in
MSIE, and I've checked with my sniffer, Apache simply closes the TCP 
connection as soon as my request is sent
which probably means the child handling my request segment faulted.

Still, if ANYONE has ANYTHING on Segment faults with PHP session, I'd like 
to hear about it, I'm willing to try pretty
much anything!

I've already tried several different DB libs and Session handler libs, I'm 
aware of the "MM" lib which many have had
problems with before, I don't use that.

One thing that really bugs me though, is that if I don't touch the 
"session.save_handler" option and leave it to "files",
EVERYTHING works just great! This kinda makes me think all the DB libs I 
have tried is invalid, but that cannot possible
be the case, I've even tried PEAR sessionlib, which is coded by a team 
supported by the PHP group (?). Is it possible
that the way PHP handles the "files" session and "user" sessions is 
different? Like, they patched one of the methods but
forgot to fix the "user" mode? :)

Also, while searching google, I came across a very interesting URL,
http://www.phpbuilder.com/mail/php-developer-list/21/0600.php

However, the BUG description ID to http://bugs.php.net/ seems to be 
invalid, it only takes me to the frontpage, and
searching for it gives me nothing, is this bug fixed? If so, in what version?

Thanks for your time, again, anything related to PHP session and possible 
segment faults is MUCH appreciated!

At 21:15 2003-01-21 +1100, you wrote:
I don't really have an answer... try to get the REALLY basic session example
from the manual to work... this will ruke out your save handler and all
sorts of other stuff, if you're still getting the errors with basic code and
default handlers.

Justin


on 21/01/03 9:01 PM, Blaster ([EMAIL PROTECTED]) wrote:

> Okay, I'm not using "mm" as my session handler, in PHP.ini, I still have
> "files",
> but in my script, I temporariliy modify this with
>
> if (!ini_set("session.save_handler", "user"))
> echo("Unable to switch to Session User mode.");
>
> if (!session_set_save_handler("db_session_open", "db_session_close",
> "db_session_read", "db_session_write", "db_session_destroy",
> "db_session_garbage"))
> echo("Unable to init custom session handlers!");
>
> These are my own handlers, working with MySQL.
>
> I have however also tried setting it to user and only doing the
> "session_set_save_handler()" part, but gives me random segment faults
> either way. The strange part
> is that it doesn't always crash, i can view the same page 10 times, and it
> only segment faults on one of the views,.. how is this possible?
>
> Please advice =)
>
> At 12:51 2003-01-21 +1100, you wrote:
>> Hi,
>>
>> I had this problem a few weeks back.  The host changed the sessions from
>> 'mm' to 'files' in php.ini and restarted, and all was ok...
>>
>> not sure of the reasons behind the faults, but I had this EXACT problem
>> (with standard session stuff).
>>
>>
>> Justin
>>
>>
>> on 21/01/03 2:29 AM, Blaster ([EMAIL PROTECTED]) wrote:
>>
>>> Hi
>>>
>>> OS: Debian Linux (Woody), kernel 2.2.20
>>> PHP: v4.1.2
>>>
>>> I'm having some troubles with my sessions, when the page is sent to the
>>> visitor, it sometimes stops after ½ the page or so. 90% of the times, it
>>> works perfectly
>>> to visit the page, so this appears to be totally random. However, I have
>>> reason to believe it has something to do with my sessions, I have 
written a
>>> custom session
>>> lib which works with MySQL, and then set it up with
>> session_set_save_handler()
>>>
>>> Now, I checked the error logs of my Apache HTTP, and it's filled with
>>> [Mon Jan 20 15:20:54 2003] [notice] child pid 19500 exit signal
>>> Segmentation fault (11)
>>> [Mon Jan 20 15:20:54 2003] [notice] child pid 19399 exit signal
>>> Segmentation fault (11)
>>> FATAL:  emalloc():  Unable to allocate -916562933 bytes
>>> [Mon Jan 20 15:21:02 2003] [notice] child pid 19499 exit signal
>>> Segmentation fault (11)
>>> [Mon Jan 20 15:21:20 2003] [notice] child pid 19401 exit signal
>>> Segmentation fault (11)
>>> [Mon Jan 20 15:21:32 2003] [notice] child pid 19514 exit signal
>>> Segmentation fault (11)
>>> [Mon Jan 20 15:21:35 2003] [notice] child pid 19403 exit signal
>>> Segmentation fault (11)
>>>
>>> The reason to why I'm sure it's PHP is the "emalloc()" line, which 
I'm told
>>> only can be generated by PHP. Now, I'm wondering if this is a know 
bug, or
>>> am I doing
>>> something wrong?
>>>
>>> In short:
>>> The content stream (HTML stream) is interrupted, probably because o

