Session not carried between sub-folder and root

[stuartmarsh]

Hi all,

I have two PHP files, one in root and the other in a folder called admin.

 

If I set $_SESSION in a file in the admin folder and then view $_SESSION in any other file within the admin folder, everything is OK.

 

However, if I then go to a file in root $_SESSION is blank, and it is blank if I then go back to a file in admin.

 

This problem only exists on my hosting and doesn't happen on a local dev machine.  I've compared the php.ini session settings and there both the same.

 

Any ideas?

 

Files

admin/test.php

<?php
session_start();

if( empty($_SESSION) ) {
echo "Session not set<br />";
$_SESSION['test'] = "test";
}

echo "<pre>";var_dump($_SESSION);echo "</pre>";

 

/test.php

<?php
session_start();

echo "<pre>";var_dump($_SESSION);echo "</pre>";

 

[PFMaBiSmAd]

Are you switching back and forth between url's that have and don't have the www. on them and/or what does a phpinfo(); statement show for the session.cookie_path setting?

[stuartmarsh]

Hi,

I'm not switching between domains and phpinfo() shows session.cookie_path set as /.

[PFMaBiSmAd]

A url with the www. on it and a url without the www. on it is not switching domains, but sessions won't match both unless you set the session cookie parameters correctly.

 

It sounds like your code on the page in the root folder is clearing the session variables. You would need to post your code if you want help with what it is doing.

[stuartmarsh]

Sorry didn't mean switching domains, meant url.

 

Both url's are on a dev sub-domain (dev.domain.co.uk/test.php & dev.domain.co.uk/admin/test.php).

 

Code is at the bottom of the first post.

[PFMaBiSmAd]

Add the following three lines of code after your first opening <?php tag and before your session_start() statement on both pages -

 

ini_set("display_startup_errors", "1");
ini_set("display_errors", "1");
error_reporting(E_ALL);

[stuartmarsh]

I've added those lines of code to both files, run them, and I still experience the problem.

[PFMaBiSmAd]

Any .htaccess files in either or both the admin and root folder that could be affecting the session settings?

 

I recommend that you echo session_id(); after the session_start() statements so that you can see if/when the session id is changing.

 

[stuartmarsh]

I've echoed session_id and it remains the same at all times.

 

Only one .htaccess in the root, code below:

RewriteEngine on
RewriteCond %{HTTP_HOST} ^domain.com$ [OR]
RewriteCond %{HTTP_HOST} ^www.domain.com$ [OR]
RewriteCond %{HTTP_HOST} ^domain.co.uk$
RewriteRule ^/?$ "http\:\/\/www\.domain\.co\.uk" [R=301,L]

#Route HTML pages through index.php (page.html -> index.php?page)
RewriteRule ^(.+)\.html$ index.php?file=$1 [NC]

[PFMaBiSmAd]

Any chance you have a $_COOKIE['test'] that only matches your root folder AND register_globals are on so that the cookie is overwriting your session variable with the same name 'test'?

 

All indications are that your $_SESSION variable is getting overwritten. Have you tried using a different name than test?

[stuartmarsh]

I don't think its cookies.  The code in the first post is the only code in the files and register Globals is off.

I've tried a few different names and they all result in the same problem.

[gizmola]

I've echoed session_id and it remains the same at all times.

 

Only one .htaccess in the root, code below:

RewriteEngine on
RewriteCond %{HTTP_HOST} ^domain.com$ [OR]
RewriteCond %{HTTP_HOST} ^www.domain.com$ [OR]
RewriteCond %{HTTP_HOST} ^domain.co.uk$
RewriteRule ^/?$ "http\:\/\/www\.domain\.co\.uk" [R=301,L]

#Route HTML pages through index.php (page.html -> index.php?page)
RewriteRule ^(.+)\.html$ index.php?file=$1 [NC]

 

Looks to me like this rule is rewriting everything to www.....

[stuartmarsh]

I think your right, this may be a .htaccess issue as I've just created another sub-domain and the problem does not occur.

So are these rules redirecting regardless?

 

It should only redirect if the domain ends .com or doesn't begin www.

 

[stuartmarsh]

Hmmm I've just renamed the .htaccess to old.htaccess and the problem persists.

[StevieC87]

I had the same issue, and in my case I had a php.ini file that wasn't being applied to the subfolders. 

I did phpinfo and you can see it there: Loaded Configuration File . Then I compared both pages, the one in the main directory, and the one in the subdirectory (where the session wasn't being loaded), and the subdirectory was using another php.ini (the default from the host).  Because in the php.ini you define the tmp folder where the session is saved. 

So then i added this to .htaccess so my custom php.ini file was accessible for the subdirectories <IfModule mod_suphp.c> suPHP_ConfigPath /home/USERNAME/PATH/TO/INI/ </IfModule>

Ok hope this helps!

[ginerjm]

AND AGAIN - A 12 YEAR OLD SHOULD NOT BE OPENED.