I am having problems passing session variables on my website. I can echo my session variables on the advertiser/page2.php but when i go to a 3rd page the sessions are gone.
Can someone please help me fix this issue?
login.php
session_start();
$_SESSION['account_id']= $account_id;
$_SESSION['user_email']= $user_email;
advertiser/page2.php
session_start();
advertiser/page3.php
session_start();
here are the settings on my phpinfo()
Directive Local Value Master Value
session.auto_start Off Off
session.bug_compat_42 Off Off
session.bug_compat_warn On On
session.cache_expire 180 180
session.cache_limiter nocache nocache
session.cookie_domain no value no value
session.cookie_httponly Off Off
session.cookie_lifetime 0 0
session.cookie_path / /
session.cookie_secure Off Off
session.entropy_file no value no value
session.entropy_length 0 0
session.gc_divisor 100 100
session.gc_maxlifetime 1440 1440
session.gc_probability 1 1
session.hash_bits_per_character 5 5
session.hash_function 0 0
session.name PHPSESSID PHPSESSID
session.referer_check no value no value
session.save_handler files files
session.save_path no value no value
session.serialize_handler php php
session.use_cookies On On
session.use_only_cookies Off Off
session.use_trans_sid 0 0
I have run into this issue several times with PHP and it is frustrating,
What I do not is set the Session ID using session_id([new_session_id]) to the MD5 (http://php.net/manual/en/function.md5.php) hash of a string such as the username combined with some arbitrary string. The username is always tied to the user data.
The session ID is always recalculated (which might be a minimal performance cost) but you can always find the session when you need it, since the result is deterministic.
I am not sure if this is the BEST method, but something around that idea seems to have never failed me when dealing with maintaining sessions in PHP.
Related
Can someone please tell me how long my session will last from the data below? - I'm not sure which one tells me
session.auto_start Off Off
session.bug_compat_42 Off Off
session.bug_compat_warn On On
session.cache_expire 180 180
session.cache_limiter nocache nocache
session.cookie_domain no value no value
session.cookie_httponly Off Off
session.cookie_lifetime 0 0
session.cookie_path / /
session.cookie_secure Off Off
session.entropy_file no value no value
session.entropy_length 0 0
session.gc_divisor 1000 1000
session.gc_maxlifetime 1440 1440
session.gc_probability 1 1
session.hash_bits_per_character 5 5
session.hash_function 0 0
session.name PHPSESSID PHPSESSID
session.referer_check no value no value
session.save_handler files files
session.save_path /var/lib/php/session /var/lib/php/session
session.serialize_handler php php
session.use_cookies On On
session.use_only_cookies Off Off
session.use_trans_sid 0 0
In general you can say session.gc_maxlifetime specifies the maximum lifetime since the last change of your session data (not the last time session_start was called!). But PHP’s session handling is a little bit more complicated.
Because the session data is removed by a garbage collector that is only called by session_start with a probability of session.gc_probability devided by session.gc_divisor. The default values are 1 and 100, so the garbage collector is only started in only 1% of all session_start calls. That means even if the the session is already timed out in theory (the session data had been changed more than session.gc_maxlifetime seconds ago), the session data can be used longer than that.
Because of that fact I recommend you to implement your own session timeout mechanism. See my answer to How do I expire a PHP session after 30 minutes? for more details.
This is the one. The session will last for 1440 seconds (24 minutes).
session.gc_maxlifetime 1440 1440
If session.cookie_lifetime is 0, the session cookie lives until the browser is quit.
EDIT: Others have mentioned the session.gc_maxlifetime setting. When session garbage collection occurs, the garbage collector will delete any session data that has not been accessed in longer than session.gc_maxlifetime seconds. To set the time-to-live for the session cookie, call session_set_cookie_params() or define the session.cookie_lifetime PHP setting. If this setting is greater than session.gc_maxlifetime, you should increase session.gc_maxlifetime to a value greater than or equal to the cookie lifetime to ensure that your sessions won't expire.
You're searching for gc_maxlifetime, see http://php.net/manual/en/session.configuration.php#ini.session.gc-maxlifetime for a description.
Your session will last 1440 seconds which is 24 minutes (default).