Re: [PHP] PHP Sessions

[Tim Thorburn]

Ok, here's what I've found:

register_globals is ON
however
register_argc_argv is OFF on the server with problems.

The server is a Sun Cobalt server running some form of Linux.

My local machine that I work on is WinXP Pro using PHP 4.3.0, on this 
machine I've got register_globals set to ON and register_argc_argv ON as 
well ... I'm not entirely sure what register_argc_argv does, but could this 
be the problem?

At 09:41 PM 1/21/2003 +1100, Justin French wrote:
on 21/01/03 9:25 PM, Tim Thorburn ([EMAIL PROTECTED]) wrote:

> There is some discussion as to whether my globals are on or not ... I am
> using session_register to name my sessions, and then the global command
> later on on the individual pages to remember which session it is we're
> looking for.

No no no... check the output of phpinfo(), or check your php.ini file to see
if the directive "register_globals" has a value of ON or OFF.

This is more than likely the problem I think.

Also check the same value on your local machine.

Justin


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP Sessions

[Tim Thorburn]

Ok, here's the sample code I found in one of my PHP books - it doesn't work 
exactly like my original script for checking passwords, but it does a close 
enough job to let me know that the sessions aren't staying registered.

I could ask my host if anyone else has had problems, but that would mean 
being able to get them on the phone, find someone who speaks English, and 
then hope that person has any kind of experience with Linux/PHP - which I'm 
quickly finding does not exist.

As it is a shared hosting situation, and I have no shell access (through 
telnet or SSH), I cannot check the php.ini file to see.

authmain.php

session_start();

if ($userid && $password)
{
// if the user has just tried to log in

$db_conn = mysql_connect("localhost", "login", "passWord");
mysql_select_db("databaseName", $db_conn);
$query = "SELECT * FROM userlogin WHERE user='$userid' AND 
passwd=password('$password')";
$result = mysql_query($query, $db_conn);
if (mysql_num_rows($result) > 0)
{
// if they are in the database register the user id
$valid_user = $userid;
session_register("valid_user");
}
}
?>


Test Sessions





if (session_is_registered("valid_user"))
{
echo "You are logged in as: $valid_user Log out";
}
else
{
if (isset($userid))
{
// if they've tried and failed to log in
echo "Could not log you in";
}
else
{
// they have not tried to log in yet or have 
logged out
echo "You are not logged in.";
}

// provide form to log in
echo "";
echo "";
echo "Userid:";
echo "";
echo "Password:";
echo "";
echo "";
echo "";
echo "";
}
?>

Members section



members_only.php

global $userid;
session_start();

echo "Members only";

// check session variable

if (session_is_registered("valid_user"))
{
echo "You are logged in as $valid_user.";
echo "Members only content goes here";
}
else
{
echo "You are not logged in.";
echo "Only logged in members may see this page.";
}

echo "Back to main page";
?>

At 06:29 PM 1/21/2003 +0800, Jason Wong wrote:
On Tuesday 21 January 2003 17:59, Tim Thorburn wrote:
> Yes, the examples from the manual do work on the server using PHP 4.2.2 -
> however they do not work on the server using PHP 4.1.2.
>
> I've been using this same script for many sites with PHP versions 4.0.6
> thru 4.2.2 with no problems until now which leads me to believe that I must
> attempt to change a PHP setting through .htaccess since it is hosted on a
> shared server.
>
> I've tried the example from the manual on several other sites - works
> everywhere but on this problem server.

