473,581 Members | 3,234 Online
Bytes | Software Development & Data Engineering Community
+ Post

Home Posts Topics Members FAQ

Modify Session Cookie on Every Page Load

I've got a PHP system working on a development server (Windows
2000/IIS5/PHP 4.3.3) but it doesn't seem to be working quite right on
the testing server (same except PHP 4.2.3). I upgraded the PHP on the
testing server but that didn't seem to make any difference. One
difference I noticed is that on the dev server, the session cookie is
modified on EVERY page load. On the testing server the cookie gets
created alright but it doesn't seem to be touched after that (and yes,
I checked to be sure the PHP code is the same on the two machines).
Is this controlled by a setting in php.ini? If so, I cannot figure
out which one. Is it controlled by IIS in some way? Again, I cannot
find anything that tells me where. Since the development server is
working, I'd like that behavior (modifying the cookie on every page
load) to be implemented on the test server but cannot figure out how.
Any suggestions would be most appreciated.

--
Henry
Jul 17 '05 #1
7 3358
Henry Hartley wrote:
I've got a PHP system working on a development server (Windows
2000/IIS5/PHP 4.3.3) but it doesn't seem to be working quite right on
the testing server (same except PHP 4.2.3). I upgraded the PHP on the
testing server but that didn't seem to make any difference. One
difference I noticed is that on the dev server, the session cookie is
modified on EVERY page load.
???? And that is good? ?!?!?!?!

one session <===> one cookie
one cookie <===> one session

If you get different cookies that means php is dealing with different
sessions.
On the testing server the cookie gets
created alright but it doesn't seem to be touched after that (and yes,
I checked to be sure the PHP code is the same on the two machines).
Isn't this what you want? ?!?!?!?!
Is this controlled by a setting in php.ini? If so, I cannot figure
out which one.
Check that the directory specified in "session.save_p ath" really exists.
Is it controlled by IIS in some way? Again, I cannot
find anything that tells me where.
Check the permission for the directory.
Since the development server is
working,
is it? ?!?!?!?!
I'd like that behavior (modifying the cookie on every page
load) to be implemented on the test server but cannot figure out how.


Why?
Why do you want a cookie that changes on *every* page load?
Perhaps you are trying something for which cookies may not be the best
option?

--
USENET would be a better place if everybody read: | to mail me: simply |
http://www.catb.org/~esr/faqs/smart-questions.html | "reply" to this post, |
http://www.netmeister.org/news/learn2quote2.html | *NO* MIME, plain text |
http://www.expita.com/nomime.html | and *NO* attachments. |
Jul 17 '05 #2
Accessing the cookie with every page load is usually to reset the expiry
time. In this way the cookie will expire some time after the last page
access, not sometime after it was first created.

--
Tony Marston

http://www.tonymarston.net

"Pedro Graca" <he****@hotpop. com> wrote in message
news:sl******** ***********@ID-203069.user.uni-berlin.de...
Henry Hartley wrote:
I've got a PHP system working on a development server (Windows
2000/IIS5/PHP 4.3.3) but it doesn't seem to be working quite right on
the testing server (same except PHP 4.2.3). I upgraded the PHP on the
testing server but that didn't seem to make any difference. One
difference I noticed is that on the dev server, the session cookie is
modified on EVERY page load.


???? And that is good? ?!?!?!?!

one session <===> one cookie
one cookie <===> one session

If you get different cookies that means php is dealing with different
sessions.
On the testing server the cookie gets
created alright but it doesn't seem to be touched after that (and yes,
I checked to be sure the PHP code is the same on the two machines).


Isn't this what you want? ?!?!?!?!
Is this controlled by a setting in php.ini? If so, I cannot figure
out which one.


Check that the directory specified in "session.save_p ath" really exists.
Is it controlled by IIS in some way? Again, I cannot
find anything that tells me where.


Check the permission for the directory.
Since the development server is
working,


is it? ?!?!?!?!
I'd like that behavior (modifying the cookie on every page
load) to be implemented on the test server but cannot figure out how.


Why?
Why do you want a cookie that changes on *every* page load?
Perhaps you are trying something for which cookies may not be the best
option?

--
USENET would be a better place if everybody read: | to mail me:
simply |
http://www.catb.org/~esr/faqs/smart-questions.html | "reply" to this
post, |
http://www.netmeister.org/news/learn2quote2.html | *NO* MIME, plain
text |
http://www.expita.com/nomime.html | and *NO*
attachments. |

Jul 17 '05 #3
Tony Marston wrote:
Accessing the cookie with every page load is usually to reset the expiry
time. In this way the cookie will expire some time after the last page
access, not sometime after it was first created.


