Goalie wrote:
Dear all,
I have a script which checks whether a user is logged in and on which
level. If he is not logged in, he will get the login screen. My problem is
that the script works on the server of the ISP, but not on my local
machine. I checked me php.ini files and also phpinfo on the ISP server.
But what happens is that if I try to log in on my local server the session
is started but not read by the next file, it returns again to the login
screen. The files in the /tmp directory are written and contain the data,
but they are not read in again. Can any body help me on this. I work with
php 4.3.
Regards,
goalie
Hi,
I think you better named your posting: 'Broken Session' instead of multiple
session. You don't seem to get 1 running. :-)
Ok, many settings can influence the behaviour.
The BEST way to start is in my humble opinion in your browser.
1) Delete all cookies.
2) Goto you PHP page
3) CHeck if it sets a cookie with a PHPSESSIONID=blabla
(I expect not)
Now try to adjust your php.ini (and restart webserver if needed).
FInd the [Session] part
Pay special attention to:
session.save_handler = files (in most cases)
session.save_path = /tmp (or whereever you store the stuff)
session.use_cookies = 1 (important)
session.auto_start = 1 (important!)
The autostart is very handy.
You don't have to fiddle around with starting sessions and such.
For security: DOn't rely on the fact that a session exists, just rely on the
fact that YOU put something into a session.
It makes things much more clear from a programmers point-of-view.
(At least that is what I think.)
eg:
$_SESSION["userauthenticatedLevel1"] = "Y";
$_SESSION["userauthenticatedLevel2"] = "N";
is a good way to set userrights.
On the pages that are secured, just check for the right value in the
session.
Hope this helps.
Regards,
Erwin Moller
-----------------------------------------
Here follows mine (which works)
[Session]
; Handler used to store/retrieve data.
session.save_handler = files
; Argument passed to save_handler. In the case of files, this is the path
; where data files are stored. Note: Windows users have to change this
; variable in order to use PHP's session functions.
session.save_path = /tmp
; Whether to use cookies.
session.use_cookies = 1
; Name of the session (used as cookie name).
session.name = PHPSESSID
; Initialize session on request startup.
session.auto_start = 1
; Lifetime in seconds of cookie or, if 0, until browser is restarted.
session.cookie_lifetime = 0
; The path for which the cookie is valid.
session.cookie_path = /
; The domain for which the cookie is valid.
session.cookie_domain =
; Handler used to serialize data. php is the standard serializer of PHP.
session.serialize_handler = php
; Percentual probability that the 'garbage collection' process is started
; on every session initialization.
session.gc_probability = 1
; After this number of seconds, stored data will be seen as 'garbage' and
; cleaned up by the garbage collection process.
session.gc_maxlifetime = 1440
; Check HTTP Referer to invalidate externally stored URLs containing ids.
; HTTP_REFERER has to contain this substring for the session to be
; considered as valid.
session.referer_check =
; How many bytes to read from the file.
session.entropy_length = 0
; Specified here to create the session id.
session.entropy_file =
;session.entropy_length = 16
;session.entropy_file = /dev/urandom
; Set to {nocache,private,public} to determine HTTP caching aspects.
session.cache_limiter = nocache
; Document expires after n minutes.
session.cache_expire = 180
; use transient sid support if enabled by compiling with --enable-trans-sid.
session.use_trans_sid = 1
url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeent ry"