I have a script for a little chat feature, it uses a single session for everyone. Everything looks weird in this code, but I'm allowed to just edit it not recreate it.
The script tries to open this weird "single session for everyone" using code below:
$name='PREFIX-'.md5(home_url());
session_id($name);
session_name($name);
session_start();
Everything looks fine on localhost (XAMPP, Windows, PHP 7.2.5), but when I tried to use it on shared hosting server (Linux, PHP 7.1.18) the session is saved with various names and I can't read it anymore using same $name.
I've printed everything in ini_get( 'session.save_path') with print_r(scandir($dir)) but there is nothing like sess_PREFIX-* there and the save_path folder is growing by page refresh 3 files every time.
One of my friends pointed out this which fixed my problem with random session_id.
I accidentally deleted a file that I have been working on for the last 2 days using the unlink() function. I was using the unlink function to delete other files but the name of the other files was similar to the file I was working on so it got deleted.
Also the same page that just got delete is still open in my browser and functioning normally. I am thinking it must be open or saved in a temp file somewhere by my Apache, could this be true? or am I dreaming?
I have tried recovery tools but I have given up on them as I am a new Ubuntu user and don't want to spend too much time fiddling around with things I don't know anything about.
Also the same page that just got delete is still open in my browser and functioning normally. I am thinking it must be open or saved in a temp file somewhere by my Apache, could this be true?
No.
Apache executes the PHP program, sends the output of it to the client, then stops. It doesn't keep the program running after the page has been delivered.
I'm unable to get any session data to persist across my app. I'm using a cart package and after adding the items the cart is immediately empty when I try to retrieve the data in another page.
I've tested the session by creating a test session and then retrieving that. It works if I retrieve it immediately but if I call the session on another page it no longer works
I've read similar threads and have my session config file set as:
driver => native
lifetime => 120
expire_on_close => true
domain => false`
There's no output ie echo statements before redirects. I've tried doing a fresh install but still the same problems. This is currently on a local server - localhost with a url of test.loc
This can happen if PHP is trying to save to a path that is not writable/doesn't exist.
Try the following code to check where PHP is trying to save session files:
<?php
echo ini_get('session.save_path');
?>
Then check that folder to see if a) it exists and b) if session files are being written into it.
If it doesn't exist you need to change the .ini file or use ini_set('session.save_path') to change where PHP is trying to save session info. If the folder does exist it may be a permissions issue.
Finally, it may be a cookie issue - try using the app with different browsers, and check that the browsers have cookies enabled.
I have a Windows server 2008 with apache2. The server has 2 discs and I run an apache instance on both. The first runs as a service the second in the commandline. They both use an exact copy of an identical webroot in their own htdocs folder. Also they both use the same PHP install that is located on the first disc (Program Files (x86)). My application runs over SSL and uses PHP and MySQL.
The webserver that runs as a service runs my application fine and lets me login and has my session data ready at all times. The second server however lets me run my login script, has session data while running the script but loses that session data after a redirect to another page inside the same webroot.
The problem on the second webserver is similar to this question with the exception that I have session_start() on every page.
My login script works like this:
User requests a page
If the user is not authenticated, he is thrown back to the login page
If the user is authenticated, he gets an $_SESSION["auth"] with his profile data
Then when the user is browsing the main page or other pages that need auth, they just check if the $_SESSION["auth"] is set.
Any tips on how to solve this?
EDIT: A small clarification. I do have a session ID on each page. That id does not change when I get redirected. I do NOT have any data in the $_SESSION variable on the page I redirect to.
Look at the permissions of the php session directory where the files for the session are being stored. If php doesn't have the rights to write, create and change files you won't be able to store anything in your $_SESSION var.
I found the solution. The user that runs the webserver did have permission to all paths in the httpd.conf but did not have permission to access all paths in PHP.ini. session.save_path is one of those paths and the server can't access session data if it can't store session data.
The session.save_path was set to C:\Windows\Temp and initially I did not think I had to give permissions to anything but the apache dirs, php dirs and webroot.
Thanks for all your help!
Sessions will break if the user visits a sub-path of your site root and then navigates upwards. This is because the cookie will only be set for that path, not your entire domain. More info here: http://www.php.net/manual/en/function.session-start.php#91298
I have a problem where i am losing the PHP session between 2 pages.
The session_start() is included in a file called session-inc.php into every page requiring a session to be set. This works for all pages on the site except one particular page, member-profile.php. When this page is visited a new session with a different id (same session name) is set and used instead.
A few more details:
Session name is set manually
All pages are on the same server under the same domain name
If i put an additional session_start() above the include('session-inc.php') in the member-profile.php file, the session is carried over correctly
I have tried setting the session_cookie_domain and session.session_name in the .htaccess, this worked for this domain but it stopped the session being passed over to out payment domain
We are running apache 2.2.6 with php 5.2.5
Putting the session_start() above the include('session-inc.php') in the member-profile.php file is the quick and dirty fix for this problem, but i am wondering if anybody know why this would be happening.
