Goalie wrote:
Dear all,
I have a script which checks whether a user is logged in and on which
level. If he is not logged in, he will get the login screen. My problem is
that the script works on the server of the ISP, but not on my local
machine. I checked me php.ini files and also phpinfo on the ISP server.
But what happens is that if I try to log in on my local server the session
is started but not read by the next file, it returns again to the login
screen. The files in the /tmp directory are written and contain the data,
but they are not read in again. Can any body help me on this. I work with
php 4.3.
Regards,
goalie
Hi,
I think you better named your posting: 'Broken Session' instead of multiple
session. You don't seem to get 1 running. :-)
Ok, many settings can influence the behaviour.
The BEST way to start is in my humble opinion in your browser.
1) Delete all cookies.
2) Goto you PHP page
3) CHeck if it sets a cookie with a PHPSESSIONID=bl abla
(I expect not)
Now try to adjust your php.ini (and restart webserver if needed).
FInd the [Session] part
Pay special attention to:
session.save_ha ndler = files (in most cases)
session.save_pa th = /tmp (or whereever you store the stuff)
session.use_coo kies = 1 (important)
session.auto_st art = 1 (important!)
The autostart is very handy.
You don't have to fiddle around with starting sessions and such.
For security: DOn't rely on the fact that a session exists, just rely on the
fact that YOU put something into a session.
It makes things much more clear from a programmers point-of-view.
(At least that is what I think.)
eg:
$_SESSION["userauthentica tedLevel1"] = "Y";
$_SESSION["userauthentica tedLevel2"] = "N";
is a good way to set userrights.
On the pages that are secured, just check for the right value in the
session.
Hope this helps.
Regards,
Erwin Moller
-----------------------------------------
Here follows mine (which works)
[Session]
; Handler used to store/retrieve data.
session.save_ha ndler = files
; Argument passed to save_handler. In the case of files, this is the path
; where data files are stored. Note: Windows users have to change this
; variable in order to use PHP's session functions.
session.save_pa th = /tmp
; Whether to use cookies.
session.use_coo kies = 1
; Name of the session (used as cookie name).
session.name = PHPSESSID
; Initialize session on request startup.
session.auto_st art = 1
; Lifetime in seconds of cookie or, if 0, until browser is restarted.
session.cookie_ lifetime = 0
; The path for which the cookie is valid.
session.cookie_ path = /
; The domain for which the cookie is valid.
session.cookie_ domain =
; Handler used to serialize data. php is the standard serializer of PHP.
session.seriali ze_handler = php
; Percentual probability that the 'garbage collection' process is started
; on every session initialization.
session.gc_prob ability = 1
; After this number of seconds, stored data will be seen as 'garbage' and
; cleaned up by the garbage collection process.
session.gc_maxl ifetime = 1440
; Check HTTP Referer to invalidate externally stored URLs containing ids.
; HTTP_REFERER has to contain this substring for the session to be
; considered as valid.
session.referer _check =
; How many bytes to read from the file.
session.entropy _length = 0
; Specified here to create the session id.
session.entropy _file =
;session.entrop y_length = 16
;session.entrop y_file = /dev/urandom
; Set to {nocache,privat e,public} to determine HTTP caching aspects.
session.cache_l imiter = nocache
; Document expires after n minutes.
session.cache_e xpire = 180
; use transient sid support if enabled by compiling with --enable-trans-sid.
session.use_tra ns_sid = 1
url_rewriter.ta gs = "a=href,area=hr ef,frame=src,in put=src,form=fa keentry"