I have problem with session attributes, it is set but lost after another request.
Symfony 2.4.10, PHP 5.4.17, fedora 17
Session store using PDOSessionHandler
I want to share my session between two domain www.mydomain.com and clone.mydomin.com
I have set php_value session.cookie_domain .mydomain.com in virtualhost
I have found my answer, that I was making two ajax request concurrent, first was not able to set session data another and I didn't want to set any session data in second ajax request so I had used session_write_close() in begging of that.
Related
I'm using session variables in my php application, and I put session_start() at the first line (after the php, of course) of all my pages. But I'm losing data from two pages before.
Example: If I store $_SESSION['var1'], in the next page I will retrieve its value correctly, but if I go one more page ahead, I lose the data.
I use session_start() in all pages and I only reset the session at the index page where my user login-in.
Did someone pass through this and know what can I do? I'm testing using wamp, and in the localhost the problem doesn't happen. It only happens at my company's godaddy server (with cpanel hosting).
Solved.
My index.php was destroying the session data, even if the page doesn't pass trhought it, the session was always erased.
This is just a comment
Its the problem of the server and not the script. Usually to maintain the server load the sessions that are created at your site can expire in a short amount of time. There are ways like editing the php.ini file of the www directory but every hosting server could have different methods.
I need to share PHP sessions between multiple servers. However, I'm not sure how to maintain the session ID created on one server and how to pass it to the next server.
Essentially, a client can upload a file, but which server the file is sent to depends on which server is not overloaded.
For example, session_start() is called on test.com
An AJAX post is sent to serv1.test.com. When I call session_start() on serv1.test.com, I want it to pull the existing session information that was created by session_start() on test.com. However, that doesn't seem to be the way PHP sessions work?
I installed Memcached and followed this guide here:
https://www.digitalocean.com/community/tutorials/how-to-share-php-sessions-on-multiple-memcached-servers-on-ubuntu-14-04
I have one centralized memcache server that test.com and serv1.test.com are configured to use. However, session_start() creates a unique session on each server instead of reusing the same session. If I send the PHPSESSIONID to each server, then I can load the existing session.
How do I accomplish what I'm trying to do? I could send the PHPSESSIONID as a variable in the AJAX POST, but isn't that a security risk? That is something that could be changed by the user...
How do I get serv1.test.com to continue to use the same session set on test.com? How do I pass that session ID to serv1.test.com securely so I can use session_id("existingsessionid_from_test.com") to open the existing session?
The solution was to set the session.cookie_domain to include subdomains.
session.cookie_domain = ".test.com"
Thanks frz3993
is it possible and how to pass php session variables i have with a php and apache.
I have a main site with log in option for my users that runs from apache server and I want to use nginx as a chat/communication server that automatically gets all session variables i have in apache/php session without to pass php session id (for security reason). Both servers have a same ip and stais on a same domain. Nginx server will be on subdomain. Already have set php session to work on any sub domain but is this is valid also if I use nginx server.
Any example will be helpful.
Thanks in advanced.
Technically, the php sessions are files, which are usually located somewhere in /tmp. So once you've the session cookie, you can just read and unserialize the file's contents — after checking, it goes without saying, that the session is not expired.
If you need a more convenient format, look at php's session options. I'm quite sure you can serialize it as json for more portability, and there are ways to store sessions in SQL or even memcached.
With disabled cookies in the browser, the sessions on our webserver are not
persistant. That means, if I go forward to the next page, I receive a new
session ID. On every page I reload I become a new session ID.
With enabled cookies everting is fine.
Specifcations of the Webserver:
PHP version 5.3.3
Apache version 2.2.13
Webserver with SUSE Linux
Locally on my XAMPP installation everything works.
Update:
I have following settings on each page:
ini_set('session.use_cookies', '0');
ini_set('session.use_trans_sid', '1');
session_start();
The session ID is present in the URI, but when I check the session ID on the page their is a new ID and with each reload their is an other ID.
Yes, of course. Since HTTP is a stateless protocol, the session is linked to the user by storing the session ID in a cookie. Deleting (or refusing) this cookie will end your session.
If you don't want cookies, you have to transmit the session ID in the URL:
Unless you are using PHP 4.2.0 or later, you need to enable it
manually when building PHP. Under Unix, pass --enable-trans-sid to
configure. If this build option and the run-time option
session.use_trans_sid are enabled, relative URIs will be changed to
contain the session id automatically.
http://es.php.net/manual/en/session.idpassing.php
See also session.use_cookies and session.use_only_cookies.
This method makes it particularly easy to give away your private data just sharing a link so almost nobody uses it nowadays.
I am experiencing difficulties retrieving a cookie in an environment where the URL is http//somesite.com and the request is sent through a load balancing application and farmed out to various servers. I can set the cookie using setcookie in a PHP script as follows:
setcookie("NameTest", $cookieText, time()+3600, "/");
and a cookie somesite.com is created however when I attempt to read the values back from that cookie on the running system I never find the created cookie. I know there must be a way of doing this but haven’t found anything I can use. Can anyone tell me how to accomplish this function?
This of course works perfectly on a single server without the load balancing routine
Cookies are round-tripped client<->server on every request. If the cookie's not present on subsequent requests, you'll have to figure out why the client isn't sending it. If the load balancer is transparent to the end user, then it shouldn't matter which server is handling the request - the client would've send the cookie regardless. So if it's not being sent, then it's not being set properly in the first place.
Yes you can, because externally the client sees same IP and domain address. But if you need to share SESSION info, you have to use something like memcached or mysql to share session data between nodes.