Cheers
Will
According to PHP documentation, session_start must be called before any output is sent back to the browser-- could this page have a rogue CR/LF, Unicode byte-order mark or similar that is causing output before you include('session-inc.php')?
While migrating a legacy site from PHP4 to PHP5 I noticed a php.ini configuration setting that causes php to auto-start the session upon every request. It's an alternative to placing session_start() onto every page...
There are multiple ways to enable this setting:
Put the following line into php.ini:
session.auto_start = on
or put this into your apache virtual-site config or .htaccess file:
<IfModule mod_php5.c>
php_flag session.auto_start on
</IfModule>
and it should make $_SESSION changes available across all pages
I have just encountered this problem. Interestingly, browsing via http://127.0.0.1 instead of http://localhost helped me.
I just spent all day diagnosing this issue in my Ionic3 - to - PHP project. TL; DR - make sure your client is actually sending session credentials.
In the interest of helping anyone who makes this mistake, I will share how I found the problem.
I used these tools to diagnose the session on both the client and server:
1) Add a test file with phpinfo() to the server to review PHP session options.
2) Review the PHP code to make sure that no output, intentional or un-intentional occurs before the session_start() line. Check the status bar of Visual Studio Code to make sure the Byte Order Mark (BOM) is absent from the PHP files.
3) Review server PHP logs (in /var/log/nginx/error.log for me). Add error_log() lines to the php file to dump the session_id() or $_SESSION array.
4) Use tcpdump -An 'port 80 or port 443' to view the actual HTTP requests and replies. (That's where I discovered the missing cookies).
For an Ionic3 data provider the correct syntax for the client is:
var obsHttp = this.http.post(url, body,
{ headers: new HttpHeaders({
'Content-Type':'application/x-www-form-urlencoded'
}),withCredentials: true }).timeout(this.timeoutTime);
Notice the withCrentials:true
One needs to call subscribe on the obsHttp() observable to send the request.
Found the issue
There was a byte order mark at the beginning of the main includes file of the second domain. as stated by ken, cant have any output before a session start, it was not setting the session correctly.
SOLUTION:
session.auto_start = on
in file: php.ini
It solved the issue of re-generating session id on page reload (page refresh / change pages).
The issue appeared after the update of CPanel (and included Multi PHP), even the php version remained the same.
The PHP.ini file didn't had that variable at all.
Went in Cpanel -> MultiPHP INI Editor -> Editor Mode (not Basic, in basic you do not have this setting) and added the line. Press Save.
TIPS / WHEN TO USE THIS SOLUTION:
To determine if that is the problem, put a line at the very beginning and at the very end of your index.php file to check the session id. Use function:
session_id();
Navigate through pages / reload the page. If the session_id value changes the problem is not in your code and this solution should solve your problem (the session is lost outside of your code).
I also tried to verify the availability of saving session on the web server (session.save_path) but, even if it was a lead, it was not the case.
I imagine this is a "feature" of Cpanel with MULTIPHP UPDATE that will happen quite often.
I had this problem, and the cause was that PHP was ignoring all cookies after the first 100. (I asked this question to try to find out why, but so far nobody has figured it out). The browser was sending the PHPSESSID*, but since it was the 110th cookie, PHP was ignoring it.
To figure out if this problem is what's affecting you, use your browser's dev tools to look at the cookies that the browser is sending with the request, and compare that list to the $_COOKIE array in PHP. They should be the same. But if the browser is sending a PHPSESSID*, and there's no PHPSESSID* in $_COOKIE, then that would explain why sessions aren't working.
I solved the problem by not having my site use so many cookies, which is good practice anyway.
*PHPSESSID is the default session name. Your site may use a different name.
To solve the session_id change after each request, you change the parameter session.auto_start and session.cookie_httponly into the php configuration file.
to find the used php configuration file
php -i | grep "php.ini"
then you open it, and try to find the parameter session.auto_start . you set
session.auto_start = 1
session.cookie_httponly = 0
finally you restart your httpd/apache service.
Found the issue
In my case it was due to Varnish Settings please check your varnish settings. PHPSESSID you can exclude the cookie from the Varnish Settings.
I'm not an expert, but found a solution after careful investigation of domain name in the cookies info of two webpages opened on Firefox. (Right click on the page, select inspection and the storage). checked domain names and found that one with www.example.com and the other without www (example.com). changed all the page links to same format and the problem solved for my case.
Found the problem was a byte order mark (BOM) being ouputted at the start of the file. Got rid of it and it sorted out the session problem.