468,133 Members | 1,586 Online
Bytes | Developer Community
New Post

Home Posts Topics Members FAQ

Post your question to a community of 468,133 developers. It's quick & easy.

Session ID changed everytime go to new page or reload.

Hi, I'm new member of this group.

I had added new virtual host at my intranet server. The new virtual
host configuration on httpd.conf is similar with the old one.
At the new virtual host, the session id seems changed every
interaction to server (new page or reload).
The old one is fine, the session id keeps at the same string.
Both are at the same server.
I use Apache 2.2.3 (Win32) with PHP 5.2.0.

Tested using code below:
session_start();
echo session_id();
PHP Configuration :
session.save_handler = files
;session.save_path = "/tmp"
session.use_cookies = 1
;session.use_only_cookies = 1
session.name = PHPSESSID
session.auto_start = 0
session.cookie_lifetime = 0
session.cookie_path = /
session.cookie_domain =
session.serialize_handler = php
session.gc_probability = 1
session.gc_divisor = 1000
session.gc_maxlifetime = 1440
session.bug_compat_42 = 0
session.bug_compat_warn = 1
session.referer_check =
session.entropy_length = 0
session.entropy_file =
;session.entropy_length = 16
;session.entropy_file = /dev/urandom
session.cache_limiter = nocache
session.cache_expire = 180
session.use_trans_sid = 0
session.hash_function = 0
session.hash_bits_per_character = 5

How to fix the new host to keep its session id unchanged?
Sorry for the bad english.
TIA

Apr 9 '07 #1
11 12337
Bocah Sableng wrote:
Hi, I'm new member of this group.

I had added new virtual host at my intranet server. The new virtual
host configuration on httpd.conf is similar with the old one.
At the new virtual host, the session id seems changed every
interaction to server (new page or reload).
The old one is fine, the session id keeps at the same string.
Both are at the same server.
I use Apache 2.2.3 (Win32) with PHP 5.2.0.

Tested using code below:
session_start();
echo session_id();
PHP Configuration :
session.save_handler = files
;session.save_path = "/tmp"
session.use_cookies = 1
;session.use_only_cookies = 1
session.name = PHPSESSID
session.auto_start = 0
session.cookie_lifetime = 0
session.cookie_path = /
session.cookie_domain =
session.serialize_handler = php
session.gc_probability = 1
session.gc_divisor = 1000
session.gc_maxlifetime = 1440
session.bug_compat_42 = 0
session.bug_compat_warn = 1
session.referer_check =
session.entropy_length = 0
session.entropy_file =
;session.entropy_length = 16
;session.entropy_file = /dev/urandom
session.cache_limiter = nocache
session.cache_expire = 180
session.use_trans_sid = 0
session.hash_function = 0
session.hash_bits_per_character = 5

How to fix the new host to keep its session id unchanged?
Sorry for the bad english.
TIA
What's in your Apache error log (or where ever you have your PHP errors
being logged)?

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================
Apr 9 '07 #2
On Apr 9, 7:52 pm, Jerry Stuckle <jstuck...@attglobal.netwrote:
>
What's in your Apache error log (or where ever you have your PHP errors
being logged)?
Thanks for you response.

There's no line indicating any error on my Apache error log, and the
PHP errors are not logged.

The php code I posted before seems normally executed. Here is a snip
from my Apache access log (and repeated several times) :
192.168.1.90 - - [09/Apr/2007:11:54:17 +0700] "GET /session_id.php
HTTP/1.1" 200 330

I don't know the mechanisms of session id generation. 'Cos when I move
the new virtual host at the top and accessed using its local IP
address (192.168.1.90), the problem disappears. But when accessed
using named vhost (even if the new vhost config at the top), the
problem still remain.
Should I post the vhost config? (This group is php newsgroup)

And another info:
I use 'register_globals=on' and also 'register_long_arrays=on' for
backward compatibility with my ancient scripts. I know it's a bad
habit, but I use the application and the server both for intranet app
only and I don't have much time to fix all.

Thanks.

Apr 9 '07 #3
On Apr 9, 7:54 pm, "Bocah Sableng" <cahsabl...@gmail.comwrote:

[...]
And another info:
I found Bug #16263 on http://bugs.php.net/bug.php?id=16263.
But I don't think it's the same problem.