PHP newbie here, but I can't find a straight answer online. Given the bellow session section of my phpinfo, what would I need in a php.ini to enable sessions in the most basic of ways? Thanks :)
Session Support enabled
Registered save handlers files user
Registered serializer handlers php php_binary wddx
Directive Local Value Master Value
session.auto_start Off Off
session.bug_compat_42 On On
session.bug_compat_warn On On
session.cache_expire 180 180
session.cache_limiter nocache nocache
session.cookie_domain no value no value
session.cookie_httponly Off Off
session.cookie_lifetime 0 0
session.cookie_path / /
session.cookie_secure Off Off
session.entropy_file no value no value
session.entropy_length 0 0
session.gc_divisor 100 100
session.gc_maxlifetime 1440 1440
session.gc_probability 1 1
session.hash_bits_per_character 4 4
session.hash_function 0 0
session.name PHPSESSID PHPSESSID
session.referer_check no value no value
session.save_handler files files
session.save_path no value no value
session.serialize_handler php php
session.use_cookies On On
session.use_only_cookies On On
session.use_trans_sid 0 0
PHP installations do not need any special configuration to enable sessions. They are enabled by default.
You should make sure you have session_start(); as the first line in any page that you intend to use sessions; it should be the very first line, before any whitespace (an empty line, for example).
I guess you must increase your session as follow:
session.cookie_lifetime 0 0 and session.gc_maxlifetime 1440 1440
to
session.cookie_lifetime 86400 86400 and session.gc_maxlifetime 86400 86400 cumulatively.
86400 means 1 day.
This will allow your system to use "session_start()" which will have 1 day life.
Hope this helps someone.
There are a following built-in options for storing session data. The session handler is set in the php.ini under the directive named
session.save_handler
You can also give sqlite db to store your session like
session.save_handler = sqlite
session.save_path = /tmp/phpsess.db
Your current save_handler is set to store session date in files on the system. The problem is that your save_path looks like it doesn't currently have a value. You will need to add a save_path so PHP knows where to put those files.
PHP: Runtime Configuration #session.save_path
Take a look at this page where a user describes having a similar issue.
After installing and settings, rebooting solves problem. Manually starting servers did produce the result above. Definetly somethings does not load properly when starting the server manually.
I hope still helps someone.
I have a page with just this code:
<?php
session_start();
echo session_id();
?>
running on localhost. In IE my session id gets reset with every page load (i.e. the session is reset, all old session info is lost). In any other browser it works just fine and my session id doesn't change on refresh.
This happens in browsers mode IE7, IE8 and IE9 (actual browser = IE9). I've got IE privacy (cookies) settings on 'Accept all cookies'. Yet in developer tools 'cache->view cookie info' nothing is shown. Clearing all session cookies doesn't help either, nor does clearing browser cache. Though, in the PHP session storage dir a new session file is created at each refresh.
php session config:
session.auto_start Off Off
session.bug_compat_42 On On
session.bug_compat_warn On On
session.cache_expire 180 180
session.cache_limiter nocache nocache
session.cookie_domain no value no value
session.cookie_httponly Off Off
session.cookie_lifetime 0 0
session.cookie_path / /
session.cookie_secure Off Off
session.entropy_file no value no value
session.entropy_length 0 0
session.gc_divisor 1000 1000
session.gc_maxlifetime 1440 1440
session.gc_probability 1 1
session.hash_bits_per_character 5 5
session.hash_function 0 0
session.name PHPSESSID PHPSESSID
session.referer_check no value no value
session.save_handler files files
session.save_path D:\webserver\environment\temp\sessions D:\webserver\environment\temp\sessions
session.serialize_handler php php
session.use_cookies On On
session.use_only_cookies On On
session.use_trans_sid 0 0
So the weird thing is this happens only on IE, no other browsers and IE seems to be configured correctly...
Thanks for any tips!
Pressing "refresh" will generally send the same request as before - even if you've cleared the cache.
