$_SESSION problem - page reload creates new Session ID

Mimi wrote:

Hello,

I am having trouble using the session vars in
PHP 4.3.9
OS: Win XP Prof
Web Server IIS (is local and there are no links to other servers from
the web pages I work on)
Browser: IE 6.0

The problem I am having is that each time I reload the same PHP page, I
get a different
Session ID (and thus all session vars are lost from one page to another).

let's say in firstpage.php I set
$_SESSION["firstvar"] = "someval";
$_SESSION["secvar"] = "otherval";

and in secpage.php I try to retrieve $_SESSION["firstvar"] , it gives me
"Undefined Index error"
I did not know what is happening and when printing out the session id
(echo SID;) I found out
that the ID is changing every time page is reloaded or when moving to
another page.

The problem is that I don't know what might reset the session since I use
"session_auto_start"
and have not played with session_start, session_destroy or anything else.

Can someone give me a hint on what might cause this ?

Thanks

Settings taken from PHP_INFO:
================================================== ========
Session Support enabled
Registered save handlers files user

Directive Local Value Master Value
session.auto_start On On
session.bug_compat_42 On On
session.bug_compat_warn On On
session.cache_expire 180 180
session.cache_limiter nocache nocache
session.cookie_domain no value no value
session.cookie_lifetime 0 0
session.cookie_path / /
session.cookie_secure Off Off
session.entropy_file no value no value
session.entropy_length 0 0
session.gc_divisor 100 100
session.gc_maxlifetime 1440 1440
session.gc_probability 1 1
session.name PHPSESSID PHPSESSID
session.referer_check no value no value
session.save_handler files files
session.save_path D:\PHP\SessionData D:\PHP\SessionData
session.serialize_handler php php
session.use_cookies On On
session.use_only_cookies Off Off
session.use_trans_sid Off Off

Looks good to me.
Are you maybe jumping to another domain too when you say you jump to another
page?
Cookies are invisible when the domain changes (or even path in the same
domain in some cases)

http://www.domain1.com/somephp.php <- sets cookie with PHPSESSIONID

http://www.domain2.com/somephp.php <- invisible here

I am unsure if that is the case of course.

A great way to debug theese kind of problems is by simply investigating the
cookies set on your browser.
(Use Firefox or Mozilla for a userfriendly cookieviewer under tools)

Regards,
Erwin Moller

Mimi wrote:

The problem I am having is that each time I reload the same PHP page, I get
a different
Session ID (and thus all session vars are lost from one page to another).
<snip>
Can someone give me a hint on what might cause this ?

Did you start the session both for the firstpage.php and secpage.php?

--
Mail to my "From:" address is readable by all at http://www.dodgeit.com/
== ** ## !! ------------------------------------------------ !! ## ** ==
TEXT-ONLY mail to the whole "Reply-To:" address ("My Name" <my@address>)
may bypass my spam filter. If it does, I may reply from another address!

Pedro Graca wrote:

Mimi wrote:

The problem I am having is that each time I reload the same PHP page, I
get a different
Session ID (and thus all session vars are lost from one page to another).
<snip>

Can someone give me a hint on what might cause this ?

Did you start the session both for the firstpage.php and secpage.php?

Mimi wrote:
The problem is that I don't know what might reset the session since I use
"session_auto_start"

So that shouldn't be a problem.

Regards,
Erwin Moller

Mimi wrote (edited):

Can someone give me a hint on what might [make session not work] ? Settings taken from PHP_INFO: <snip> session.save_path D:\PHP\SessionData D:\PHP\SessionData

Are you sure PHP can write files here?

--
Mail to my "From:" address is readable by all at http://www.dodgeit.com/
== ** ## !! ------------------------------------------------ !! ## ** ==
TEXT-ONLY mail to the whole "Reply-To:" address ("My Name" <my@address>)
may bypass my spam filter. If it does, I may reply from another address!

Hello,

Thanks for all your input. Because there were several replies,
I will answer all of them here:

1) Yes, PHP can write in the "session_save_path" folder and I can see
there are 120 session files for the day and this is a local machine
where I am the only one to have access to.

