I have a main directory named System with a sub-directory named Subsystem. My session from main directory is not working in the sub-directory.
When I echo session_save_path(); in both folders, they show me "/tmp".
Then, I tried to put session_save_path("../tmp"); in my sub-directory but it shows me "This webpage has a redirect loop".
session.php in System directory:
<?php
session_start( );
if (!($_SESSION['uid']))
{
header("Location:index.php");
}
else
{
$_SESSION['uid'] = $_SESSION['uid'];
}
?>
session.php in Sub-system folder:
<?php
session_save_path("../tmp");
session_start( );
if (!($_SESSION['uid']))
{
header("Location:index.php");
}
else
{
$_SESSION['uid'] = $_SESSION['uid'];
}
?>
I have Googled all over, but I still cannot get it to work.
The directory does not affect your session state (all directories of a given Apache-PHP website will access the same session in a standard configuration). You should not have to use session_save_path().
I think the problem in part is that you're setting 'uid' to itself ($_SESSION['uid'] = $_SESSION['uid'];) - therefore potentially never actually setting it to a value - and potentially redirecting indefinitely if it's not set.
I suggest this simple test to ensure that your sessions are, in fact, working:
/session_set.php
<?php
session_start();
$_SESSION['uid'] = 123;
/sub_dir/session_get.php
<?php
session_start();
echo $_SESSION['uid'];
A session creates a file in a temporary directory on the server where registered session variables and their values are stored. This data will be available to all pages on the site during that visit.
The location of the temporary file is determined by a setting in the php.ini file called session.save_path. so pleasse check this path.
Also [session-save-path()][1] Get and/or set the current session save path.
I think u dont need to write this line and check your php.ini for correct path.
for session i found some useful article http://www.tutorialspoint.com/php/php_sessions.htm
Thanks.
Related
I have a login.php in the root directory. On valid user login, it executes the following code :
function log_in($id,$keep_login)
{
$_SESSION['auth'] = true;
$_SESSION['id'] = $id;
if($keep_login==TRUE) {
setcookie(session_name(),session_id(),time()+LOGGED_IN_TIME);
}
}
On login.php, in the starting, after including header file (header file contains session_start on first line), I check if a user is logged in using this function :
function logged_in()
{
if(!isset($_SESSION['auth'])||empty($_SESSION['auth'])||!isset($_SESSION['id'])||empty($_SESSION['id']))
{
return false;
}
return true;
}
And if the user is already logged in, I redirect them to profile.php using :
if(logged_in())
{
header('Location: profile.php');
}
I have another file enter.php in /sources/enter.php
The login data from login.php is sent to enter.php . However, in enter.php , I see that the user is already logged in. i.e. logged_in() returns true. Curious about this, I echoed the session id on both login.php and enter.php , and the ids were different.
BTW, I include the header file like this :
$included=TRUE;
require_once 'sources/headers.php';
Does the initialization of $included before session_start (session is started in headers.php) interfere with the session?
Although I AM logged_in, somehow my login.php cannot access my session. Can someone point the problem to me?
UPDATE : when I move enter.php to the root directory (same as login.php), it works like it should. Although for security reasons, I want to move it to /sources/enter.php . Any solution?
ANOTHER UPDATE : just came to know that when I move the enter.php to the root directory,
the files in any subdirectory cannot access the session. The session variables are there, but the session id is different.
AND ONE MORE UPDATE : I just discovered, that the session id in the subdirectories is another id, and contains different $_SESSION variables. What I mean, that root directory has $_SESSION['id']=1 and the subdirectories have $_SESSION['id']=4. Maybe this is because the session id's are different.
Any output by the server before session_start() will interfere and cause your session to fail.
I'm not sure if that's your case but you should add session_start() as the first thing written in your config file. Make sure it's the first thing ever executed on a page.
Sometimes session_start() gets rekt if your file encoding is not utf8-without-bom (you should be using that at all times).
I finally found the problem. It was not in the script. When I used another browser, it worked perfectly. Then i thought that Chrome must have preserved the old session cookie, and was still using it when in the subdirectory. I cleared cache, and it now works. Huh! Such a simple answer it was, I still need to learn. Thanks guys for helping me out!
I am setting user id to the session on login in my website.On echoing the session variable soon after being set, it is displayed.But after that iam redirecting this to another page where session is strated and then checked for the session.But it displays error message that undefined index user_id.This code is working in localhost,was working in server also.But now it displays error.Unable to login to the website due to the problem in setting session.
$_SESSION['user_id'] = $user_id;
header('location:home.php');
In home.php
include('session.php');
in session.php
session_save_path('include/session_store');
session_start();
if(!(isset($_SESSION['user_id'])))
{
header('location:signin.php');
}
On advise from fellow stackoverflow users ,I tried this.Created a test.php file.
session_save_path('include/session_store');
session_start();
$_SESSION['yahoo'] = 'yahoo';
header('location:test2.php');
in test2.php
session_save_path('include/session_store');
session_start();
echo $_SESSION['yahoo'];
Now in localhost yahoo is printed.But in server, blank screen is displayed.The session_store folder contain some 0kb files also.
make sure yout do session_save_path('include/session_store');
session_start(); on signin.php and also make sure include/session_store is writable
you said its working on,localhost, then definitely problem is include/session_store is not writable.
Do you have right permissions on include/session_store ? It has to be 777.
You may print echo session_save_path() to ensure that the option is setted.
And at last, without changing the save_path the session works correctly? Your server may have some redirecting rules (mod_proxy) that could have repercussion on your session.
If you have php 5.4 you could try to print session_status()
http://www.php.net/manual/it/function.session-status.php
Problem could be from the path where the session is stored
On your Web hosting file manager set the session path to /tmp/
If there's no folder called tmp then create it
My web application sets session every time a user logs in.