It's time to see some code :)

Does sessions work at all for the other people on your shared server? Ask 
your
host whether anybody else has complained.

> PHP 4.1.2 (doesn't work)
> '--enable-mm=shared'

Would this have anything to do with it? Apparently there could be problems
with storing sessions in mm:

  http://marc.theaimsgroup.com/?l=php-general&m=104311365417871&w=2

Check in php.ini whether sessions are file based or using mm.

--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *

/*
Goals... Plans... they're fantasies, they're part of a dream world...
-- Wally Shawn
*/


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] PHP Sessions

[Rich Gray]

Sorry I'm a bit late in on this thread but I know there is a problem with
sessions with 4.1.2 with IIS 5 over Win2K... is that your platform? I
encountered it a while back and there is a hack/workaround which I can dig
up if you need it...

HTH
Rich
-Original Message-
From: Tim Thorburn [mailto:[EMAIL PROTECTED]]
Sent: 21 January 2003 10:26
To: [EMAIL PROTECTED]; [EMAIL PROTECTED]
Subject: RE: [PHP] PHP Sessions


There is some discussion as to whether my globals are on or not ... I am
using session_register to name my sessions, and then the global command
later on on the individual pages to remember which session it is we're
looking for.

It would be simply priceless if sessions were broken in 4.1.2 - and make
much sense in the long run.

Thanks
-Tim


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] PHP Sessions

[Ford, Mike [LSS]]

> -Original Message-
> From: John W. Holmes [mailto:[EMAIL PROTECTED]]
> Sent: 21 January 2003 10:20
> 
> Wasn't it 4.1.2 that had broken sessions? I remember one version that
> came out that was just broke and you had to do a bunch of 
> workarounds to
> get things to work normally. Was that it?

Yes, I believe you're right -- but on Windows only.  Sessions in that specific version 
of PHP were accidentally read-only -- so you could appear to set values in the 
session, but they'd never show up in subsequent pages...!

Bug reports http://bugs.php.net/bug.php?id=16043, http://bugs.php.net/bug.php?id=16102 
and http://bugs.php.net/bug.php?id=16202 are relevant.

Cheers!

Mike

-
Mike Ford,  Electronic Information Services Adviser,
Learning Support Services, Learning & Information Services,
JG125, James Graham Building, Leeds Metropolitan University,
Beckett Park, LEEDS,  LS6 3QS,  United Kingdom
Email: [EMAIL PROTECTED]
Tel: +44 113 283 2600 extn 4730  Fax:  +44 113 283 3211 

-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP Sessions

[Justin French]

on 21/01/03 9:25 PM, Tim Thorburn ([EMAIL PROTECTED]) wrote:

> There is some discussion as to whether my globals are on or not ... I am
> using session_register to name my sessions, and then the global command
> later on on the individual pages to remember which session it is we're
> looking for.

No no no... check the output of phpinfo(), or check your php.ini file to see
if the directive "register_globals" has a value of ON or OFF.

This is more than likely the problem I think.

Also check the same value on your local machine.

Justin


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP Sessions

[Jason Wong]

On Tuesday 21 January 2003 17:59, Tim Thorburn wrote:
> Yes, the examples from the manual do work on the server using PHP 4.2.2 -
> however they do not work on the server using PHP 4.1.2.
>
> I've been using this same script for many sites with PHP versions 4.0.6
> thru 4.2.2 with no problems until now which leads me to believe that I must
> attempt to change a PHP setting through .htaccess since it is hosted on a
> shared server.
>
> I've tried the example from the manual on several other sites - works
> everywhere but on this problem server.

It's time to see some code :)

Does sessions work at all for the other people on your shared server? Ask your 
host whether anybody else has complained.

