Hi,
i have a problem with PHP sessions. The problem only occurs on one
machine (PHP v5.2.4 incl. mod_security). On another one (PHP v5.2.0 no
mod security) my application works fine.
Here's the precondition:
I have 2 PHP applications, A and B. Both on a seperate server/machine.
A perfoms via SoapClient a request on B, where a Soap service is
located. B provides amongst others a function, that initializes a
session with data on B's side
$sess_id = md5(microtime() );
session_name('S ESSID');
session_id($ses s_id);
session_start() ;
$_SESSION['blah'] = 'blah';
$_SESSION['fasel'] = 'fasel';
$_SESSION['blubb'] = 'blubb';
session_write_c lose();
and returns the session id and a URL to A.
A takes the URL and the session id and performs a redirect via
header('Locatio n: ' . $url . '?SESSID=' . $sess_id). The URL
points to a script located on B's side.
When the script on B is called, it checks if a session id is given
within the URL ($_GET) and tries to start the session.
$sess_id = $_GET['SESSID'];
session_name('S ESSID');
session_id($ses s_id);
session_start() ;
As i mentioned above it works fine on the PHP v5.2.0 machine but not
on v5.2.4. After session_start() the existing session will be
overwritten with an empty one, having the same session id. I've
additionally confirmed this behaviour in the sessions directory.
I'm not using session coockies.
ini_set('sessio n.use_cookies', 0);
ini_set('sessio n.use_only_cook ies', 0);
ini_set('sessio n.use_trans_sid ', 0);
I've also compared the session parameter configuration of both servers
and there's no diff. The log files of the server give me no hint.
Can anybody give my a hint?
Thanks in advance,
der Jens
4  2476 
On Fri, 30 Nov 2007 16:57:18 +0100, <j.**********@c arcopy.comwrote :
Hi,
i have a problem with PHP sessions. The problem only occurs on one
machine (PHP v5.2.4 incl. mod_security). On another one (PHP v5.2.0 no
mod security) my application works fine.
Here's the precondition:
I have 2 PHP applications, A and B. Both on a seperate server/machine.
A perfoms via SoapClient a request on B, where a Soap service is
located. B provides amongst others a function, that initializes a
session with data on B's side
$sess_id = md5(microtime() );
Why do you want to do that???? microtime() is highly, highly unsuited for
a busy server. At least use something like uniqid(). You basically are
asking for problems creating session-ids like this. Is there any
particular reason you want to set the session-id? Why not let PHP handle
it (and it's uniqueness at that time). If you just want to know a
session-id after it's being set just call session_id() with no arguments..
session_name('S ESSID');
session_id($ses s_id);
session_start() ;
$_SESSION['blah'] = 'blah';
$_SESSION['fasel'] = 'fasel';
$_SESSION['blubb'] = 'blubb';
session_write_c lose();
and returns the session id and a URL to A.
OK, and where is the sharded storage of session data? Are both servers set
up to look at the same storage?
A takes the URL and the session id and performs a redirect via
header('Locatio n: ' . $url . '?SESSID=' . $sess_id). The URL
points to a script located on B's side.
Using a GET is somewhat hazardous. What domains do your servers have? You
might be better of setting a cookie for a wildcard domain (setcookie() -
<http://nl2.php.net/manual/en/function.setcoo kie.php>, i.e. set the domain
to '.example.com' rather then 'server1.exampl e.com' or
'server2.exampl e.com'.
When the script on B is called, it checks if a session id is given
within the URL ($_GET) and tries to start the session.
$sess_id = $_GET['SESSID'];
session_name('S ESSID');
session_id($ses s_id);
session_start() ;
As i mentioned above it works fine on the PHP v5.2.0 machine but not
on v5.2.4. After session_start() the existing session will be
overwritten with an empty one, having the same session id. I've
additionally confirmed this behaviour in the sessions directory.
Where is this sessions directory, and how have you configured the servers
to look into one and the same directory (which can be on only 1 server,
either A or B, or an unmentioned C) for the storage?
When 'crossing' servers with sessions, I usually opt for setting up my own
sessionhandler (set_session_ha ndler()), and use a single database server
to store/retrieve session data from.
--
Rik Wasmus
On 30 Nov., 18:27, "Rik Wasmus" <luiheidsgoe... @hotmail.comwro te:
On Fri, 30 Nov 2007 16:57:18 +0100, <j.wendelm...@c arcopy.comwrote :
[snip]
$sess_id = md5(microtime() );
Why do you want to do that???? microtime() is highly, highly unsuited for
a busy server. At least use something like uniqid(). You basically are
asking for problems creating session-ids like this. Is there any
particular reason you want to set the session-id? Why not let PHP handle
it (and it's uniqueness at that time). If you just want to know a
session-id after it's being set just call session_id() with no arguments.