Apr 9 '07 #4
>I had added new virtual host at my intranet server. The new virtual
>host configuration on httpd.conf is similar with the old one.
What is the domain name of the new host and the old one? If they
are in different domains, the browser won't send cookies (including
the session cookie) from one domain to another. Do you have
cross-links between virtual hosts? It looks like you are using
host-only cookies (session.cookie_domain unset), so cookies won't
be passed by the browser between hosts.
>At the new virtual host, the session id seems changed every
interaction to server (new page or reload).
The old one is fine, the session id keeps at the same string.
Both are at the same server.
I use Apache 2.2.3 (Win32) with PHP 5.2.0.

Tested using code below:
session_start();
echo session_id();
PHP Configuration :
session.save_handler = files
;session.save_path = "/tmp"
session.use_cookies = 1
;session.use_only_cookies = 1
session.name = PHPSESSID
session.auto_start = 0
session.cookie_lifetime = 0
session.cookie_path = /
session.cookie_domain =
session.serialize_handler = php
session.gc_probability = 1
session.gc_divisor = 1000
session.gc_maxlifetime = 1440
session.bug_compat_42 = 0
session.bug_compat_warn = 1
session.referer_check =
session.entropy_length = 0
session.entropy_file =
;session.entropy_length = 16
;session.entropy_file = /dev/urandom
session.cache_limiter = nocache
session.cache_expire = 180
session.use_trans_sid = 0
session.hash_function = 0
session.hash_bits_per_character = 5

How to fix the new host to keep its session id unchanged?
Sorry for the bad english.
TIA

Apr 9 '07 #5
On Apr 10, 5:51 am, gordonb.7i...@burditt.org (Gordon Burditt) wrote:
>
What is the domain name of the new host and the old one?
My old domain is sinau.dev, and the new one is op_pusat.dev. (I
use .dev for development)
If they
are in different domains, the browser won't send cookies (including
the session cookie) from one domain to another.
Do you have cross-links between virtual hosts?
I don't understand the meaning of 'cross-link'
It looks like you are using
host-only cookies (session.cookie_domain unset), so cookies won't
be passed by the browser between hosts.
Reading your post, I found another clue. I try to check cookies.
Tested using FF 1.5, the problem disappear (session id remains
unchanged).
Using IE6, session id always changed, even if the domain is in trusted
sites list.

I try to get cookie info by executing
print_r(session_get_cookie_params()). Both old and new domain have the
same value:
Array
(
[lifetime] =0
[path] =/
[domain] =>
[secure] =>
[httponly] =>
)

I have read user notes php manual section session handling, but none
of the solution works for me.
Is it cookie problem?

Apr 10 '07 #6
>What is the domain name of the new host and the old one?
>
My old domain is sinau.dev, and the new one is op_pusat.dev. (I
use .dev for development)
Then the domains are different.
>If they
are in different domains, the browser won't send cookies (including
the session cookie) from one domain to another.
Do you have cross-links between virtual hosts?

I don't understand the meaning of 'cross-link'
Domain A contains links to pages in Domain B, and vice versa.
>It looks like you are using
host-only cookies (session.cookie_domain unset), so cookies won't
be passed by the browser between hosts.

Reading your post, I found another clue. I try to check cookies.
Tested using FF 1.5, the problem disappear (session id remains
unchanged).
Using IE6, session id always changed, even if the domain is in trusted
sites list.
>I try to get cookie info by executing
print_r(session_get_cookie_params()). Both old and new domain have the
same value:
Array
(
[lifetime] =0
[path] =/
[domain] =>
[secure] =>
[httponly] =>
)
Try looking at the cookie(s) on the browser. What domain(s) are they
in? There should be one cookie for each domain. Also try printing
$_COOKIE['PHPSESSID'] to see what cookie is getting sent to each page.
>I have read user notes php manual section session handling, but none
of the solution works for me.
Is it cookie problem?
If you are constantly getting new sessions on every page hit, it's
usually a cookie problem, assuming you are not trying to use
trans_sid. You can't maintain the *SAME* session between servers
in two different domains (even if it's the same server).
Apr 10 '07 #7
On Apr 10, 11:12 am, gordonb.72...@burditt.org (Gordon Burditt) wrote:
Try looking at the cookie(s) on the browser. What domain(s) are they
in? There should be one cookie for each domain. Also try printing
$_COOKIE['PHPSESSID'] to see what cookie is getting sent to each page.
I try to execute print_r($_COOKIE);
FF: both old and new hosts print its PHPSESSID value.
IE: old host print its PHPSESSID value, and new host print empty array
(no cookies sent?).
I have read user notes php manual section session handling, but none
of the solution works for me.
Is it cookie problem?