2) The files I am trying to access are part of the same domain

3) Because I use "session_auto_start" in php.ini I am not required
to use "session_start()" on php pages; So the answer is NO, I am not using
this function

Because the cause of the problem has not been identified, I am still
asking for your support.

Thanks
"Pedro Graca" <he****@dodgeit.com> wrote in message
news:sl*******************@ID-203069.user.uni-berlin.de...

Mimi wrote (edited):

Can someone give me a hint on what might [make session not work] ?

Settings taken from PHP_INFO:

<snip>

session.save_path D:\PHP\SessionData D:\PHP\SessionData

Are you sure PHP can write files here?

--
Mail to my "From:" address is readable by all at http://www.dodgeit.com/
== ** ## !! ------------------------------------------------ !! ## ** ==
TEXT-ONLY mail to the whole "Reply-To:" address ("My Name" <my@address>)
may bypass my spam filter. If it does, I may reply from another address!

Mimi wrote:

Because the cause of the problem has not been identified, I am still
asking for your support.

Do you have cookies enabled in your browser?
Verify that and also try passing the session id in the url:

---- firstpage.php ----
echo '<a href="secpage.php?', SID, '">second page</a>';
--
Mail to my "From:" address is readable by all at http://www.dodgeit.com/
== ** ## !! ------------------------------------------------ !! ## ** ==
TEXT-ONLY mail to the whole "Reply-To:" address ("My Name" <my@address>)
may bypass my spam filter. If it does, I may reply from another address!

Hello,

Yes, cookies and all the othe stuff are enabled on my browser (internet
options -> internet security).
And Yes, I use SID to display the session ID on my pages.

Since I am able to see the sessions created in "SessionData" folder and I
can see that the session vars
are there and set when the application is started. This page is displayed
properly.

The problem occurs when I click to go to another page and in this case at
"page load" a new session
is created which does not contain the session vars I set in the default
page.
A new session ID is created and therefore a new file can be found on the
"SessionData" folder.

The code I have in those pages is complex but I do not use any functions
that can trigger the app to
create a new session and that's why I do not understand what might cause
this behavior.

Is anybody aware, besides "session_start()", of a known function or event
that may trigger
this problem ?

I understand that when cookies are not enabled this might happen but since
they can be set, something else
might happen.

Thank You again.

"Pedro Graca" <he****@dodgeit.com> wrote in message
news:sl*******************@ID-203069.user.uni-berlin.de...

Mimi wrote:

Because the cause of the problem has not been identified, I am still
asking for your support.

Do you have cookies enabled in your browser?
Verify that and also try passing the session id in the url:

---- firstpage.php ----
echo '<a href="secpage.php?', SID, '">second page</a>';
--
Mail to my "From:" address is readable by all at http://www.dodgeit.com/
== ** ## !! ------------------------------------------------ !! ## ** ==
TEXT-ONLY mail to the whole "Reply-To:" address ("My Name" <my@address>)
may bypass my spam filter. If it does, I may reply from another address!

Hello,

There is one thing I forgot to mention:

On my application I am using FRAMES, and I noticed one strange thing:

If I place the "include (SomeSessionVars.php)" in the default FRAMESET page
(not in the Frame),
the session vars are not set. I have to include my file in the default page
of one of the
available frames. And only then the vars are set.
The files I talked about are in fact in the same directory ?!

"Mimi" <mi**@coco.com> wrote in message
news:X1*************@fe39.usenetserver.com...

Hello,

Yes, cookies and all the othe stuff are enabled on my browser (internet
options -> internet security).
And Yes, I use SID to display the session ID on my pages.

Since I am able to see the sessions created in "SessionData" folder and I
can see that the session vars
are there and set when the application is started. This page is displayed
properly.

The problem occurs when I click to go to another page and in this case at
"page load" a new session
is created which does not contain the session vars I set in the default
page.
A new session ID is created and therefore a new file can be found on the
"SessionData" folder.

The code I have in those pages is complex but I do not use any functions
that can trigger the app to
create a new session and that's why I do not understand what might cause
this behavior.

Is anybody aware, besides "session_start()", of a known function or event
that may trigger
this problem ?

