I've got a problem with my Session in PHP, if I refresh my page it set a new session_id each time.
I use the PHP built in server and PHP 7.1 and nothing more than that :
<?php
session_start();
echo session_id();
Each refresh give me a new Session Id. Each ? Not really in fact, if I refresh super quickly I have the same session id for 1 or 2 seconds.
I don't know where to look, my php.ini seems correct, my code too I believe.
My folder to register session is 777.
Where could I look or what test could I do ?
Edit : I don't know why but changing localhost to 127.0.0.1 in the built in server solved the issue
I don't know why but changing localhost to 127.0.0.1 in the built in server solved the issue.
Related
I am not able to get the php session working on http. I tried the same simple test page on another domain on the server which uses https and it worked as expected. Here is the simple code I am using
session_start();
echo session_id();
When I refresh the page I get a new session_id each time.
I've set session.cookie_secure to 0 and 1 but it made no difference. I have no clue why this is not working??? Any ideas?
I have PHP 5.6 running on IIS 8.5. I used this test log:
echo '<p>'.sizeof($_SESSION).' - '.session_id().' - '.ini_get('session.cookie_domain').'</p>';
With it I see that $_SESSION has some elements, cookie_domain is properly set in php.ini as my domain, but session_id() has a different string on each page load. session_start() is being called on every page load.
Any idea on what I can do to make session persistent?
$sessionfile = ini_get('session.save_path') . '/' . 'sess_'.session_id(); shows where the session file is. I'm able to open it and data is there. Indeed it's something in the creation of each session, not in saving their files.
Is it possible that some IIS setting or some asp is reseting the session?
This problem occur most times if you don't have permissions to store the session in your IIS. I had the same problem before a long time. To correct the permissions or the session path solved my problem.
I recently moved to a new DigitalOcean VPS server, and I'm running Ubuntu 14.04 and Apache. This is the first time I set up my own server. I imported my website into the new server. Everything seems to be working but the logout script where I basically unset and destroy the session. For some reason, this doesn't seem to be working anymore.
Here's the code for my logout script
<?PHP
session_start();
session_unset();
session_write_close();
session_destroy();
session_start();
$_SESSION = array();
$_SESSION['logged_out'] = 1;
header ("Location:index.php");
?>
When the page is redirected, the user is still logged in and the session cookie is still set.
I remember having the same problem as you.
Try to delete your SESSION using : unset($_SESSION['session_you_need_to_destroy']);
I guess if you destroy only one session, you member will be log off.
Hope it's work for you :)
Just for anyone else's future reference, I solved the problem. The URL for the login script was http://website.com (without the www) and the rest of my site used http://www.website.com (with the www).
I have followed a tutorial to work with sessions using cookies. I have now two issues:
My lifetime session is too short (one or two hours), eventhough I've set the value of session.cookie_lifetime and session.gc_maxlifetime to "1209600"
I try to save sessions into files using:
ini_set("session.save_handler", "files");
session_set_save_handler($session, true);
session_save_path($rel_path . "/sessions");
where $session is the instance of the sessions I've created but not yet started.
Now, this works correctly when I use it locally with XAMPP, but not when I upload the site online. I guess the problem comes from my web host which is www.ovh.com, but I have no idea on how to solve this problem. Any idea or suggestion?
I solved the issue by adding this line of code:
ini_set('session.force_path', 0);
with the other ini_set and session parameters. The session.force_path parameter wasn't visible in the session section when I printed the phpinfo() locally (using XAMPP), while it was on my web hosting service. This also solved my session lifetime issue as it was depending on the existence of the session file.
I know this problem has been presented here in SO and I've tried the solutions but it's still not fixed.
PHP is deleting the session after some time of inactivity (i assume 24 minutes as it's the default and seems to fit the testing).
I have the following code set in all the pages:
ini_set('display_errors', 0);
$sessionCookieExpireTime = 2880000;
session_set_cookie_params($sessionCookieExpireTime);
ini_set('session.gc_maxlifetime', $sessionCookieExpireTime);
session_start();
echo ini_get('session.gc_maxlifetime'); //echos 2880000 as expected
But the session still gets reset after 24 minutes (or so) of inactivity.
phpinfo() return the following output for session:
Any idea why this isn't working? (PHP 5.3.10)
Thanks
Although Marc B answer shares some great insight it wasn't working for me. I was pretty sure everything was fine with my script and I had nothing messing with the session in my code.
After an epic struggle I discovered that my problem was actually due to shared hosting environment. From the PHP doc:
“If different scripts … share the same place for storing the session
data then the script with the minimum value will [determine the
session timeout]“.
After this the problem was quite obvious. Some script (hosted on the same server) was using the default php.ini session.gc_maxlifetime and that was resetting my sessions.
The solution was to create a folder under the root of my hosting (make sure it's not web accessible), set the right permissions to it and then use session.save_path to tell php where to store my sessions. Something like:
ini_set("session.gc_maxlifetime","21600"); // 6 hours
ini_set("session.save_path", "/your_home/your_sessions/");
session_start();
This website provided great insight: php sessions on shared hosting
So if you come accross this issue make sure you follow Marc B recommendations and if that doesn't work try this out.
Best wishes!!
Are you doing this code in EVERY script that uses sessions? ini_set changes apply ONLY to the script they're executed in, and ONLY for the execution lifetime of that particular script.
If you want to make it a permanent global change, you'll have to modify php.ini, or put some php_values directives into http.conf/.htaccess.