angelcool Posted August 11, 2008 Share Posted August 11, 2008 Hello community, I started to write a small program that will use PHP's $_SESSION variables. Before getting to deep with the coding I wanted to test $_SESSION functionality and guess what? They are dead! I created: test.php <?php session_start(); $_SESSION['color']='blue'; ?> test2.php <?php session_start(); echo $_SESSION['color']; ?> No echo what so ever! I added echo session_id() on both pages to make sure it is being the same session id, the result was the same session id in both pages. I am runnning PHP 5.2.6 and Apache 2.2.8 I compiled php from source and I did not specify the --disable-session parameter at compile time. I will apreciate any troubleshoot advice for this. Thank you. Quote Link to comment Share on other sites More sharing options...
tibberous Posted August 11, 2008 Share Posted August 11, 2008 Do cookies work? Quote Link to comment Share on other sites More sharing options...
revraz Posted August 11, 2008 Share Posted August 11, 2008 Check your session save path in your php.ini to make sure it's correct. Quote Link to comment Share on other sites More sharing options...
angelcool Posted August 11, 2008 Author Share Posted August 11, 2008 Thank you! I just solved this issue.(for coding purposes) phpinfo() session.save_path /var/lib/php/session It was a directory permmission issue. I chmod /var/lib/php/session to 777 and set the owner and group to apache (before, owner:root group:apache). Now it works. Now my concern is the right file permission to use. The owner and group of the files inside this directory are set to daemon. This is an installation of Fedora in VirtualBox for coding php. But I wonder the right permission settings for a production box. Once again Thank you! Angel Quote Link to comment Share on other sites More sharing options...
discomatt Posted August 11, 2008 Share Posted August 11, 2008 Ideally, you will limit access to only the user that Apache/PHP is running under. Quote Link to comment Share on other sites More sharing options...
angelcool Posted August 11, 2008 Author Share Posted August 11, 2008 ... one more thing? any idea of how long the session files in the directory specified in session.save_path are kept for? What takes care of expiring this sessions? Quote Link to comment Share on other sites More sharing options...
discomatt Posted August 11, 2008 Share Posted August 11, 2008 Garbage collection Garbage Collection While it is good practice to build applications that provide a way to end a session--with a script that makes a call to session_destroy( )--there is no guarantee that a user will log out by requesting the appropriate PHP script. PHP session management has a built-in garbage collection mechanism that ensures unused session files are eventually cleaned up. This is important for two reasons: it prevents the directory from filling up with session files that can cause performance to degrade and, more importantly, it reduces the risk of someone guessing session IDs and hijacking an old unused session. There are two parameters that control garbage collection: session.gc_maxlifetime and session.gc_probability, both defined in the php.ini file. A garbage collection process is run when a session is initialized, for example, when session_start( ) is called. Each session is examined by the garbage collection process, and any sessions that have not been accessed for a specified period of time are removed. This period is specified as seconds of inactivity in the gc_maxlifetime parameter--the default value being 1,440 seconds. The file-based session management uses the update time of the file to determine the last access. To prevent the garbage collection process from removing active session files, PHP must modify the update time of the file when session variables are read, not just when they are written. The garbage collection process can become expensive to run, especially in sites with high numbers of users, because the last-modified date of every session file must be examined. The second parameter gc_probability sets the percentage probability that the garbage collection process will be activated. A setting of 100% ensures that sessions are examined for garbage collection with every session initialization. The default value of 1% means that garbage collection occurs with a probability of 1 in 100.[1] Depending on the requirements, some figure between these two extremes balances the needs of the application and performance. Unless a site is receiving less that 1,000 hits per day, the probability should be set quite low. For example, an application that receives 1,000 hits in a 10-hour period with a gc_probability setting of 10% runs the garbage collection function, on average, once every 6 minutes. Setting the gc_probability too high adds unnecessary processing load on the server. When it is important to prevent users from accessing old sessions, the gc_probability should be increased. For example, the default session configuration sets up a cookie in the browser to be deleted when the browser program is terminated. This prevents a user from accidentally reconnecting to an old session. However, if the session ID is encoded into a URL, a bookmarked page can find an old session if it still exists. If session IDs are passed using the GET method, you should increase the probability of running garbage collection. from http://oreilly.com/catalog/webdbapps/chapter/ch08.html Personally, I usually just make custom session handlers and create database-driven sessions. More control makes devs happy Quote Link to comment Share on other sites More sharing options...
angelcool Posted August 11, 2008 Author Share Posted August 11, 2008 Thank you discomatt The perfect answer found very fast thanks to phpfreaks.com. It would had taken me quite more time to research for this. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.