[SOLVED] Big Session Problem

[Bopo]

Hi

 

A few days ago I posted a thread asking why my session's where not working, after over 10 repies, trying countless tweaks/changes, and looking at more than 10 tutorials, I have decided that there is nothing wrong with my code, therefore I won't bother wasting your time posting it.

 

Their doesn't seem to be a problem if I echo out a session on the same page it is created, it's any other page that doesn't work (yes I have session_start() at the top of my other pages etc) However I do believe its something to do with the session being sent to some folder i.e. the way PHP is setup on my server, I use paid hosting, and have a normal cpanel, so I was wondering if anyone knows about checking up/changing settings that may require changing.

 

Cheers

[trq]

We need to see all relevent (session) entries from your php.ini file.

[PFMaBiSmAd]

Just because you can echo a variable name $_SESSION[...] on a page where that variable is set, does not mean that variable is part of an actual session if the session is not started without errors.

 

Have you determined there are no session related errors on each page by setting error_reporting to E_ALL and display_errors to ON immediately after your opening <?php tag?

 

 

[Bopo]

Hi

 

Thanks for the replies, they were just what I needed, first I included error_reporting(E_ALL); onthe almost top of my pages, an undeclared variable on a irrelevant page got flagged, so I'm assuming it's working, but no error was picked up.

 

About the php.ini file, I can't seem to get access to it, however my hosting provider has e-mailed me a php.ini file, I don't honestly know if this is a fresh file, or the one that my provider uses, however they did say  this "make necessary changes as per your requirement and upload it to the location public_html and add the entry given in .htaccess file" which might give me a chance, anyway here is the 'Session' section of the file

 

[session]
; Handler used to store/retrieve data.
session.save_handler = files

; Argument passed to save_handler.  In the case of files, this is the path
; where data files are stored. Note: Windows users have to change this 
; variable in order to use PHP's session functions.
; As of PHP 4.0.1, you can define the path as:
;     session.save_path = "N;/path"
; where N is an integer.  Instead of storing all the session files in 
; /path, what this will do is use subdirectories N-levels deep, and 
; store the session data in those directories.  This is useful if you 
; or your OS have problems with lots of files in one directory, and is 
; a more efficient layout for servers that handle lots of sessions.
; NOTE 1: PHP will not create this directory structure automatically.
;         You can use the script in the ext/session dir for that purpose.
; NOTE 2: See the section on garbage collection below if you choose to
;         use subdirectories for session storage
session.save_path = /var/sessions

; Whether to use cookies.
session.use_cookies = 1

; This option enables administrators to make their users invulnerable to
; attacks which involve passing session ids in URLs; defaults to 0.
; session.use_only_cookies = 1

; Name of the session (used as cookie name).
session.name = PHPSESSID

; Initialize session on request startup.
session.auto_start = 0

; Lifetime in seconds of cookie or, if 0, until browser is restarted.
session.cookie_lifetime = 0

; The path for which the cookie is valid.
session.cookie_path = /

; The domain for which the cookie is valid.
session.cookie_domain =

; Handler used to serialize data.  php is the standard serializer of PHP.
session.serialize_handler = php

; Define the probability that the 'garbage collection' process is started
; on every session initialization.
; The probability is calculated by using gc_probability/gc_divisor,
; e.g. 1/100 means there is a 1% chance that the GC process starts
; on each request.

session.gc_probability = 1
session.gc_divisor     = 100

; After this number of seconds, stored data will be seen as 'garbage' and
; cleaned up by the garbage collection process.
session.gc_maxlifetime = 1440

; NOTE: If you are using the subdirectory option for storing session files
;       (see session.save_path above), then garbage collection does *not*
;       happen automatically.  You will need to do your own garbage 
;       collection through a shell script, cron entry, or some other method. 
;       For example, the following script would is the equivalent of
;       setting session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes):
;          cd /path/to/sessions; find -cmin +24 | xargs rm

; PHP 4.2 and less have an undocumented feature/bug that allows you to
; to initialize a session variable in the global scope, albeit register_globals
; is disabled.  PHP 4.3 and later will warn you, if this feature is used.
; You can disable the feature and the warning separately. At this time,
; the warning is only displayed, if bug_compat_42 is enabled.

session.bug_compat_42 = 1
session.bug_compat_warn = 1

; Check HTTP Referer to invalidate externally stored URLs containing ids.
; HTTP_REFERER has to contain this substring for the session to be
; considered as valid.
session.referer_check =

; How many bytes to read from the file.
session.entropy_length = 0

; Specified here to create the session id.
session.entropy_file =

;session.entropy_length = 16

;session.entropy_file = /dev/urandom

; Set to {nocache,private,public,} to determine HTTP caching aspects
; or leave this empty to avoid sending anti-caching headers.
session.cache_limiter = nocache

; Document expires after n minutes.
session.cache_expire = 180

; trans sid support is disabled by default.
; Use of trans sid may risk your users security. 
; Use this option with caution.
; - User may send URL contains active session ID
;   to other person via. email/irc/etc.
; - URL that contains active session ID may be stored
;   in publically accessible computer.
; - User may access your site with the same session ID
;   always using URL stored in browser's history or bookmarks.
session.use_trans_sid = 0

; The URL rewriter will look for URLs in a defined set of HTML tags.
; form/fieldset are special; if you include them here, the rewriter will
; add a hidden <input> field with the info which is otherwise appended
; to URLs.  If you want XHTML conformity, remove the form entry.
; Note that all valid entries require a "=", even if no value follows.
url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=,fieldset="

[trq]

Theres nothing in that file that seems out of the ordinary. I'd make a directory outside your web root called sessions then point session.save_path to it, make sure its writtable and see how you go from there. You should be doing that with any shared hosting anyways.

[Bopo]

Hi

 

I decided to try and change the filepath of the session save path to a tmp folder in my .htaccess folder as so:

 

php_value session.save_path /home/koicarp/tmp/

 

But I just get a 500 internal server error

[PFMaBiSmAd]

You can only put php settings into a .htaccess file when php is running as an Apache module. Anyway, a problem with the session save path would have shown up with the display_errors/error_reporting settings in place (assuming you put them immediately after the <?php tag like directed.) So, based on what you have posted, either you are switching back and forth between www.yourdomain.com and yourdomain.com or cookies are disabled in your browser.

 

Test the basics. Create two files in your document root folder and browse to them using exactly the same syntax in the URL (www.yourdomain.com) -

 

http://www.yourdomain.com/sess1.php -

<?php
ini_set ("display_errors", "1");
error_reporting(E_ALL);
session_start();
$_SESSION['test'] = 'a string';
?>

 

http://www.yourdomain.com/sess2.php -

<?php
ini_set ("display_errors", "1");
error_reporting(E_ALL);
session_start();
echo $_SESSION['test'];
?>