If you are constantly getting new sessions on every page hit, it's
usually a cookie problem, assuming you are not trying to use
trans_sid. You can't maintain the *SAME* session between servers
in two different domains (even if it's the same server).
I've decided to leave this problem and use IP address since I have no
idea to solve strange IE behaviour.

Thank you very much.

Apr 10 '07 #8
Bocah Sableng wrote:
On Apr 9, 7:52 pm, Jerry Stuckle <jstuck...@attglobal.netwrote:
>What's in your Apache error log (or where ever you have your PHP errors
being logged)?

Thanks for you response.

There's no line indicating any error on my Apache error log, and the
PHP errors are not logged.

The php code I posted before seems normally executed. Here is a snip
from my Apache access log (and repeated several times) :
192.168.1.90 - - [09/Apr/2007:11:54:17 +0700] "GET /session_id.php
HTTP/1.1" 200 330

I don't know the mechanisms of session id generation. 'Cos when I move
the new virtual host at the top and accessed using its local IP
address (192.168.1.90), the problem disappears. But when accessed
using named vhost (even if the new vhost config at the top), the
problem still remain.
Should I post the vhost config? (This group is php newsgroup)

And another info:
I use 'register_globals=on' and also 'register_long_arrays=on' for
backward compatibility with my ancient scripts. I know it's a bad
habit, but I use the application and the server both for intranet app
only and I don't have much time to fix all.

Thanks.
And one other thing - you are calling session_start() before ANY output
(even whitespace, DOCTYPE, etc.) in every page you need it, aren't you?

Again - I suspect you are - but sometimes the obvious gets overlooked. :-)
--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
js*******@attglobal.net
==================
Apr 10 '07 #9
>Try looking at the cookie(s) on the browser. What domain(s) are they
>in? There should be one cookie for each domain. Also try printing
$_COOKIE['PHPSESSID'] to see what cookie is getting sent to each page.

I try to execute print_r($_COOKIE);
FF: both old and new hosts print its PHPSESSID value.
Same value or two different values? I'm unclear whether you are trying
to maintain a single session across multiple servers.
>IE: old host print its PHPSESSID value, and new host print empty array
(no cookies sent?).
That's what it means, and this is likely your problem.
IE security settings are probably relevant here.
>I have read user notes php manual section session handling, but none
of the solution works for me.
Is it cookie problem?

If you are constantly getting new sessions on every page hit, it's
usually a cookie problem, assuming you are not trying to use
trans_sid. You can't maintain the *SAME* session between servers
in two different domains (even if it's the same server).

I've decided to leave this problem and use IP address since I have no
idea to solve strange IE behaviour.

Thank you very much.

Apr 10 '07 #10
On Apr 10, 7:39 pm, Jerry Stuckle <jstuck...@attglobal.netwrote:
>
And one other thing - you are calling session_start() before ANY output
(even whitespace, DOCTYPE, etc.) in every page you need it, aren't you?

Again - I suspect you are - but sometimes the obvious gets overlooked. :-)
I call session_start() before send any output to browser.
I wish my problem is just because call session_start() after sending
output to browser. :)
But tested using FF, I get normal output.

Apr 11 '07 #11
On Apr 11, 6:16 am, gordonb.vs...@burditt.org (Gordon Burditt) wrote:
I try to execute print_r($_COOKIE);
FF: both old and new hosts print its PHPSESSID value.

Same value or two different values?
Different values.
I'm unclear whether you are trying
to maintain a single session across multiple servers.
No, I'm not. I use old domain for research and the new domain for
framework testing. No interaction each other.
>
IE: old host print its PHPSESSID value, and new host print empty array
(no cookies sent?).

That's what it means, and this is likely your problem.
IE security settings are probably relevant here.
Thinking the same thing. :)

Apr 11 '07 #12

This discussion thread is closed

Replies have been disabled for this discussion.

Similar topics

8 posts views Thread by Dynamo | last post: by
3 posts views Thread by michael | last post: by
2 posts views Thread by Brenden Bixler | last post: by
1 post views Thread by David C | last post: by
5 posts views Thread by raamay | last post: by
27 posts views Thread by didacticone | last post: by
By using this site, you agree to our Privacy Policy and Terms of Use.