Close down IE completely. Go to control panel, open "Internet Options" from there and delete the cookies. Clear cache too, if you want to be sure. Then open IE and have another go.
everyone! i have a question about sessions hopefully someone can help me with. I have a apache test server set up that uses virtual hosts for http and https. I put the following files in my https and it works:
mytest.php:
// this starts the session
session_start();
// this sets variables in the session
$_SESSION['color']='red';
$_SESSION['size'] ='small';
$_SESSION['shape']='round';
echo "Done";
mytest2.php:
// this starts the session
session_start();
// echo variable from the session, we set this on our other page
echo "Our color value is ".$_SESSION['color'];
echo "Our size value is ".$_SESSION['size'];
echo "Our shape value is ".$_SESSION['shape'];
But it doesn't work when I view the copy in http.
phpinfo() in both are the same:
session
Session Support enabled
Registered save handlers files user sqlite
Registered serializer handlers php php_binary wddx
Directive Local Value Master Value
session.auto_start Off Off
session.bug_compat_42 On On
session.bug_compat_warn On On
session.cache_expire 180 180
session.cache_limiter nocache nocache
session.cookie_domain no value no value
session.cookie_httponly Off Off
session.cookie_lifetime 0 0
session.cookie_path / /
session.cookie_secure On On
session.entropy_file no value no value
session.entropy_length 0 0
session.gc_divisor 100 100
session.gc_maxlifetime 1440 1440
session.gc_probability 1 1
session.hash_bits_per_character 4 4
session.hash_function 0 0
session.name PHPSESSID PHPSESSID
session.referer_check no value no value
session.save_handler files files
session.save_path /tmp /tmp
session.serialize_handler php php
session.use_cookies On On
session.use_only_cookies Off Off
session.use_trans_sid 0 1
As it has already been said, it's probably because you're using secure cookies.
Note that, if you're not using secure cookies, you need to be careful in the logic of your application to enforce its security. It's OK to go from HTTPS to HTTP, but then, you should discard the HTTPS session. Otherwise, an attacker could get the cookie from the HTTP connection and use it over the HTTPS connection, pretending to be authenticated as the legitimate user.
The problem is this:
session.cookie_secure On On
If the the cookie is session cookie secure, it'll only be sent via https by the client.
Change that ini setting or call session_set_cookie_params prior to session_start and specify there you don't want a secure cookie, e.g.:
session_set_cookie_params(0, '/', "example.com", false);
Can someone please tell me how long my session will last from the data below? - I'm not sure which one tells me
session.auto_start Off Off
session.bug_compat_42 Off Off
session.bug_compat_warn On On
session.cache_expire 180 180
session.cache_limiter nocache nocache
session.cookie_domain no value no value
session.cookie_httponly Off Off
session.cookie_lifetime 0 0
session.cookie_path / /
session.cookie_secure Off Off
session.entropy_file no value no value
session.entropy_length 0 0
session.gc_divisor 1000 1000
session.gc_maxlifetime 1440 1440
session.gc_probability 1 1
session.hash_bits_per_character 5 5
session.hash_function 0 0
session.name PHPSESSID PHPSESSID
session.referer_check no value no value
session.save_handler files files
session.save_path /var/lib/php/session /var/lib/php/session
session.serialize_handler php php
session.use_cookies On On
session.use_only_cookies Off Off
session.use_trans_sid 0 0
In general you can say session.gc_maxlifetime specifies the maximum lifetime since the last change of your session data (not the last time session_start was called!). But PHP’s session handling is a little bit more complicated.
Because the session data is removed by a garbage collector that is only called by session_start with a probability of session.gc_probability devided by session.gc_divisor. The default values are 1 and 100, so the garbage collector is only started in only 1% of all session_start calls. That means even if the the session is already timed out in theory (the session data had been changed more than session.gc_maxlifetime seconds ago), the session data can be used longer than that.
Because of that fact I recommend you to implement your own session timeout mechanism. See my answer to How do I expire a PHP session after 30 minutes? for more details.
This is the one. The session will last for 1440 seconds (24 minutes).
session.gc_maxlifetime 1440 1440
If session.cookie_lifetime is 0, the session cookie lives until the browser is quit.
EDIT: Others have mentioned the session.gc_maxlifetime setting. When session garbage collection occurs, the garbage collector will delete any session data that has not been accessed in longer than session.gc_maxlifetime seconds. To set the time-to-live for the session cookie, call session_set_cookie_params() or define the session.cookie_lifetime PHP setting. If this setting is greater than session.gc_maxlifetime, you should increase session.gc_maxlifetime to a value greater than or equal to the cookie lifetime to ensure that your sessions won't expire.
You're searching for gc_maxlifetime, see http://php.net/manual/en/session.configuration.php#ini.session.gc-maxlifetime for a description.
Your session will last 1440 seconds which is 24 minutes (default).