Hmmm, of course you're right. I just didn't think of using 'sticky'
cookies for the session id.

I think it's best to let the user decide when the session is over rather
than forcing a cookie timeout of 20 minutes (or an hour, or whatever).
When the user want to terminate the session he can close the browser or
log out (and logging out will delete the cookie).
--
USENET would be a better place if everybody read: | to mail me: simply |
http://www.catb.org/~esr/faqs/smart-questions.html | "reply" to this post, |
http://www.netmeister.org/news/learn2quote2.html | *NO* MIME, plain text |
http://www.expita.com/nomime.html | and *NO* attachments. |
Jul 17 '05 #4
>> Accessing the cookie with every page load is usually to reset the expiry
time. In this way the cookie will expire some time after the last page
access, not sometime after it was first created.


Hmmm, of course you're right. I just didn't think of using 'sticky'
cookies for the session id.

I think it's best to let the user decide when the session is over rather
than forcing a cookie timeout of 20 minutes (or an hour, or whatever).
When the user want to terminate the session he can close the browser or
log out (and logging out will delete the cookie).


You DO want to time out sessions eventually, as all those files
cluttering up the server will eventually slow it down, to say nothing
of chewing up a lot of disk space. Do you think a real user is
going to come back expecting to still be logged in if he hasn't
accessed a page in 24 hours? A month? A year? Timeouts don't
have to be annoyingly short. I'm not sure an hour qualifies as
"annoyingly short" if it's counted from the last page refresh,
though, especially if it's a security-sensitive page like a bill-pay
page for a bank.

Also, the *server* doesn't know when the user has closed the browser.
It needs to eventually clean up old sessions.

Gordon L. Burditt
Jul 17 '05 #5
Pedro Graca <he****@hotpop. com> wrote in message news:<sl******* ************@ID-203069.user.uni-berlin.de>...
<snip>
I think it's best to let the user decide when the session is over rather
than forcing a cookie timeout of 20 minutes (or an hour, or whatever).
When the user want to terminate the session he can close the browser or
log out (and logging out will delete the cookie).


The "real" session timeout is handled by garbage collector
(session.gc_max lifetime and the time you last access the session file)
than with cookies. The cookie life time, just helps you to "continue"
your sessions incase if you closed/restarted your browser.

--
| Just another PHP saint |
Email: rrjanbiah-at-Y!com
Jul 17 '05 #6
Pedro Graca <he****@hotpop. com> wrote in message news:<sl******* ************@ID-203069.user.uni-berlin.de>...
Tony Marston wrote:
Accessing the cookie with every page load is usually to reset the expiry
time. In this way the cookie will expire some time after the last page
access, not sometime after it was first created.


Hmmm, of course you're right. I just didn't think of using 'sticky'
cookies for the session id.


The odd thing is that one server is resetting the cookie on every page
load (not creating a new cookie, just updating the existing one) and
the other server justs sets the cookie once and seems to forget about
it. Of course, it's still *reading* the cookie or it wouldn't know
what the session ID was but I'm trying to understand why the two
servers are behaving differently. I don't know if this is a PHP
setting (in php.ini) or an IIS setting (and if so, where I can find
and change it) or possibly some other setting that I haven't thought
of.

--
Henry
Jul 17 '05 #7
he**********@we stat.com (Henry Hartley) wrote in message news:<2d******* *************** ****@posting.go ogle.com>...
<snip>
I don't know if this is a PHP
setting (in php.ini)


Then, why can't do a diff between two ini files?

--
| Just another PHP saint |
Email: rrjanbiah-at-Y!com
Jul 17 '05 #8

This thread has been closed and replies have been disabled. Please start a new discussion.

