PHP sessions work as expected in root directory, and one directory deep. Directories that exist 2 deep end up with a new session id, and all session varaibles are lost.
I include a file config.inc.php (absolute path) into all pages which calls session_start() and initializes the SESSION variables. I found a PHP directive setting that seems to mention subdirectories, but it looks like it is referring to subdirectories of temporarily stored session files.
I've double checked using the HTTPFox firefox plugin, as soon as I visit any page 2 levels deep, the session is gone, and and a new session ID is issued. Very Strange...
Ah, it looks like I was writing my URLS to those particular directories using localhost instead of 127.0.0.1... The different domain caused the browser to think it was a different website, I guess. Changing this solved my problem.
Related
My problem is that multiple session cookies are generated for the same user and browser/tab.
I have a init.php file, which is the only file responsible for starting sessions, the first few lines of said file looks like this:
<?php
session_start();
...
...?>
This file is located at /include/init.php, which itself is in a subdirectory.
i then have a another php file located at /include/phpjson/memberInfo.php.
This file, like all the other files, includes the init.php file. But as soon as this file is executed, another session cookie shows up in the tmp directory.
The problem isn't just that another session cookie is created, but also that my main pages located at root now seems to be using a different session than the ones located in any subdirectory.
after searching stackoverflow and other sites on google, i found that some people recommended using the session_set_cookie_params function to set the path for the session cookies. However, since all the session cookies were already in the same folder, this didn't have any effect.
I understand that whichever file including the init.php will run the containing code from the file itself, not from where init.php is originally located. Which explains why all the files in root seem to be sharing the same session.
The simple solution here is to have every php script in the root directory, but this doesn't seem like the right thing to do.
If there are any questions regarding this issue please ask in the comments. I will try to respond to them as soon as possible.
Thanks in advance :)
Regards
Daniel Holst
I have edited session.cookie_domain = ".mysite.in" in php.ini to share one single session for same user across all the sub domains of my site.
But it is not working weird. Now if I open a session at "www.mysite.in", it gets shared with "mysite.in"(no www), but not with "oth.mysite.in".
PS : The session did not get shared to "mysite.in" before. So edit definitely has some effect.
We are having some issues with PHP Session Cookies not allowing us to log into our *SugarCRM** application which is open source PHP application.
The problem is we have the same application installed on 2 sub-domains like below...
Main site
www.domain.com
Dev site
dev.www.domain.com
Now after logging into one, it will not allow you to login to the other!
Please view the image below to see the Cookie problem...
In the image above you can see that there is 2 PHPSESSID Cookies competing for the Session!
If I now delete one of them, it allows me to login as normal without an issue!
Because this is SugarCRM, I am hoping I can resolve this issue without making really any core file modifications to the application. But if I have to, then we will.
So does anyone have any ideas on a good solution?
Right now my idea for a "Nasty Dirty Hack" which I really do NOT want to have to do. It is to make a button on the login form, this button will use JavaScript to clear/delete the PHPSESSID Cookies but again I would really like to find a proper solution.
If anyone has any ideas, please share? Thank you
UPDATE
Thanks for the answers so far. Please do take into acocunt that this is not a simple PHP application that I built where I can easily do code changes. THis is SugarCRM which is a massive large application with thousands of files
Try to setup in .htaccess parameter on subdomain
php_value session.cookie_domain .domain.com
or use in php code, but before "session_start()"
ini_set('session.cookie_domain', '.domain.com' );
Use
session_set_cookie_params
to set the session from the subdomain, on the principal domain.
Try to use function (http://php.net/manual/en/function.session-set-cookie-params.php):
session_set_cookie_params ( $lifetime, $path, $domain, $secure, $httponly)
And set one $domain = '.domain.com'
Or if you setting session cookie manually by setcookie, then setting the same domain too
Its actually not the domain you need to change, but the "session name" (name of the cookie parameter). Both apps seem to be using the default "phpsessid" and need to be made to differ, otherwise the apps will see eachother sessions, see the wrong session, or try to unserialize classes only defined in the other project.