> PHP 4.1.2 (doesn't work)
> '--enable-mm=shared' 

Would this have anything to do with it? Apparently there could be problems 
with storing sessions in mm:

  http://marc.theaimsgroup.com/?l=php-general&m=104311365417871&w=2

Check in php.ini whether sessions are file based or using mm.

-- 
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *

/*
Goals... Plans... they're fantasies, they're part of a dream world...
-- Wally Shawn
*/


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] PHP Sessions

[Tim Thorburn]

There is some discussion as to whether my globals are on or not ... I am 
using session_register to name my sessions, and then the global command 
later on on the individual pages to remember which session it is we're 
looking for.

It would be simply priceless if sessions were broken in 4.1.2 - and make 
much sense in the long run.

Thanks
-Tim

At 05:19 AM 1/21/2003 -0500, you wrote:
> Yes, the examples from the manual do work on the server using PHP
4.2.2 -
> however they do not work on the server using PHP 4.1.2.
>
> I've been using this same script for many sites with PHP versions
4.0.6
> thru 4.2.2 with no problems until now which leads me to believe that I
> must
> attempt to change a PHP setting through .htaccess since it is hosted
on a
> shared server.
>
> I've tried the example from the manual on several other sites - works
> everywhere but on this problem server.

Wasn't it 4.1.2 that had broken sessions? I remember one version that
came out that was just broke and you had to do a bunch of workarounds to
get things to work normally. Was that it?

Are you using the $_SESSION array or relying on register_globals?

---John W. Holmes...

PHP Architect - A monthly magazine for PHP Professionals. Get your copy
today. http://www.phparch.com/



--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] PHP Sessions

[John W. Holmes]

> Yes, the examples from the manual do work on the server using PHP
4.2.2 -
> however they do not work on the server using PHP 4.1.2.
> 
> I've been using this same script for many sites with PHP versions
4.0.6
> thru 4.2.2 with no problems until now which leads me to believe that I
> must
> attempt to change a PHP setting through .htaccess since it is hosted
on a
> shared server.
> 
> I've tried the example from the manual on several other sites - works
> everywhere but on this problem server.

Wasn't it 4.1.2 that had broken sessions? I remember one version that
came out that was just broke and you had to do a bunch of workarounds to
get things to work normally. Was that it?

Are you using the $_SESSION array or relying on register_globals?

---John W. Holmes...

PHP Architect - A monthly magazine for PHP Professionals. Get your copy
today. http://www.phparch.com/



-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP Sessions

[Tim Thorburn]

Yes, the examples from the manual do work on the server using PHP 4.2.2 - 
however they do not work on the server using PHP 4.1.2.

I've been using this same script for many sites with PHP versions 4.0.6 
thru 4.2.2 with no problems until now which leads me to believe that I must 
attempt to change a PHP setting through .htaccess since it is hosted on a 
shared server.

I've tried the example from the manual on several other sites - works 
everywhere but on this problem server.

Thanks
-Tim

At 05:56 PM 1/21/2003 +0800, you wrote:
On Tuesday 21 January 2003 17:39, Tim Thorburn wrote:
> Hi,
>
> I'm using PHP 4.1.2 on the server with problems - it's hosted on a shared
> server and thus I have no direct access to much of anything.  I have had
> this script running on versions 4.0.6 thru 4.2.2 with no problems until
> now.
>
> Here are the settings attained from phpinfo(); for the server that does not
> work - 4.1.2 ... and from the server that does work 4.2.2
>
> After the Configure Command of each is a list of settings that differ.

Again, does the simple example from the manual work? If it works we can
eliminate config settings and concentrate on your code.

