I have a strange case with my cookies.
On my overview.php i set
setcookie('threads_more','1',time()+3600,"/");
If the user gets back to index I delete the cookie with
setcookie('threads_more','1',time()-3600,"/");
But the cookie gets also deleted if I browse to other pages in this directory although there is no setcookie. Its like the setcookie command from index.php gets executed on every page in this directory. On pages in another directory the cookie stays alive. If I remove the deletecookie command on index.php it works fine.
Anyone an Idea?
Thanks a lot!
Kornel
Try
A. Remove. "/" the domain setting when setting cookies.
B. Check ode if you are setting cookies with blank node.
Idea is use default domain.
Another thing you should check, if you are using port 80.
Related
I used window.location.replace in my HTML file to test if the redirect works. Then I deleted the script function that redirected the web page but my HTML file won't stop redirecting.
So..I deleted the file completely, cleared my cache, cleared history, and everything and the web page still redirects to another page. The only thing that worked was that I changed my file name from index.html to index.php. However, even though index.html doesn't exist anymore after deleting and renaming it, it still redirects to another page when I enter in the URL
Anyone know how to fix this? I'm using domain.com btw.
EDIT: closed my browser and cleared my cache again and it for some reason worked. Not sure why it didn't work before that.
Double check to make sure the file is deleted. Since you cleared your cache, that seems to be the only option. Unless you have a caching network such as a CDN between you and the web server or unless your host has your site in its own cache.
The problem is that every time I refresh the page or when I change the page to another one, the session_id changes and new session file is created in session_save_path.
Here is the initial part of my code:
<?php
session_start();
echo session_id();
...
?>
Obviously the session variables (which is the thing that I need) don't work.
A curious thing is that the page works fine on localhost but doesn't work when I try it on the server.
Thanks in advance.
Check this setting in your server: session.auto_start
This will cause session to be autostarted in each page whether you call session_start() or not.
Make sure that there are no phantom CRLFs or such stuff before session starts. In production the error_reporting can be off so it might not get caught, but the session might find difficulty getting written. This can sometimes cause this.
On your server, in php.ini check TTL for your cookies. session.cookie_lifetime defines how long the cookie will last in seconds (default is 0, which means until the browser is closed) and session.gc_maxlifetime defines how long before the data is deleted, also in seconds.
And make sure the session file isn't stored in a /tmp folder.
Looks like your directory with sessions is not writable.
That's why php generates a new session file each time.
Check your chmod for sessions folder.
I have a website written in PHP which uses session through cookies. It works perfectly when the app is in a subdirectory, because the cookie path is set to /sub/.
When I try to set up my website in the root directory of my domain (http://domain.tld/index.php), I set the cookie path to "/". According to the PHP documentation, this should not be an issue :
session_set_cookie_params
Path on the domain where the cookie will
work. Use a single slash ('/') for all paths on the domain.
http://php.net/manual/en/function.session-set-cookie-params.php
Unfortunatly, in this case the sessionID seems to change after each page reload. It happens in Chrome and Opera, but for whatever reason, it works with Firefox.
By the way, if the session is not persistent, I can't login or do anything...
Does anyone have already experienced something like this ? Or have an idea ?
EDIT : It happens with Apache on Fedora and CentOS.
I am developing a site on my localhost, where everything works fine, but now that the site is uploaded to the HTTPS side of our inserted ONLINE /inserted server, the $_SESSION variables don't get carried over from the login.php to the index.php page. Both are located on HTTPS, the process never goes out of HTTPS. As I said, everything worked fine on my localhost.
My localhost's PHP is version 5.3.2 and the HTTPS server is 5.2.6. The only difference in settings I can identify regarding sessions is session.use_only_cookies is On on my localhost and Off on the HTTPS server.
Can anyone please shed some light as to why the session variables are not transferred? PS. I do have session_start(); in both login.php and index.php.
Thanks in advance.
Have you checked that the session cookie is carried over between the HTTP and HTTPS requests? And that the same session token is present on both sides?
If the cookie established via the HTTPS page is marked as "secure only", it will not be transmitted to non-SSL pages, so you'd get a brand new empty session on the non-secure pages, which would give you the symptoms of "missing" session variables. They're not really missing, just in some other session which isn't active now.
There are a few things that can go wrong.
Make sure both login.php and index.php are accessed through https. session.cookie_secure defaults to off, but you never know.
Also make sure they are they both on the same domain. Cookies are set per-domain.
Maybe there is some oddball cookie setting? You can view the current session cookie settings with: session_get_cookie_params()
You can also verify how the cookie is being set in your browser (if at all), for Opera you can right-click in the page, select "edit site preferences", and use the "Cookie" tab. Don't know about other browsers from the top of my head ...
Another possibility is a borked session.save_path, run session_save_path() without any arguments to get the current session_save_path, make sure the user running PHP (typically but not necessarily the same user running the webserver) can write to this directory.
I have a Windows server 2008 with apache2. The server has 2 discs and I run an apache instance on both. The first runs as a service the second in the commandline. They both use an exact copy of an identical webroot in their own htdocs folder. Also they both use the same PHP install that is located on the first disc (Program Files (x86)). My application runs over SSL and uses PHP and MySQL.
The webserver that runs as a service runs my application fine and lets me login and has my session data ready at all times. The second server however lets me run my login script, has session data while running the script but loses that session data after a redirect to another page inside the same webroot.
The problem on the second webserver is similar to this question with the exception that I have session_start() on every page.
My login script works like this:
User requests a page
If the user is not authenticated, he is thrown back to the login page
If the user is authenticated, he gets an $_SESSION["auth"] with his profile data
Then when the user is browsing the main page or other pages that need auth, they just check if the $_SESSION["auth"] is set.
Any tips on how to solve this?
EDIT: A small clarification. I do have a session ID on each page. That id does not change when I get redirected. I do NOT have any data in the $_SESSION variable on the page I redirect to.
Look at the permissions of the php session directory where the files for the session are being stored. If php doesn't have the rights to write, create and change files you won't be able to store anything in your $_SESSION var.
I found the solution. The user that runs the webserver did have permission to all paths in the httpd.conf but did not have permission to access all paths in PHP.ini. session.save_path is one of those paths and the server can't access session data if it can't store session data.
The session.save_path was set to C:\Windows\Temp and initially I did not think I had to give permissions to anything but the apache dirs, php dirs and webroot.
Thanks for all your help!
Sessions will break if the user visits a sub-path of your site root and then navigates upwards. This is because the cookie will only be set for that path, not your entire domain. More info here: http://www.php.net/manual/en/function.session-start.php#91298