You need to change the cookie parameter its storing the session ID in. It can be controlled from an environment variable (php.ini, .htaccess, etc.): http://us1.php.net/manual/en/session.configuration.php#ini.session.name
This way you can have multiple PHP sessions on the same domain. For example if you had example.com/sugarcrm and example.com/foo You could have sugarCRM store it's session ID in a cookie param called "sugarsession" (instead of the default phpsessid)
It has been a while since I had this issue but I think all you have to do is write each instances session file to a different directory by editing the config.php in each SugarCRM's file system and change the line
'session_dir' => '',
to point at a different directory.
i have 3 basis directories in public_html directory. For example these are:
Directory_A represents http://site.com
Directory_B represents http://subsite-b.site.com
Directory_C represents http://subsite-c.site.com
i have another directory in public_html named Sessions where i want to save the sessions cookies when logged users visit across the directories (site and sub-sites)
the attached picture demonstrated my directory structure clearly in cPanel.
i face no problem to pass session between the folders and sub-folders in Directory_A. the problem appears when visitors switch from Directory_A to Directory_B or Directory_C (visit from http://site.com to http://subsite-b.site.com or http://subsite-c.site.com) sessions are not passed at all although i set the variable session_set_cookie_paramsin every page of the above stated sub-sites like,
$mysession = session_name("mysession");
session_set_cookie_params(0, '/', '.site.com');
session_start();
notable thing is that presently the variable session.save_path has the following configuration on my PHP server.
session.save_path /tmp /tmp
now, as the sessions aren't passed at all from one directory to another directory in public_html, i changed the configuration of session.save_path by pointing the path to public_html/Sessionslike,
session.save_path /public_html/Sessions /public_html/Sessions
the above change in configuration returns following similar warning in every page of http://site.com , http://subsite-b.site.com and http://subsite-c.site.com when visitors visit these sites.
Warning: session_start() [function.session-start]: open(/public_html/session/sess_0d38g21b3153bb4343g8d687442e76ed, O_RDWR) failed: No such file or directory (2) in /home/user/public_html/Directory_B/index.php on line 4
on line 4 as stated in the above warning i've got the code session_start();
what's going wrong here? is it happening because of improper server configuration? what should i do to pass the sessions properly from one directory to another directory?
any idea or knowledge about this issue shall be well appreciated.
its happening because the old sessions that existed in /tmp you didn't copy them over. It can also mean you didn't set the permission on the directory/files to be able to read by the webserver
You need to use a custom session handler to store the sessions in a database instead of using a directory in the filesystem (e.g. /tmp).
Here's some example code: GitHub, and here's some more info on using a custom session handler in PHP.
When you save the session in a database, you can access them from any site, as long as you can connect to the database. It is simpler than it sounds.
session_set_cookie_params(0, '/', '.site.com');
session_start();
to
session_set_cookie_params(0, '/', '.site.com');
session_save_path('/home/user/public_html/Sessions');
session_start();
I have a script named INDEX.php that runs from root directory //htdocs because that script needs to use $SESSION variables and other things in sub folder.
Now If I try to debug using eclipse, it asks me new work space, even if i put new work space under htdocs. still the settings inside script are lost.
How to resolve this? How to set dev env in eclipse so that it treats as if code is run from htdocs?
This is a poorly asked question. What do you mean "script needs to use $SESSION variables and other things in sub folder"? If you're referring to $_SESSION, it has nothing to do with folders.
If you're saying that values within $_SESSION are not staying there from one execution to the next, then you need to make sure that cookies are enabled, and that whatever browser/environment you are using to view the page supports cookies.
The cookie holds the ID that identifies the session that allows PHP to find the session data. You can also pass the ID from one URL to another, but that probably won't work in your case.