OK, you're right. I'll change this.
session_name('S ESSID');
session_id($ses s_id);
session_start() ;
$_SESSION['blah'] = 'blah';
$_SESSION['fasel'] = 'fasel';
$_SESSION['blubb'] = 'blubb';
session_write_c lose();
and returns the session id and a URL to A.
OK, and where is the sharded storage of session data? Are both servers set
up to look at the same storage?
The A server is not looking at this storage. Server A just works as an
entry point to B. A does not need to know anything about storage of
B's sessions.
A takes the URL and the session id and performs a redirect via
header('Locatio n: ' . $url . '?SESSID=' . $sess_id). The URL
points to a script located on B's side.
Using a GET is somewhat hazardous. What domains do your servers have? You
might be better of setting a cookie for a wildcard domain (setcookie() ->
<http://nl2.php.net/manual/en/function.setcoo kie.php>, i.e. set the domain
to '.example.com' rather then 'server1.exampl e.com' or
'server2.exampl e.com'.
Ok, does it mean A (server) can sent a cookie to B (server). I'll try
it.
When the script on B is called, it checks if a session id is given
within the URL ($_GET) and tries to start the session.
$sess_id = $_GET['SESSID'];
session_name('S ESSID');
session_id($ses s_id);
session_start() ;
As i mentioned above it works fine on the PHP v5.2.0 machine but not
on v5.2.4. After session_start() the existing session will be
overwritten with an empty one, having the same session id. I've
additionally confirmed this behaviour in the sessions directory.
Where is this sessions directory, and how have you configured the servers
to look into one and the same directory (which can be on only 1 server,
either A or B, or an unmentioned C) for the storage?
As stated above, only server B has to handle the session data.
[snip]
Thanks for your hints. I'll state the result ASAP.
Best regards,
der Jens
On 30 Nov., 18:27, "Rik Wasmus" <luiheidsgoe... @hotmail.comwro te:
On Fri, 30 Nov 2007 16:57:18 +0100, <j.wendelm...@c arcopy.comwrote :
[snip]
$sess_id = md5(microtime() );
Why do you want to do that???? microtime() is highly, highly unsuited for
a busy server. At least use something like uniqid(). You basically are
asking for problems creating session-ids like this. Is there any
particular reason you want to set the session-id? Why not let PHP handle
it (and it's uniqueness at that time). If you just want to know a
session-id after it's being set just call session_id() with no arguments.
OK, you're right. I'll change this.
session_name('S ESSID');
session_id($ses s_id);
session_start() ;
$_SESSION['blah'] = 'blah';
$_SESSION['fasel'] = 'fasel';
$_SESSION['blubb'] = 'blubb';
session_write_c lose();
and returns the session id and a URL to A.
OK, and where is the sharded storage of session data? Are both servers set
up to look at the same storage?
The A server is not looking at this storage. Server A just works as an
entry point to B. A does not need to know anything about storage of
B's sessions.
A takes the URL and the session id and performs a redirect via
header('Locatio n: ' . $url . '?SESSID=' . $sess_id). The URL
points to a script located on B's side.
Using a GET is somewhat hazardous. What domains do your servers have? You
might be better of setting a cookie for a wildcard domain (setcookie() ->
<http://nl2.php.net/manual/en/function.setcoo kie.php>, i.e. set the domain
to '.example.com' rather then 'server1.exampl e.com' or
'server2.exampl e.com'.
Ok, does it mean A (server) can sent a cookie to B (server). I'll try
it.
When the script on B is called, it checks if a session id is given
within the URL ($_GET) and tries to start the session.
$sess_id = $_GET['SESSID'];
session_name('S ESSID');
session_id($ses s_id);
session_start() ;
As i mentioned above it works fine on the PHP v5.2.0 machine but not
on v5.2.4. After session_start() the existing session will be
overwritten with an empty one, having the same session id. I've
additionally confirmed this behaviour in the sessions directory.
Where is this sessions directory, and how have you configured the servers
to look into one and the same directory (which can be on only 1 server,
either A or B, or an unmentioned C) for the storage?
As stated above, only server B has to handle the session data.
[snip]
Thanks for your hints. I'll state the result ASAP.
Best regards,
der Jens
On 30 Nov., 14:04, j.wendelm...@ca rcopy.com wrote:
[snip]
Thanks for your hints. I'll state the result ASAP.
Ok, i dropped the idea with the session storage. After a lot of
research and trial + error i decided to use a DB based storage.
In short words:
A user wants to request a service from a server B, but there's no
direct access to B available/possible/allowed. That's why B provides a
SoapService the has to be accessed by a server A. Server B receives
the Soap-Request from A and writes the affected data together with an
on the fly created token into the database. The token and the URL are
returned to A. A redirects the user via header command to URL, where
the token is send as GET parameter. The script behind the URL
validates the token and resumes the data stored in the database.
