Unwanted session files in my php session folder - php

I am accessing my website from Linux server. At the time of user login I create session.
But Even I didn't open site and locate in folder /var/lib/php/session
there are contentiously some session file are getting created.
I am unable to find from where these files are getting created.

A session is always created. Your login just assigns the session with an user and the information that he/she/it is authenticated.
Note: Also search engines and robots create sessions on your page.

PHP creates sessions whenever you call session_start()

After to much research I found that session were getting created from cron files.
I removed session_start call from cron files.

Related

PHP: Session cookie issue between subdirectories

My problem is that multiple session cookies are generated for the same user and browser/tab.
I have a init.php file, which is the only file responsible for starting sessions, the first few lines of said file looks like this:
<?php
session_start();
...
...?>
This file is located at /include/init.php, which itself is in a subdirectory.
i then have a another php file located at /include/phpjson/memberInfo.php.
This file, like all the other files, includes the init.php file. But as soon as this file is executed, another session cookie shows up in the tmp directory.
The problem isn't just that another session cookie is created, but also that my main pages located at root now seems to be using a different session than the ones located in any subdirectory.
after searching stackoverflow and other sites on google, i found that some people recommended using the session_set_cookie_params function to set the path for the session cookies. However, since all the session cookies were already in the same folder, this didn't have any effect.
I understand that whichever file including the init.php will run the containing code from the file itself, not from where init.php is originally located. Which explains why all the files in root seem to be sharing the same session.
The simple solution here is to have every php script in the root directory, but this doesn't seem like the right thing to do.
If there are any questions regarding this issue please ask in the comments. I will try to respond to them as soon as possible.
Thanks in advance :)
Regards
Daniel Holst

Posting a tweet on the Twitter timeline using "TwitterOAuth"

I am trying to post a feed on Twitter using TwitterOAuth. I have two PHP scripts, redirect.php, and callback.php that work as follows.
redirect.php -> twitter auth -> callback.php
Whatever session key/values stored upon calling redirect.php are lost when callback.php is called for some reason.
The both PHP files reside in the same domain and HTTPS is used all the way through.
session_start() is used in the both scripts right before storing and fetching session data.
What could be the cause of this problem?
It turns out that Apache was not able write session files to a directory(in my case, /var/lib/php/session) specified in the php.ini.
Granting the write permission for this directory to Apache has solved the problem.

Session not persisting

I'm unable to get any session data to persist across my app. I'm using a cart package and after adding the items the cart is immediately empty when I try to retrieve the data in another page.
I've tested the session by creating a test session and then retrieving that. It works if I retrieve it immediately but if I call the session on another page it no longer works
I've read similar threads and have my session config file set as:
driver => native
lifetime => 120
expire_on_close => true
domain => false`
There's no output ie echo statements before redirects. I've tried doing a fresh install but still the same problems. This is currently on a local server - localhost with a url of test.loc
This can happen if PHP is trying to save to a path that is not writable/doesn't exist.
Try the following code to check where PHP is trying to save session files:
<?php
echo ini_get('session.save_path');
?>
Then check that folder to see if a) it exists and b) if session files are being written into it.
If it doesn't exist you need to change the .ini file or use ini_set('session.save_path') to change where PHP is trying to save session info. If the folder does exist it may be a permissions issue.
Finally, it may be a cookie issue - try using the app with different browsers, and check that the browsers have cookies enabled.

Session hangs on session_start() in PHP

I've an issue where session_start() hangs.
I've tried replacing the "file" method with "memcached". This did not correct the problem.
The problem is not concurrent access. It's not that I'm trying to access an session with two separate scripts at the same time.
I can create the session and save it, but cannot access the session afterwards.
Checking in my session.save_path, I can see that the session file was created, and I don't see any problem with it.
Here is an example session file:
sess_88senr7p8icjaiebup8i449l41:csrf|s:32:"401a0f9028b00102c671459da8537286";userdata|a:6:{s:2:"id";s:4:"3198";s:5:"email";s:25:"paul#*******.com";s:4:"name";s:17:"********";s:6:"parent";s:4:"3198";s:11:"permissions";i:1;s:15:"app_permissions";N;}employer|a:8:{s:2:"id";s:4:"3198";s:12:"company_name";s:7:"**";s:21:"user_accounts_allowed";i:20;s:18:"user_accounts_used";i:20;s:5:"notes";s:0:"";s:14:"contract_start";s:10:"2013-04-10";s:12:"contract_end";s:10:"2014-04-10";s:8:"features";i:2;}
This is acting as if the session lock is simply not removed at all. Where would I check to find this? Would this same issue affect "file" and "memcached"?

Why does PHP not keep session between pages?

I have a Windows server 2008 with apache2. The server has 2 discs and I run an apache instance on both. The first runs as a service the second in the commandline. They both use an exact copy of an identical webroot in their own htdocs folder. Also they both use the same PHP install that is located on the first disc (Program Files (x86)). My application runs over SSL and uses PHP and MySQL.
The webserver that runs as a service runs my application fine and lets me login and has my session data ready at all times. The second server however lets me run my login script, has session data while running the script but loses that session data after a redirect to another page inside the same webroot.
The problem on the second webserver is similar to this question with the exception that I have session_start() on every page.
My login script works like this:
User requests a page
If the user is not authenticated, he is thrown back to the login page
If the user is authenticated, he gets an $_SESSION["auth"] with his profile data
Then when the user is browsing the main page or other pages that need auth, they just check if the $_SESSION["auth"] is set.
Any tips on how to solve this?
EDIT: A small clarification. I do have a session ID on each page. That id does not change when I get redirected. I do NOT have any data in the $_SESSION variable on the page I redirect to.
Look at the permissions of the php session directory where the files for the session are being stored. If php doesn't have the rights to write, create and change files you won't be able to store anything in your $_SESSION var.
I found the solution. The user that runs the webserver did have permission to all paths in the httpd.conf but did not have permission to access all paths in PHP.ini. session.save_path is one of those paths and the server can't access session data if it can't store session data.
The session.save_path was set to C:\Windows\Temp and initially I did not think I had to give permissions to anything but the apache dirs, php dirs and webroot.
Thanks for all your help!
Sessions will break if the user visits a sub-path of your site root and then navigates upwards. This is because the cookie will only be set for that path, not your entire domain. More info here: http://www.php.net/manual/en/function.session-start.php#91298

Categories