By using this site, you agree to our updated Privacy Policy and our Terms of Use. Manage your Cookies Settings.
459,510 Members | 1,169 Online
Bytes IT Community
+ Ask a Question
Need help? Post your question and get tips & solutions from a community of 459,510 IT Pros & Developers. It's quick & easy.

multiple sessions

P: n/a
Dear all,

I have a script which checks whether a user is logged in and on which level.
If he is not logged in, he will get the login screen. My problem is that the
script works on the server of the ISP, but not on my local machine. I
checked me php.ini files and also phpinfo on the ISP server. But what
happens is that if I try to log in on my local server the session is started
but not read by the next file, it returns again to the login screen. The
files in the /tmp directory are written and contain the data, but they are
not read in again. Can any body help me on this. I work with php 4.3.

Regards,
goalie
Jul 17 '05 #1
Share this Question
Share on Google+
4 Replies


P: n/a
Goalie wrote:
Dear all,

I have a script which checks whether a user is logged in and on which
level. If he is not logged in, he will get the login screen. My problem is
that the script works on the server of the ISP, but not on my local
machine. I checked me php.ini files and also phpinfo on the ISP server.
But what happens is that if I try to log in on my local server the session
is started but not read by the next file, it returns again to the login
screen. The files in the /tmp directory are written and contain the data,
but they are not read in again. Can any body help me on this. I work with
php 4.3.

Regards,
goalie


Hi,

I think you better named your posting: 'Broken Session' instead of multiple
session. You don't seem to get 1 running. :-)

Ok, many settings can influence the behaviour.
The BEST way to start is in my humble opinion in your browser.
1) Delete all cookies.
2) Goto you PHP page
3) CHeck if it sets a cookie with a PHPSESSIONID=blabla

(I expect not)

Now try to adjust your php.ini (and restart webserver if needed).
FInd the [Session] part

Pay special attention to:
session.save_handler = files (in most cases)
session.save_path = /tmp (or whereever you store the stuff)
session.use_cookies = 1 (important)
session.auto_start = 1 (important!)

The autostart is very handy.
You don't have to fiddle around with starting sessions and such.

For security: DOn't rely on the fact that a session exists, just rely on the
fact that YOU put something into a session.
It makes things much more clear from a programmers point-of-view.
(At least that is what I think.)

eg:
$_SESSION["userauthenticatedLevel1"] = "Y";
$_SESSION["userauthenticatedLevel2"] = "N";

is a good way to set userrights.

On the pages that are secured, just check for the right value in the
session.

Hope this helps.

Regards,
Erwin Moller

-----------------------------------------

Here follows mine (which works)

[Session]
; Handler used to store/retrieve data.
session.save_handler = files

; Argument passed to save_handler. In the case of files, this is the path
; where data files are stored. Note: Windows users have to change this
; variable in order to use PHP's session functions.
session.save_path = /tmp

; Whether to use cookies.
session.use_cookies = 1
; Name of the session (used as cookie name).
session.name = PHPSESSID

; Initialize session on request startup.
session.auto_start = 1

; Lifetime in seconds of cookie or, if 0, until browser is restarted.
session.cookie_lifetime = 0

; The path for which the cookie is valid.
session.cookie_path = /

; The domain for which the cookie is valid.
session.cookie_domain =

; Handler used to serialize data. php is the standard serializer of PHP.
session.serialize_handler = php

; Percentual probability that the 'garbage collection' process is started
; on every session initialization.
session.gc_probability = 1

; After this number of seconds, stored data will be seen as 'garbage' and
; cleaned up by the garbage collection process.
session.gc_maxlifetime = 1440

; Check HTTP Referer to invalidate externally stored URLs containing ids.
; HTTP_REFERER has to contain this substring for the session to be
; considered as valid.
session.referer_check =

; How many bytes to read from the file.
session.entropy_length = 0

; Specified here to create the session id.
session.entropy_file =

;session.entropy_length = 16

;session.entropy_file = /dev/urandom

; Set to {nocache,private,public} to determine HTTP caching aspects.
session.cache_limiter = nocache

; Document expires after n minutes.
session.cache_expire = 180

; use transient sid support if enabled by compiling with --enable-trans-sid.
session.use_trans_sid = 1

url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeent ry"
Jul 17 '05 #2

P: n/a
Dear all,

I changed the things in the php.ini file, but it didn't help (restarted
httpd as well).
My browser accepts cookies, in the temp directory a file made sess_blabla
after I clicked login. But when I go into my secure.php page
isset($_SESSION['name'] is false and I am redirected to my login page. After
that my second session file is started.

The session lines in php.ini looks like:
session.save_handler = files
session.save_path = /tmp
session.use_cookies = 1
session.name = PHPSESSID
session.auto_start = 1
session.cookie_lifetime = 0
session.cookie_path = /tmp
session.cookie_domain = donald
session.serialize_handler = php
session.gc_probability = 1
session.gc_maxlifetime = 1440
session.referer_check =
session.entropy_length = 0
session.entropy_file =
session.cache_limiter = nocache
session.cache_expire = 180
session.use_trans_sid = 1

Regards,

Marcel
"Erwin Moller"
<si******************************************@spam yourself.com> wrote in
message news:41**********************@news.xs4all.nl...
Goalie wrote:
Dear all,

I have a script which checks whether a user is logged in and on which
level. If he is not logged in, he will get the login screen. My problem
is
that the script works on the server of the ISP, but not on my local
machine. I checked me php.ini files and also phpinfo on the ISP server.
But what happens is that if I try to log in on my local server the
session
is started but not read by the next file, it returns again to the login
screen. The files in the /tmp directory are written and contain the data,
but they are not read in again. Can any body help me on this. I work with
php 4.3.