Similar topics

27
7101
by: mrbog | last post by:
Tell me if my assertion is wrong here: The only way to prevent session hijacking is to NEVER store authentication information (such as name/password) in the session. Well, to never authenticate a user from information you got from the session. Each secure app on a site must challenge the user for name and password, each and every time the...
3
7364
by: Karsten Grombach | last post by:
Hi, I'm trying the following: - Imitate a Logon using a Post with HttpWebRequest on remote Webserver (asp 3.0 page using https) - On success redirect to the page (encapsuled in an iframe) supplied by the remote Webserver I can successfuly logon but when I redirect to the supplied url, the webserver does not know me anymore an redirects...
1
737
by: Werner | last post by:
Hi Patrick! Can you give an example of how to use a frameset inside an aspx-file? When I create a new frameset in Visual Studio.Net it just gives me a htm-File. Or give me a link where I can find one? Thanks Werner P.S. Somehow I did not manage to do a followup in Googles newsgroups.
4
2750
by: Chris | last post by:
When a request comes into a page on my ASP.net site and a session is not found, I want to detect whether the request is an initial request or if the user did have a session going that has now been lost and show an explanatory message before restarting the session. Rather than tagging a 'session in progress' flag on the end of every request...
8
1738
by: ari | last post by:
hey all, i'm trying to make my app as stateless as possible. is it ok to create a dataset and store in viewstate and whenever the user decides to select a from that dataset, to move from viewstate, to session, and on the details page back to viewstate. Or does that sound like too much work? thanks, ari
4
1946
by: T Ralya | last post by:
I am told that ASP.NET controls the session ID and session variables, but that does not fit my symptoms. I am posting here as directed. I'm hoping that someone can at least recommend something to try to isolate the problem. I have a simple application that demonstrates my problem. Page 1, step1: SaveSessionVariableButton will create a...
7
7769
by: Doug | last post by:
An ASP.NET session cookie set on "www.mydomain.com" can not be accessed on "search.mydomain.com"; hence, a new session and cookie are being created on every sub-domain. This is occuring because ASP.NET always sets the Session cookie domain to the full domain (e.g. "www.mydomain.com") instead of the parent domain (e.g. "mydomain.com") The...
9
5299
by: McGeeky | last post by:
Is there a way to get a user control to remember its state across pages? I have a standard page layout I use with a header and footer as user controls. Each page uses the same layout by means of copy paste (I hear this will improve in ASP.Net 2 via master pages). When I navigate from one page to the next the header and footer user controls...
8
7523
by: zdp | last post by:
Hello! I need to process some webpages of a forum which is powered by discuz!. When I login, there are some options about how long to keep the cookies: forever, month, week, et al. If I choose forever, I don't need to login each time, and When I open the internet explorer I can access any pages directly. Some urls of the pages like: ...
0
7789
by: Hystou | last post by:
Most computers default to English, but sometimes we require a different language, especially when relocating. Forgot to request a specific language before your computer shipped? No problem! You can effortlessly switch the default language on Windows 10 without reinstalling. I'll walk you through it. First, let's disable language...
0
8141
Oralloy
by: Oralloy | last post by:
Hello folks, I am unable to find appropriate documentation on the type promotion of bit-fields when using the generalised comparison operator "<=>". The problem is that using the GNU compilers, it seems that the internal comparison operator "<=>" tries to promote arguments from unsigned to signed. This is as boiled down as I can make it. ...
1
7892
by: Hystou | last post by:
Overview: Windows 11 and 10 have less user interface control over operating system update behaviour than previous versions of Windows. In Windows 11 and 10, there is no way to turn off the Windows Update option using the Control Panel or Settings app; it automatically checks for updates and installs any it finds, whether you like it or not. For...
0
8167
tracyyun
by: tracyyun | last post by:
Dear forum friends, With the development of smart home technology, a variety of wireless communication protocols have appeared on the market, such as Zigbee, Z-Wave, Wi-Fi, Bluetooth, etc. Each protocol has its own unique characteristics and advantages, but as a user who is planning to build a smart home system, I am a bit confused by the...
0
6548
agi2029
by: agi2029 | last post by:
Let's talk about the concept of autonomous AI software engineers and no-code agents. These AIs are designed to manage the entire lifecycle of a software development project—planning, coding, testing, and deployment—without human intervention. Imagine an AI that can take a project description, break it down, write the code, debug it, and then...
1
5669
isladogs
by: isladogs | last post by:
The next Access Europe User Group meeting will be on Wednesday 1 May 2024 starting at 18:00 UK time (6PM UTC+1) and finishing by 19:30 (7.30PM). In this session, we are pleased to welcome a new presenter, Adolph Dupré who will be discussing some powerful techniques for using class modules. He will explain when you may want to use classes...
0
3802
by: TSSRALBI | last post by:
Hello I'm a network technician in training and I need your help. I am currently learning how to create and manage the different types of VPNs and I have a question about LAN-to-LAN VPNs. The last exercise I practiced was to create a LAN-to-LAN VPN between two Pfsense firewalls, by using IPSEC protocols. I succeeded, with both firewalls in...
1
1399
muto222
by: muto222 | last post by:
How can i add a mobile payment intergratation into php mysql website.
0
1130
bsmnconsultancy
by: bsmnconsultancy | last post by:
In today's digital era, a well-designed website is crucial for businesses looking to succeed. Whether you're a small business owner or a large corporation in Toronto, having a strong online presence can significantly impact your brand's success. BSMN Consultancy, a leader in Website Development in Toronto offers valuable insights into creating...

By using Bytes.com and it's services, you agree to our Privacy Policy and Terms of Use.

To disable or enable advertisements and analytics tracking please visit the manage ads & tracking page.