I checked that sessions are properly set in http://mydomain.com/sessionfolder directory.
But I can't get those session values.
For example, in 'member_check.php' in root directory ('/'),
echo "Your name is = ".$_SESSION['membername'];
I get 'Your name is (blank)'
Thanks.
Have you tried setting the session savepath manualy? When I am using the servers supllied by my school I always have to set it by my self, because of some setting on the servers.
The following line should be included BEFORE the session_start();
session_save_path('your_path_here');
DonĀ“t forget to create the folder and set the folder permissions to read and writeable for everyone..
At the top of your script you must init sessions:
if ( ! session_id())
{
session_start();
}
Problem PHP session in different folder.
I have problem with PHP session.
There are two folder: A AND B When I already logged in Folder A then i click link access to folder B when come to index.php file in Folder A. It doesn't to recognize session state.
PHP Code:
if(!isset($_SESSION))
{
session_cache_expire (21900);
$cache_expire = session_cache_expire();
session_start();
}
How can i check session redirect ?
f(!isset($_SESSION['a'])){
redirce to a
}
f(!isset($_SESSION['b'])){
redirce to b
}
Best Regards
Try this:
if(!session_id()) {
session_start();
session_cache_expire (21900);
}
Check your phpinfo() and look for suhosin.
If it is installed then you should disable it in order to let sessions be shared betwen different paths.
This is happening because the validity scope of the PHPSESSIONID cookie is restricted to the folder A, so in folder B it doesn't get fed the same cookies. You have to change that to the parent folder containing both A and B.
I have this written at the very first line on every page of my website.
include("restd.php");
and restd.php contains the following lines :
#session_start();
if(isset($_SESSION['id']))
{
}
else
{
header("location:index.php");
}
The problem i'm facing is that when ever i click or do something on my website. it logs me out and takes me to index.php.
im sure its something to do with the session. ive tried every single thing to avoid this problem but i ahve used restd.php because i dont want anyone to copy the url of someone and paste and get into the website.
anyone who is logged in only can view other's pages. if they arent logged in then they'll be redirected to index.php
EDIT : and guys a confusing thing is that all this is working fine on my testing server which is easyPHP-5.3.8.0 but this problem is coming up when i upload all the files to my server.
Your session directory (probably /tmp/) is not writable.
Check with session_save_path() if it is writable.
if (!is_writable(session_save_path())) {
echo 'Session path "'.session_save_path().'" is not writable for PHP!';
}
Do you actually set $_SESSION['id'] on a page...
What you are trying to do here is:
Start a session and load the $_SESSION from the session handler
Check if $_SESSION contains key 'id'
Redirect to index.php if $_SESSION['id'] is not set
Do you actually do this in index.php?
session_start();
$_SESSION['id'] = something;
you need declare $_SESSION['id'] :
file1.php
session_start();
$_SESSION['id'] = '123'
file2.php
include 'file1.php'
if(isset($_SESSION['id']))
{
}
else
{
header("location:index.php");
}
In my case I forgot that I had the PHP flag session.cookie_secure set to on, while the development environment was not TLS-secured.
More information about Session/Cookie parameters.
I know this is an old thread, but the following helped me with the same problem after hours of despair. Found on: http://php.net/manual/de/function.session-save-path.php
I made a folder next to the public html folder and placed these lines at the very first point in index.php
Location of session folder:
/domains/account/session
location of index.php
/domains/account/public_html/index.php
What I placed in index.php at line 0:
<?php
ini_set('session.save_path',realpath(dirname($_SERVER['DOCUMENT_ROOT']) . '/../session'));
session_start();
?>
Hopefully this will save you time.
Check maybe your session path does not exist
so you can save PHP session path using:
ini_set(' session.save_path','SOME WRITABLE PATH');
Couple things:
your include file doesn't have the <?php ?> tags, so the content will not be evaluated as PHP
Session_start must be called before you start outputting anything. Is that the case?
You still don't even answer where you SET $_SESSION['id']. $pid = $_SESSION['id'] does not set the session variable. session_start() comes before ANYTHING session related, it's not shown before your include.
I had the same problem and found a work-around for it. If anybody can explain why the session is not read even when the cookie is there, please let me know.
<?php
// logged.php
// The PHP session system will figure out whether to use cookies or URLs to pass the SID
if(!isset($_COOKIE['PHPSESSID']) && !isset($_GET['PHPSESSID']) && authenticationRoutine(/* Returns true if succesfully authenticated */) ) {
session_id(uniqid("User--"));
session_start();
$_SESSION['id']=session_id();
}
?>
<?php
// Insecure restd.php (The user can forge a stolen SID cookie or URL GET request, but that is inherent with PHP sessions)
if(!isset($_COOKIE['PHPSESSID']) && !isset($_GET['PHPSESSID']) {header('Location: index.php')}
?>
.
[EDIT]
Even though the cookie was there and I prevented starting a new session, the session had not been read and started, so no session variables were available. In this case I check if the session has been started first (not using session_status() because it doesn't exist in PHP 3.5, which for some reason is the most widespread among hosts). If no session has been started within PHP, I check if it had been started before by testing the cookies and GET variables. If a session ID was found, the script resumes the session with that ID. If no ID is available, the user gets redirected to the index.
<?php
// restd.php
if(empty(session_id())) {
if(isset($_COOKIE['PHPSESSID']) && !empty($_COOKIE['PHPSESSID'])) {session_id($_COOKIE['PHPSESSID']);}
elseif(isset($_GET['PHPSESSID']) && !empty($_GET['PHPSESSID'])) {session_id($_GET['PHPSESSID']);}
else {header('Location: index.php'); exit(0);}
session_start();
}