I'm unable to get any session data to persist across my app. I'm using a cart package and after adding the items the cart is immediately empty when I try to retrieve the data in another page.
I've tested the session by creating a test session and then retrieving that. It works if I retrieve it immediately but if I call the session on another page it no longer works
I've read similar threads and have my session config file set as:
driver => native
lifetime => 120
expire_on_close => true
domain => false`
There's no output ie echo statements before redirects. I've tried doing a fresh install but still the same problems. This is currently on a local server - localhost with a url of test.loc
This can happen if PHP is trying to save to a path that is not writable/doesn't exist.
Try the following code to check where PHP is trying to save session files:
<?php
echo ini_get('session.save_path');
?>
Then check that folder to see if a) it exists and b) if session files are being written into it.
If it doesn't exist you need to change the .ini file or use ini_set('session.save_path') to change where PHP is trying to save session info. If the folder does exist it may be a permissions issue.
Finally, it may be a cookie issue - try using the app with different browsers, and check that the browsers have cookies enabled.
Related
I have a script for a little chat feature, it uses a single session for everyone. Everything looks weird in this code, but I'm allowed to just edit it not recreate it.
The script tries to open this weird "single session for everyone" using code below:
$name='PREFIX-'.md5(home_url());
session_id($name);
session_name($name);
session_start();
Everything looks fine on localhost (XAMPP, Windows, PHP 7.2.5), but when I tried to use it on shared hosting server (Linux, PHP 7.1.18) the session is saved with various names and I can't read it anymore using same $name.
I've printed everything in ini_get( 'session.save_path') with print_r(scandir($dir)) but there is nothing like sess_PREFIX-* there and the save_path folder is growing by page refresh 3 files every time.
One of my friends pointed out this which fixed my problem with random session_id.
I'm experiencing a strange issue with the PHP session. I can store values and everything until the end of the request. As soon as a new request is created, a new session file is created with a new session and data loss of the previous session as a result.
I have installed both php and apache manually on a Windows 7 machine. The session.save_path setting is set to null, but the files are being written to: C:\Windows\Temp. The session files are present there and have the actual values in them so I don't think that this is a permission issue.
Note that session_start() is being called at the very start of the php file that handles the request. This is not a code issue as I have used dummy code to verify the behavior on a different machine with a xampp server. There everything works fine.
I've an issue where session_start() hangs.
I've tried replacing the "file" method with "memcached". This did not correct the problem.
The problem is not concurrent access. It's not that I'm trying to access an session with two separate scripts at the same time.
I can create the session and save it, but cannot access the session afterwards.
Checking in my session.save_path, I can see that the session file was created, and I don't see any problem with it.
Here is an example session file:
sess_88senr7p8icjaiebup8i449l41:csrf|s:32:"401a0f9028b00102c671459da8537286";userdata|a:6:{s:2:"id";s:4:"3198";s:5:"email";s:25:"paul#*******.com";s:4:"name";s:17:"********";s:6:"parent";s:4:"3198";s:11:"permissions";i:1;s:15:"app_permissions";N;}employer|a:8:{s:2:"id";s:4:"3198";s:12:"company_name";s:7:"**";s:21:"user_accounts_allowed";i:20;s:18:"user_accounts_used";i:20;s:5:"notes";s:0:"";s:14:"contract_start";s:10:"2013-04-10";s:12:"contract_end";s:10:"2014-04-10";s:8:"features";i:2;}
This is acting as if the session lock is simply not removed at all. Where would I check to find this? Would this same issue affect "file" and "memcached"?
I am accessing my website from Linux server. At the time of user login I create session.
But Even I didn't open site and locate in folder /var/lib/php/session
there are contentiously some session file are getting created.
I am unable to find from where these files are getting created.
A session is always created. Your login just assigns the session with an user and the information that he/she/it is authenticated.
Note: Also search engines and robots create sessions on your page.
PHP creates sessions whenever you call session_start()
After to much research I found that session were getting created from cron files.
I removed session_start call from cron files.
I have a Windows server 2008 with apache2. The server has 2 discs and I run an apache instance on both. The first runs as a service the second in the commandline. They both use an exact copy of an identical webroot in their own htdocs folder. Also they both use the same PHP install that is located on the first disc (Program Files (x86)). My application runs over SSL and uses PHP and MySQL.
The webserver that runs as a service runs my application fine and lets me login and has my session data ready at all times. The second server however lets me run my login script, has session data while running the script but loses that session data after a redirect to another page inside the same webroot.
The problem on the second webserver is similar to this question with the exception that I have session_start() on every page.
My login script works like this:
User requests a page
If the user is not authenticated, he is thrown back to the login page
If the user is authenticated, he gets an $_SESSION["auth"] with his profile data
Then when the user is browsing the main page or other pages that need auth, they just check if the $_SESSION["auth"] is set.
Any tips on how to solve this?
EDIT: A small clarification. I do have a session ID on each page. That id does not change when I get redirected. I do NOT have any data in the $_SESSION variable on the page I redirect to.
Look at the permissions of the php session directory where the files for the session are being stored. If php doesn't have the rights to write, create and change files you won't be able to store anything in your $_SESSION var.
I found the solution. The user that runs the webserver did have permission to all paths in the httpd.conf but did not have permission to access all paths in PHP.ini. session.save_path is one of those paths and the server can't access session data if it can't store session data.
The session.save_path was set to C:\Windows\Temp and initially I did not think I had to give permissions to anything but the apache dirs, php dirs and webroot.
Thanks for all your help!
Sessions will break if the user visits a sub-path of your site root and then navigates upwards. This is because the cookie will only be set for that path, not your entire domain. More info here: http://www.php.net/manual/en/function.session-start.php#91298