--
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *

/*
Endless the world's turn, endless the sun's spinning
Endless the quest;
I turn again, back to my own beginning,
And here, find rest.
*/


--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php




--
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

Re: [PHP] PHP Sessions

[Jason Wong]

On Tuesday 21 January 2003 17:39, Tim Thorburn wrote:
> Hi,
>
> I'm using PHP 4.1.2 on the server with problems - it's hosted on a shared
> server and thus I have no direct access to much of anything.  I have had
> this script running on versions 4.0.6 thru 4.2.2 with no problems until
> now.
>
> Here are the settings attained from phpinfo(); for the server that does not
> work - 4.1.2 ... and from the server that does work 4.2.2
>
> After the Configure Command of each is a list of settings that differ.

Again, does the simple example from the manual work? If it works we can 
eliminate config settings and concentrate on your code.

-- 
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *

/*
Endless the world's turn, endless the sun's spinning
Endless the quest;
I turn again, back to my own beginning,
And here, find rest.
*/


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] PHP Sessions

[Timothy Hitchens \(HiTCHO\)]

Are globals turned on or off.. I don't see that setting in your copy and
paste.

Are you trying to access the session vars as $name or
$_SESSION['name']??


Timothy Hitchens (HiTCHO)
Open Source Consulting
e-mail: [EMAIL PROTECTED]

> -Original Message-
> From: Tim Thorburn [mailto:[EMAIL PROTECTED]] 
> Sent: Tuesday, 21 January 2003 7:39 PM
> To: [EMAIL PROTECTED]; [EMAIL PROTECTED]; 
> [EMAIL PROTECTED]
> Subject: RE: [PHP] PHP Sessions
> 
> 
> Hi,
> 
> I'm using PHP 4.1.2 on the server with problems - it's hosted 
> on a shared 
> server and thus I have no direct access to much of anything.  
> I have had 
> this script running on versions 4.0.6 thru 4.2.2 with no 
> problems until now.
> 
> Here are the settings attained from phpinfo(); for the server 
> that does not 
> work - 4.1.2 ... and from the server that does work 4.2.2
> 
> After the Configure Command of each is a list of settings that differ.
> 
> Much thanks for responding so quickly and at such a late hour!!
> 
> Thanks
> -Tim
> 
> PHP 4.2.2 (works fine)
> 
> './configure' '--with-apxs=/usr/local/apache/bin/apxs' 
> '--with-mcrypt' 
> '--enable-bcmath' '--enable-calendar' '--with-xml' 
> '--with-swf=/usr/local/flash' '--with-gd=../gd-1.8.4' 
> '--with-jpeg-dir=/usr/local' 
> '--with-imap=../imap-2001.BETA.SNAP-0107112053' 
> '--with-ming=../ming-0.1.1' 
> '--enable-magic-quotes' '--with-mysql' '--enable-safe-mode' 
> '--enable-track-vars' '--with-ttf' '--enable-versioning' 
> '--with-curl' 
> '--with-zlib'
> 
> Settings:
> allow_call_time_pass_reference ON
> extension_dir ./
> magic_quotes_gpc ON
> register_argc_argv ON
> sendmail_from no value
> unserialize_callback_func no value
> variables_order EGPCS
> 
> PHP 4.1.2 (doesn't work)
> 
> './configure' '--prefix=/usr' '--with-apxs=/usr/sbin/apxs' 
> '--with-gd' 
> '--with-gettext=/usr' '--enable-safe-mode' 
> '--with-config-file-path=/etc/httpd' '--with-exec-dir=/usr/bin' 
> '--with-zlib' '--enable-magic-quotes' '--with-regex=system' 
> '--with-ttf' 
> '--with-db' '--with-gdbm' '--enable-mbstring' 
> '--enable-mbstr-enc-trans' 
> '--enable-track-vars' '--enable-wddx=shared' '--enable-mm=shared' 
> '--enable-xml' '--enable-ftp' '--disable-debug' 
> '--with-libdir=/usr/lib' 
> '--with-db3' '--with-interbase=shared' '--with-pgsql=shared' 
> '--with-ldap' 
> '--with-imap' '--with-curl=shared' '--with-pdflib=shared'
> 
> Settings:
> allow_call_time_pass_reference OFF
> extension_dir /usr/lib/apache/php
> magic_quotes_gpc OFF
> register_argc_argv OFF
> sendmail_from [EMAIL PROTECTED]
> variables_order GPCS
> 
> 
> At 07:11 PM 1/21/2003 +1000, Timothy Hitchens \(HiTCHO\) wrote:
> >What version of PHP are you using and do you have 
als turned on?
> >
> >
> >Timothy Hitchens (HiTCHO)
> >Open Source Consulting
> >e-mail: [EMAIL PROTECTED]
> >
> > > -Original Message-
> > > From: Tim Thorburn [mailto:[EMAIL PROTECTED]]
> > > Sent: Tuesday, 21 January 2003 6:59 PM
> > > To: [EMAIL PROTECTED]
> > > Subject: [PHP] PHP Sessions
> > >
> > >
> > > Hi,
> > >
> > > After a day and a half of pounding my head against the wall I 
> > > believe I've identified the source of the problem.  When I create 
> > > and register the session in my login page - it does not carry 
> > > forward to any other pages.  I've found this by going through 
> > > several different tutorials for
> > > making password protected areas using PHP and Sessions that
> > > I've found both
> > > online and in books - all produce the same result on the 
> server with
> > > attitude - yet all work on all other servers I'm currently
> > > using for my
> > > hosting.
> > >
> > > So, since this is an eCommerce site for my client and they're 
> > > getting increasingly impatient with the progress made I'm 
> left with 
> > > little choice in this matter - as moving the site now would be 
> > > unthinkable, and tech
> > > support at the hosting company is less than stellar, and
> > > generally not in
> > > English.  Are there any obvious PHP settings that I'd need to
> > > adjust to
> > > ensure that Sessions can be carried forward to additional
> > > pages?  My only
> > > other option now is to force my client to login to each
> > > screen in the admin
> > > area (conceivably this could mean the client would need to
> > > log in to a
> > > minimum of 8 different pages to observe their records and
> > > make changes to
> > > the site).
> > >
> > > I'm at the point of desperation and sleep deprivation ... 
> If there 
> > > are no obvious PHP settings that need to be altered - what else
> > > could be producing
> > > this problem?
> > >
> > > Thanks
> > > -Tim
> > >
> > >
> > >
> > > --
> > > PHP General Mailing List (http://www.php.net/)
> > > To unsubscribe, visit: http://www.php.net/unsub.php
> > >
> 