I understand that when cookies are not enabled this might happen but since
they can be set, something else
might happen.

Thank You again.

"Pedro Graca" <he****@dodgeit.com> wrote in message
news:sl*******************@ID-203069.user.uni-berlin.de...

Mimi wrote:

Because the cause of the problem has not been identified, I am still
asking for your support.

Do you have cookies enabled in your browser?
Verify that and also try passing the session id in the url:

---- firstpage.php ----
echo '<a href="secpage.php?', SID, '">second page</a>';
--
Mail to my "From:" address is readable by all at http://www.dodgeit.com/
== ** ## !! ------------------------------------------------ !! ## ** ==
TEXT-ONLY mail to the whole "Reply-To:" address ("My Name" <my@address>)
may bypass my spam filter. If it does, I may reply from another address!

Mimi wrote:

There is one thing I forgot to mention:

On my application I am using FRAMES, and I noticed one strange thing:

Frames shouldn't be a problem (as far as session data is concerned --
frames are bad!).

A simple script with sessions works for you with your current
configuration?
========
<?php
session_start();
if (!isset($_SESSION['hits'])) $_SESSION['hits'] = 0;
++$_SESSION['hits'];

echo '<p>Session hits: ', $_SESSION['hits'], '</p>';
echo '<p>Refresh the page or click <a href="', $_SERVER['PHP_SELF'],
'">here</a>.';
?>
--------
At every refresh this page /should/ keep increasing the displayed number
of hits. Does it?

--
Mail to my "From:" address is readable by all at http://www.dodgeit.com/
== ** ## !! ------------------------------------------------ !! ## ** ==
TEXT-ONLY mail to the whole "Reply-To:" address ("My Name" <my@address>)
may bypass my spam filter. If it does, I may reply from another address!

Hello,

Yes, everything works on individual pages. So I can set session variables
and later make references to them or print them out on the screen.
What is not working is accessing session vars that have been already
set on a page just viewed because there is a new session created
when the page is loaded.

What is also strange is that every time I try to refresh any page on my app,
a new session is created and don't understand why !? And that is the reason
I
can not pinpoint the problem.

Thanks anyway for trying to help.

"Pedro Graca" <he****@dodgeit.com> wrote in message
news:sl*******************@ID-203069.user.uni-berlin.de...

Mimi wrote:

There is one thing I forgot to mention:

On my application I am using FRAMES, and I noticed one strange thing:

Frames shouldn't be a problem (as far as session data is concerned --
frames are bad!).

A simple script with sessions works for you with your current
configuration?
========
<?php
session_start();
if (!isset($_SESSION['hits'])) $_SESSION['hits'] = 0;
++$_SESSION['hits'];

echo '<p>Session hits: ', $_SESSION['hits'], '</p>';
echo '<p>Refresh the page or click <a href="', $_SERVER['PHP_SELF'],
'">here</a>.';
?>
--------
At every refresh this page /should/ keep increasing the displayed number
of hits. Does it?

--
Mail to my "From:" address is readable by all at http://www.dodgeit.com/
== ** ## !! ------------------------------------------------ !! ## ** ==
TEXT-ONLY mail to the whole "Reply-To:" address ("My Name" <my@address>)
may bypass my spam filter. If it does, I may reply from another address!

Now this is ridiculous:
After all this fuss I found out what the problem was:

I have ZoneAlarm installed on this computer but under "Cookie Control"
I let session and persistent cookies get through. I only disabled "Third
Party Cookies"

Immediately when I enabled "Third Party Cookies" the session was working as
intended.

I am not sure why ZoneAlarm would consider the local session files as "third
party" ?!

Anyways, Thank You all
"Mimi" <mi**@coco.com> wrote in message
news:2I************@fe61.usenetserver.com...

Hello,

Yes, everything works on individual pages. So I can set session variables
and later make references to them or print them out on the screen.
What is not working is accessing session vars that have been already
set on a page just viewed because there is a new session created
when the page is loaded.

What is also strange is that every time I try to refresh any page on my
app,
a new session is created and don't understand why !? And that is the
reason I
can not pinpoint the problem.

