PHP Not Creating Sessions

[RomeoS]

I was wondering if someone with a bit of know how of PHP could help me.

 

For some strange reason, I can not log into any php site hosted on my server which requires a cookie login. At first thought it was the script at fault so I re-installed but with the same results.

 

I then tried another script (a gallery) which requires user login but again, I could not get beyond the login page.

 

What happens after I press Submit is the login page simply refreshes. Nothing happens. I downloaded firebug to analyse what is being sent to the server and it seems the correct details are being sent.

 

This lead me to think it could be a issue with the way PHP is managing sessions (or not in this case).

 

I created a page called page1.php with the following code and placed it in the root www directory:

<?php //page1.php
session_start();
$_SESSION['name']="test";
header("location: page2.php");
?>

 

In the same directory, I created a second php file with the following code and called the file page2.php:

 

<?php
session_start();
print_r($_SESSION);
?>

 

I then browsed to http://domain.com/page1.php after clearing all my temp files, cookies etc.

 

Page2.php loads but it is blank.

 

The expected result would be for page2.php to display "test".

 

I have looked over my php.ini file and copied the session bit:

[session]
; Handler used to store/retrieve data.
session.save_handler = file

; Argument passed to save_handler.  In the case of files, this is the path
; where data files are stored. Note: Windows users have to change this
; variable in order to use PHP's session functions.
;
; As of PHP 4.0.1, you can define the path as:
;
;     session.save_path = "N;/path"
;
; where N is an integer.  Instead of storing all the session files in
; /path, what this will do is use subdirectories N-levels deep, and
; store the session data in those directories.  This is useful if you
; or your OS have problems with lots of files in one directory, and is
; a more efficient layout for servers that handle lots of sessions.
;
; NOTE 1: PHP will not create this directory structure automatically.
;         You can use the script in the ext/session dir for that purpose.
; NOTE 2: See the section on garbage collection below if you choose to
;         use subdirectories for session storage
;
; The file storage module creates files using mode 600 by default.
; You can change that by using
;
;     session.save_path = "N;MODE;/path"
;
; where MODE is the octal representation of the mode. Note that this
; does not overwrite the process's umask.
session.save_path = "/var/lib/php5"

; Whether to use cookies.
session.use_cookies = 1

;session.cookie_secure = 

; This option enables administrators to make their users invulnerable to
; attacks which involve passing session ids in URLs; defaults to 0.
; session.use_only_cookies = 1

; Name of the session (used as cookie name).
session.name = PHPSESSID

; Initialize session on request startup.
session.auto_start = 0

; Lifetime in seconds of cookie or, if 0, until browser is restarted.
session.cookie_lifetime = 0

; The path for which the cookie is valid.
session.cookie_path = /

; The domain for which the cookie is valid.
ini_set("session.cookie_domain","domain.com");

; Whether or not to add the httpOnly flag to the cookie, which makes it inaccessible to browser scripting languages such as JavaScript.
session.cookie_httponly = 

; Handler used to serialize data.  php is the standard serializer of PHP.
session.serialize_handler = php

; Define the probability that the 'garbage collection' process is started
; on every session initialization.
; The probability is calculated by using gc_probability/gc_divisor,
; e.g. 1/100 means there is a 1% chance that the GC process starts
; on each request.

; This is disabled in the Debian packages, due to the strict permissions
; on /var/lib/php5.  Instead of setting this here, see the cronjob at
; /etc/cron.d/php5, which uses the session.gc_maxlifetime setting below
;session.gc_probability = 0
session.gc_divisor     = 100

; After this number of seconds, stored data will be seen as 'garbage' and
; cleaned up by the garbage collection process.
session.gc_maxlifetime = 1440

; NOTE: If you are using the subdirectory option for storing session files
;       (see session.save_path above), then garbage collection does *not*
;       happen automatically.  You will need to do your own garbage
;       collection through a shell script, cron entry, or some other method.
;       For example, the following script would is the equivalent of
;       setting session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes):
;          cd /path/to/sessions; find -cmin +24 | xargs rm

; PHP 4.2 and less have an undocumented feature/bug that allows you to
; to initialize a session variable in the global scope, albeit register_globals
; is disabled.  PHP 4.3 and later will warn you, if this feature is used.
; You can disable the feature and the warning separately. At this time,
; the warning is only displayed, if bug_compat_42 is enabled.

session.bug_compat_42 = 1
session.bug_compat_warn = 1

; Check HTTP Referer to invalidate externally stored URLs containing ids.
; HTTP_REFERER has to contain this substring for the session to be
; considered as valid.
session.referer_check =

; How many bytes to read from the file.
session.entropy_length = 0

; Specified here to create the session id.
session.entropy_file =

;session.entropy_length = 16

;session.entropy_file = /dev/urandom

; Set to {nocache,private,public,} to determine HTTP caching aspects
; or leave this empty to avoid sending anti-caching headers.
session.cache_limiter = nocache

; Document expires after n minutes.
session.cache_expire = 180

; trans sid support is disabled by default.
; Use of trans sid may risk your users security.
; Use this option with caution.
; - User may send URL contains active session ID
;   to other person via. email/irc/etc.
; - URL that contains active session ID may be stored
;   in publically accessible computer.
; - User may access your site with the same session ID
;   always using URL stored in browser's history or bookmarks.
session.use_trans_sid = 0

; Select a hash function
; 0: MD5   (128 bits)
; 1: SHA-1 (160 bits)
session.hash_function = 0

; Define how many bits are stored in each character when converting
; the binary hash data to something readable.
;
; 4 bits: 0-9, a-f
; 5 bits: 0-9, a-v
; 6 bits: 0-9, a-z, A-Z, "-", ","
session.hash_bits_per_character = 4

 

 

I also ran phpinfo to confirm the save location of the session store and it matches with full 777 privileges to the webserver user account.

 

I cant figure out for the life of me why PHP is not creating any sessions

 

Server is running:

Apache v2.2.8

PHP 5.2.4-2

MySQL v5.0.51

Assuming my domain is domain.com and I am running the script on the root folder.

[PFMaBiSmAd]

Add the following two lines immediately after the opening <?php tag on both pages -

ini_set ("display_errors", "1");
error_reporting(E_ALL);

[RomeoS]

Hi PFMaBiSmAd,

 

I get the following error if I add the code:

 

Warning: session_start() [function.session-start]: Cannot find save handler file in /var/www/virtual/domain.com/page1.php on line 4

 

Warning: Cannot modify header information - headers already sent by (output started at /var/www/virtual/domain.com/page1.php:4) in /var/www/virtual/domain.com/page1.php on line 6

[PFMaBiSmAd]

Someone messed up your php.ini. This -

 

session.save_handler = file

 

Should be -

 

session.save_handler = files

 

Stop and start your web server to get any changes made to php.ini to take effect.

[RomeoS]

Hi Hi PFMaBiSmAd,

 

Thanks again for replying.

 

I made the change and now when I go to http://domain.com/page1.php I get forwarded to page2.php as expected but instead of seeing "test" I see

Array ( [name] => test )

[PFMaBiSmAd]

The code is doing exactly what you wrote it to do - http://us3.php.net/print_r

 

[RomeoS]

Hmmm I am still unable to log into any of the php scripts which require a login.  Is there a different configuration needed in the php.ini file to allow cookies for subdomain.domain.com?