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php

RE: [PHP] PHP Sessions

[Tim Thorburn]

Hi,

I'm using PHP 4.1.2 on the server with problems - it's hosted on a shared 
server and thus I have no direct access to much of anything.  I have had 
this script running on versions 4.0.6 thru 4.2.2 with no problems until now.

Here are the settings attained from phpinfo(); for the server that does not 
work - 4.1.2 ... and from the server that does work 4.2.2

After the Configure Command of each is a list of settings that differ.

Much thanks for responding so quickly and at such a late hour!!

Thanks
-Tim

PHP 4.2.2 (works fine)

'./configure' '--with-apxs=/usr/local/apache/bin/apxs' '--with-mcrypt' 
'--enable-bcmath' '--enable-calendar' '--with-xml' 
'--with-swf=/usr/local/flash' '--with-gd=../gd-1.8.4' 
'--with-jpeg-dir=/usr/local' 
'--with-imap=../imap-2001.BETA.SNAP-0107112053' '--with-ming=../ming-0.1.1' 
'--enable-magic-quotes' '--with-mysql' '--enable-safe-mode' 
'--enable-track-vars' '--with-ttf' '--enable-versioning' '--with-curl' 
'--with-zlib'

Settings:
allow_call_time_pass_reference ON
extension_dir ./
magic_quotes_gpc ON
register_argc_argv ON
sendmail_from no value
unserialize_callback_func no value
variables_order EGPCS

PHP 4.1.2 (doesn't work)