Thanks anyway for trying to help.

"Pedro Graca" <he****@dodgeit.com> wrote in message
news:sl*******************@ID-203069.user.uni-berlin.de...

Mimi wrote:

There is one thing I forgot to mention:

On my application I am using FRAMES, and I noticed one strange thing:

Frames shouldn't be a problem (as far as session data is concerned --
frames are bad!).

A simple script with sessions works for you with your current
configuration?
========
<?php
session_start();
if (!isset($_SESSION['hits'])) $_SESSION['hits'] = 0;
++$_SESSION['hits'];

echo '<p>Session hits: ', $_SESSION['hits'], '</p>';
echo '<p>Refresh the page or click <a href="', $_SERVER['PHP_SELF'],
'">here</a>.';
?>
--------
At every refresh this page /should/ keep increasing the displayed number
of hits. Does it?

--
Mail to my "From:" address is readable by all at http://www.dodgeit.com/
== ** ## !! ------------------------------------------------ !! ## ** ==
TEXT-ONLY mail to the whole "Reply-To:" address ("My Name" <my@address>)
may bypass my spam filter. If it does, I may reply from another address!

Mimi wrote:

Yes, everything works on individual pages.
Ok. So it is not a problem with the server.
So I can set session variables
and later make references to them or print them out on the screen.
Just re-checking:
When you say later, do you mean later in the same script (like setting
$_SESSION['something'] = 42 in line 17 and echoing that in line 163)
or later in another request for possibly another URL?
What is not working is accessing session vars that have been already
set on a page just viewed because there is a new session created
when the page is loaded.

What is also strange is that every time I try to refresh any page on my app,
a new session is created and don't understand why !? And that is the reason
I can not pinpoint the problem.

As fas as the server is concerned all requests are independant.

Between two requests of your browser, there could have been a hundred
requests from other browsers. PHP needs a way to identify that this
101st request is the one to associate with the first and recreate the
session variables. It does that because on the first session_start() it
sent the browser a cookie with the session id and the browser sends the
cookie back to the server. PHP then checks in session.save_path for a
file corresponding to that cookie and recreates the session variables.
Something like this happens:

CLIENT => Hey! Gimme "index.php"
SERVER <= I'm going to keep a few values for you saved on my disk.
In order for me to fetch them later I ask you to send
me back the "PHPSESSID=0123456789abcdef" cookie.

ANOTHER CLIENT => same thing here
SERVER (TO ANOTHER CLIENT) <= almost the same thing (different
session id)

...
100 more requests
...

CLIENT (you again) => Hey! Gimme "list.php"
You stored data for me on your disk. The key
to that data is "PHPSESSID=0123456789abcdef"
SERVER <= Ok, keep sending me the key to the data and all is well
if the browser didn't send the cookie, PHP thinks it is a request
that is independant of the first and will create a brand new session
id for it (with the corresponding file in the session.save_path
directory).

Another way for the browser to tell the server what session to use,
instead of using cookies, is to pass the session id in the URL or in a
(hidden) form field


So, I guess your browser is not sending the session id back to the
server for that specific page you're having problems with.

--
Mail to my "From:" address is readable by all at http://www.dodgeit.com/
== ** ## !! ------------------------------------------------ !! ## ** ==
TEXT-ONLY mail to the whole "Reply-To:" address ("My Name" <my@address>)
may bypass my spam filter. If it does, I may reply from another address!

Mimi wrote:
Hi Mimi,

Glad you solved it.

Now this is ridiculous:
After all this fuss I found out what the problem was:

I have ZoneAlarm installed on this computer but under "Cookie Control"
I let session and persistent cookies get through. I only disabled "Third
Party Cookies"
Woot?
That sounds strange...
I use ZoneAlarm too on my M$-box, but NEVER had trouble like this.
Maybe you hitted some obscure bug in Zonealarm?
Please contact them.

Immediately when I enabled "Third Party Cookies" the session was working
as intended.

I am not sure why ZoneAlarm would consider the local session files as
"third party" ?!

Anyways, Thank You all

You are welcome.

Regards,
Erwin Moller