Best regards,
der Jens This thread has been closed and replies have been disabled. Please start a new discussion. Similar topics | |
by: Rahul Chatterjee |
last post by:
Hello All
I have 2 websites both using different style sheets (.css). The stylesheets
are stored in a session variable and get set at the time the site gets
invoked. What is happening is something like this.
I bring up the first site and navigate around. Everything is okay. The
stylesheets are correct and so on and so forth. When I click on a link to go
to the other site from the first site (I create a new instance of the
browser),...
|
by: ton |
last post by:
I'm using a customserver control. My webpage starts with a logon form. In my
customcontrol I save the logonname, baserecordid. These values are very
important. The problem is that when a different user start the webapp, the
values are overwritten.
- Why does the customcontrol does not start a new session.?
- Or how can I save values for every user ?
BTW: I use this code:
Dim session As SessionState.HttpSessionState =...
|
by: Wiktor Zychla |
last post by:
Hello there,
I've just encountered a strange problem with Session. In one particular
scenario it is cleared between pages but the scenario is so specific that I
am really, really startled. I've tried to look for similar situations in the
group archive and it seems that few people have observed similar behaviour.
None of them, however, got a clear explanation that would correspond to my
problem.
In my web application I put some...
|
by: Simon Matthews |
last post by:
I am having issues with the right way to architecture the following (using c#
asp.net):-
The question I have is how best pass the collected data from one web page
for use in another.
The question I have is how best pass the search criteria from the first page
to the second. The search criteria exists as a structure and is filled when
the user presses the 'Search' button on the first page.
|
by: Arnt O. Kvannefoss |
last post by:
Hello,
We have an asp.net application to manage events. Some users get their
session values overwritten because they open a second instance of their
browser with File > New > Window. These two instances will now share the
session values. When they move to another event in the second instance this
event's data will be overwritten when they update data for the event in the
first instance. How can we code around this problem?
Best regards...
| | |
by: Li Pang |
last post by:
Hi,
I created a html page from which I give a link to another web site. The new
site is opened in a new window. When I opened multiple windows, they all have
the same SessionID. I want ot know how to open the windows with different
sessionID.
Thanks
|
by: ricardo.sobral.santos |
last post by:
Hi there,
I cannot store an arraylist in a session. I have read some posts and
still found no solution. I am sure it might be something simple, but
since I have been around it for quite sometime I ask for your advice.
Here is my page load.
Protected Sub Page_Load(ByVal sender As Object, ByVal e As
System.EventArgs) Handles Me.Load
|
by: aamirghanchi |
last post by:
Hi, I need to know if anyone else came across this. The Session
variable value I set in a sortCommand event handler of a datagrid does
not hold on till the next sortcommand event handler and reverts back
to its original value, the one I had set it before in the previous
trip sortcommand event handler.
I am trying to implement bidirectional sorting on a datagrid by making
use of session variable Session("SDirection"). In the sortcommand...
|
by: thig95 |
last post by:
Hi,
I've got a web application written in ASP class with VBScript. We have a home grown conctact management system for my company that our users stay active in throughout the day. My problem lies with the continued timeout we sometimes experience.
I have tried just about everything to allow an 8 hour timeout for this application. I've set the session timeout to 480 in IIS (running IIS 6 on windows 2k3 SE) and i've also tried coding it in...
|
by: Hystou |
last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it.
First, let's disable language synchronization. With a Microsoft account, language settings sync across devices. To prevent any complications,...
|
by: Hystou |
last post by:
Overview:
Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For most users, this new feature is actually very convenient. If you want to control the update process,...
| | |
by: tracyyun |
last post by:
Dear forum friends,
With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the choice of these technologies. I'm particularly interested in Zigbee because I've heard it does some...
|
by: agi2029 |
last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then launch it, all on its own....
Now, this would greatly impact the work of software developers. The idea...
|
by: conductexam |
last post by:
I have .net C# application in which I am extracting data from word file and save it in database particularly. To store word all data as it is I am converting the whole word file firstly in HTML and then checking html paragraph one by one.
At the time of converting from word file to html my equations which are in the word document file was convert into image.
Globals.ThisAddIn.Application.ActiveDocument.Select();...
|
by: adsilva |
last post by:
A Windows Forms form does not have the event Unload, like VB6. What one acts like?
|
by: 6302768590 |
last post by:
Hai team
i want code for transfer the data from one system to another through IP address by using C# our system has to for every 5mins then we have to update the data what the data is updated we have to send another system
|
by: muto222 |
last post by:
How can i add a mobile payment intergratation into php mysql website.
| | |
by: bsmnconsultancy |
last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating effective websites that not only look great but also perform exceptionally well. In this comprehensive...
| |