Regards,
goalie


Hi,

I think you better named your posting: 'Broken Session' instead of
multiple
session. You don't seem to get 1 running. :-)

Ok, many settings can influence the behaviour.
The BEST way to start is in my humble opinion in your browser.
1) Delete all cookies.
2) Goto you PHP page
3) CHeck if it sets a cookie with a PHPSESSIONID=blabla

(I expect not)

Now try to adjust your php.ini (and restart webserver if needed).
FInd the [Session] part

Pay special attention to:
session.save_handler = files (in most cases)
session.save_path = /tmp (or whereever you store the stuff)
session.use_cookies = 1 (important)
session.auto_start = 1 (important!)

The autostart is very handy.
You don't have to fiddle around with starting sessions and such.

For security: DOn't rely on the fact that a session exists, just rely on
the
fact that YOU put something into a session.
It makes things much more clear from a programmers point-of-view.
(At least that is what I think.)

eg:
$_SESSION["userauthenticatedLevel1"] = "Y";
$_SESSION["userauthenticatedLevel2"] = "N";

is a good way to set userrights.

On the pages that are secured, just check for the right value in the
session.

Hope this helps.

Regards,
Erwin Moller

-----------------------------------------

Here follows mine (which works)

[Session]
; Handler used to store/retrieve data.
session.save_handler = files

; Argument passed to save_handler. In the case of files, this is the path
; where data files are stored. Note: Windows users have to change this
; variable in order to use PHP's session functions.
session.save_path = /tmp

; Whether to use cookies.
session.use_cookies = 1
; Name of the session (used as cookie name).
session.name = PHPSESSID

; Initialize session on request startup.
session.auto_start = 1

; Lifetime in seconds of cookie or, if 0, until browser is restarted.
session.cookie_lifetime = 0

; The path for which the cookie is valid.
session.cookie_path = /

; The domain for which the cookie is valid.
session.cookie_domain =

; Handler used to serialize data. php is the standard serializer of PHP.
session.serialize_handler = php

; Percentual probability that the 'garbage collection' process is started
; on every session initialization.
session.gc_probability = 1

; After this number of seconds, stored data will be seen as 'garbage' and
; cleaned up by the garbage collection process.
session.gc_maxlifetime = 1440

; Check HTTP Referer to invalidate externally stored URLs containing ids.
; HTTP_REFERER has to contain this substring for the session to be
; considered as valid.
session.referer_check =

; How many bytes to read from the file.
session.entropy_length = 0

; Specified here to create the session id.
session.entropy_file =

;session.entropy_length = 16

;session.entropy_file = /dev/urandom

; Set to {nocache,private,public} to determine HTTP caching aspects.
session.cache_limiter = nocache

; Document expires after n minutes.
session.cache_expire = 180

; use transient sid support if enabled by compiling
with --enable-trans-sid.
session.use_trans_sid = 1

url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeent ry"

Jul 17 '05 #3

P: n/a
Goalie wrote:
Dear all,

I changed the things in the php.ini file, but it didn't help (restarted
httpd as well).
My browser accepts cookies, in the temp directory a file made sess_blabla
after I clicked login. But when I go into my secure.php page
isset($_SESSION['name'] is false and I am redirected to my login page.
After that my second session file is started.
Hi,

Are both files on the same domain? (should be)
And what is 'donald' excactly doing in your php.ini?
--> session.cookie_domain = donald <--

Is that a valid domain????
Try to remove donald, and try again.

Regards,
Erwin Moller

The session lines in php.ini looks like:
session.save_handler = files
session.save_path = /tmp
session.use_cookies = 1
session.name = PHPSESSID
session.auto_start = 1
session.cookie_lifetime = 0
session.cookie_path = /tmp
session.cookie_domain = donald
session.serialize_handler = php
session.gc_probability = 1
session.gc_maxlifetime = 1440
session.referer_check =
session.entropy_length = 0
session.entropy_file =
session.cache_limiter = nocache
session.cache_expire = 180
session.use_trans_sid = 1

Regards,

Marcel

Jul 17 '05 #4

P: n/a
Yes, they are in the same domain.
I removed it, but not succeed.

Goalie
"Erwin Moller"
<si******************************************@spam yourself.com> wrote in
message news:41**********************@news.xs4all.nl...
Goalie wrote:
Dear all,

I changed the things in the php.ini file, but it didn't help (restarted
httpd as well).
My browser accepts cookies, in the temp directory a file made sess_blabla
after I clicked login. But when I go into my secure.php page
isset($_SESSION['name'] is false and I am redirected to my login page.
After that my second session file is started.


Hi,

Are both files on the same domain? (should be)
And what is 'donald' excactly doing in your php.ini?
--> session.cookie_domain = donald <--

Is that a valid domain????
Try to remove donald, and try again.

Regards,
Erwin Moller

The session lines in php.ini looks like:
session.save_handler = files
session.save_path = /tmp
session.use_cookies = 1
session.name = PHPSESSID
session.auto_start = 1
session.cookie_lifetime = 0
session.cookie_path = /tmp
session.cookie_domain = donald
session.serialize_handler = php
session.gc_probability = 1
session.gc_maxlifetime = 1440
session.referer_check =
session.entropy_length = 0
session.entropy_file =
session.cache_limiter = nocache
session.cache_expire = 180
session.use_trans_sid = 1

Regards,

Marcel

Jul 17 '05 #5

This discussion thread is closed

Replies have been disabled for this discussion.