'./configure' '--prefix=/usr' '--with-apxs=/usr/sbin/apxs' '--with-gd' 
'--with-gettext=/usr' '--enable-safe-mode' 
'--with-config-file-path=/etc/httpd' '--with-exec-dir=/usr/bin' 
'--with-zlib' '--enable-magic-quotes' '--with-regex=system' '--with-ttf' 
'--with-db' '--with-gdbm' '--enable-mbstring' '--enable-mbstr-enc-trans' 
'--enable-track-vars' '--enable-wddx=shared' '--enable-mm=shared' 
'--enable-xml' '--enable-ftp' '--disable-debug' '--with-libdir=/usr/lib' 
'--with-db3' '--with-interbase=shared' '--with-pgsql=shared' '--with-ldap' 
'--with-imap' '--with-curl=shared' '--with-pdflib=shared'

Settings:
allow_call_time_pass_reference OFF
extension_dir /usr/lib/apache/php
magic_quotes_gpc OFF
register_argc_argv OFF
sendmail_from [EMAIL PROTECTED]
variables_order GPCS


At 07:11 PM 1/21/2003 +1000, Timothy Hitchens \(HiTCHO\) wrote:
What version of PHP are you using and do you have globals turned on?


Timothy Hitchens (HiTCHO)
Open Source Consulting
e-mail: [EMAIL PROTECTED]

> -Original Message-
> From: Tim Thorburn [mailto:[EMAIL PROTECTED]]
> Sent: Tuesday, 21 January 2003 6:59 PM
> To: [EMAIL PROTECTED]
> Subject: [PHP] PHP Sessions
>
>
> Hi,
>
> After a day and a half of pounding my head against the wall I
> believe I've
> identified the source of the problem.  When I create and register the
> session in my login page - it does not carry forward to any other
> pages.  I've found this by going through several different
> tutorials for
> making password protected areas using PHP and Sessions that
> I've found both
> online and in books - all produce the same result on the server with
> attitude - yet all work on all other servers I'm currently
> using for my
> hosting.
>
> So, since this is an eCommerce site for my client and they're getting
> increasingly impatient with the progress made I'm left with
> little choice
> in this matter - as moving the site now would be unthinkable,
> and tech
> support at the hosting company is less than stellar, and
> generally not in
> English.  Are there any obvious PHP settings that I'd need to
> adjust to
> ensure that Sessions can be carried forward to additional
> pages?  My only
> other option now is to force my client to login to each
> screen in the admin
> area (conceivably this could mean the client would need to
> log in to a
> minimum of 8 different pages to observe their records and
> make changes to
> the site).
>
> I'm at the point of desperation and sleep deprivation ... If
> there are no
> obvious PHP settings that need to be altered - what else
> could be producing
> this problem?
>
> Thanks
> -Tim
>
>
>
> --
> PHP General Mailing List (http://www.php.net/)
> To unsubscribe, visit: http://www.php.net/unsub.php
>

Re: [PHP] PHP Sessions

[Jason Wong]

On Tuesday 21 January 2003 16:58, Tim Thorburn wrote:
> Hi,
>
> After a day and a half of pounding my head against the wall I believe I've
> identified the source of the problem.  When I create and register the
> session in my login page - it does not carry forward to any other
> pages.  I've found this by going through several different tutorials for
> making password protected areas using PHP and Sessions that I've found both
> online and in books - all produce the same result on the server with
> attitude - yet all work on all other servers I'm currently using for my
> hosting.

Does the simple example from the manual work? If not, what does the php.log 
say? If it does work then what does your code look like?

What is the config of the "server with an attitude"? phpinfo()? Did you check 
for any differences between that and the servers that do work?

-- 
Jason Wong -> Gremlins Associates -> www.gremlins.biz
Open Source Software Systems Integrators
* Web Design & Hosting * Internet & Intranet Applications Development *

/*
lisp, v.:
To call a spade a thpade.
*/


-- 
PHP General Mailing List (http://www.php.net/)
To unsubscribe, visit: http://www.php.net/unsub.php