I've a file in which i've this code
session_start();
session_register("name");
$name = "test";
When i saw the cookies in chrome,it says this is in root folder.
My question here is where does this session get saved on my xampp of local host and where does my session saved in go daddy shared hosting.
If i've session_start(); $_SESSION['id'] ="some value"; ,i can use this some value in all pages,this is what i under stood from reading about session,correct me ,if i'm wrong.
I used this in my shared hosting but when i call the session variable in another page,it is empty,i do not know whether my hosting has session save write permission or what is the reason it could be empty.
There are 2 settings for session saving:
In Shared memory.
In Files.
In case of files you can access the session data, whereas in case of memory you cannot.
to access the session data get the folder path by using this function session_save_path();
Note:- Hosts protect these type of folders so that they cannot be accessed directly
one more thing to check if the session setting is in folder or memory check your phpinfo();
and if files are selected You can explicitly change the path by the same function session_save_path(); Please check: Check Here
The session is saved in the server as a file named for example 1234. This is a textual file. It's saved in a path configurable by php.ini.
Client side a cookie is saved. The content of the cookie is equal to the name of the sessione file 1234. The borwser for each request send the cookie content so the server reads the content of the cookie and checks if a corresponding session exists. For problem using sessions... provides us more code!
To use sessions, you need to do:
session_start();
And then you can do:
$_SESSION['id'] ="some value";
and use it:
$id = $_SESSION['id'];
session_register is a deprecated function, you should not be using it. Anyway, you were using it in the wrong order (the last thing you should do with a value is register it, you were registering a null valued $name variable).
you need to save the new value as
$_SESSION['name'] = "test";
$_SESSION['name'] IS NOT EQUAL TO $name
hence saving value as $name = "test"; will not be saved in $_SESSION['name']
You must call session_start(); on every page to retrieve the saved session in propogation from one page to required page. or set it on/1 in php.ini file(not recommended)
The location of the $_SESSION variable storage is determined by PHP's "session.save-path" configuration. Usually this is "/tmp" on a Linux/Unix system. Use the phpinfo() function to view your particular settings if not 100% sure by creating a file with this content in the DocumentRoot of your domain:
<? phpinfo() ?>
check the below link for more details
session.save_path
The session is stored on the server but the session ID is stored on the users computer as a long random ID. There is no way for the user to edit the session however they may be able to steal a session ID and use it on an unauthorised account.
IT could be possible that you have register_globals set to 1 in the php.ini. It is highly recommended that you turn this off as it could be used maliciously but this would explain why setting $name could also set $_SESSION['name']. It basically allows all variables to be set from that one point.
With Go Daddy 4GH hosting the sessions will save, by default, to the /tmp directory that is at at the same level as your /html directory. You can find the full path to this using these steps.
To Find Your Absolute Hosting Path
1. Log in to your Account Manager.
2. Click Web Hosting.
3. Next to the hosting account you want to use, click Launch.
In the Server section, your hosting account's Absolute Hosting Path displays.
If this is not where you want to save your sessions you can change this in your php.ini file or using session_save_path() function in your script.
For information on this for your XAMPP stack you can check here.
Related
You are about to send an email using the outgoing email api. At this time, access_token only needs to be acquired once, so I want to run the authentication process once and share it in several sessions without renewing the key until the key expires. Usually, if you save it to a database or to a file, you will be able to access it anywhere within php of the Apache web server. However, I would like to ask you how about saving it in a better place than saving it in this database or file. For example, isn't it a good idea to store it in php's super global variable?
if($_GLOABLS['token'] != null)
$_GLOABLS['token'] = access_token;
Another place where you can store some information is the environment. I wouldn't put loads of variables there, but a few is fine.
I actually use it for a few variables that are different between production and development. This way, the source files can be identical.
If you have access to the php.ini files then you can store it in there.
If you are using apache and have access to .htaccess file, then you can store like this
setenv My_Variable value
If you are using xampp, then you can place it in F:\xampp\apache\conf\extra\httpd-xampp.conf
SetEnv PHP_DEBUG 1
And you can read it in your php as
$MyVariable = getenv('My_Variable');
$Debug = (getenv('PHP_DEBUG'));
The problem is that every time I refresh the page or when I change the page to another one, the session_id changes and new session file is created in session_save_path.
Here is the initial part of my code:
<?php
session_start();
echo session_id();
...
?>
Obviously the session variables (which is the thing that I need) don't work.
A curious thing is that the page works fine on localhost but doesn't work when I try it on the server.
Thanks in advance.
Check this setting in your server: session.auto_start
This will cause session to be autostarted in each page whether you call session_start() or not.
Make sure that there are no phantom CRLFs or such stuff before session starts. In production the error_reporting can be off so it might not get caught, but the session might find difficulty getting written. This can sometimes cause this.
On your server, in php.ini check TTL for your cookies. session.cookie_lifetime defines how long the cookie will last in seconds (default is 0, which means until the browser is closed) and session.gc_maxlifetime defines how long before the data is deleted, also in seconds.
And make sure the session file isn't stored in a /tmp folder.
Looks like your directory with sessions is not writable.
That's why php generates a new session file each time.
Check your chmod for sessions folder.
i have 3 basis directories in public_html directory. For example these are:
Directory_A represents http://site.com
Directory_B represents http://subsite-b.site.com
Directory_C represents http://subsite-c.site.com
i have another directory in public_html named Sessions where i want to save the sessions cookies when logged users visit across the directories (site and sub-sites)
the attached picture demonstrated my directory structure clearly in cPanel.
i face no problem to pass session between the folders and sub-folders in Directory_A. the problem appears when visitors switch from Directory_A to Directory_B or Directory_C (visit from http://site.com to http://subsite-b.site.com or http://subsite-c.site.com) sessions are not passed at all although i set the variable session_set_cookie_paramsin every page of the above stated sub-sites like,
$mysession = session_name("mysession");
session_set_cookie_params(0, '/', '.site.com');
session_start();
notable thing is that presently the variable session.save_path has the following configuration on my PHP server.
session.save_path /tmp /tmp
now, as the sessions aren't passed at all from one directory to another directory in public_html, i changed the configuration of session.save_path by pointing the path to public_html/Sessionslike,
session.save_path /public_html/Sessions /public_html/Sessions
the above change in configuration returns following similar warning in every page of http://site.com , http://subsite-b.site.com and http://subsite-c.site.com when visitors visit these sites.
Warning: session_start() [function.session-start]: open(/public_html/session/sess_0d38g21b3153bb4343g8d687442e76ed, O_RDWR) failed: No such file or directory (2) in /home/user/public_html/Directory_B/index.php on line 4
on line 4 as stated in the above warning i've got the code session_start();
what's going wrong here? is it happening because of improper server configuration? what should i do to pass the sessions properly from one directory to another directory?
any idea or knowledge about this issue shall be well appreciated.
its happening because the old sessions that existed in /tmp you didn't copy them over. It can also mean you didn't set the permission on the directory/files to be able to read by the webserver
You need to use a custom session handler to store the sessions in a database instead of using a directory in the filesystem (e.g. /tmp).
Here's some example code: GitHub, and here's some more info on using a custom session handler in PHP.
When you save the session in a database, you can access them from any site, as long as you can connect to the database. It is simpler than it sounds.
session_set_cookie_params(0, '/', '.site.com');
session_start();
to
session_set_cookie_params(0, '/', '.site.com');
session_save_path('/home/user/public_html/Sessions');
session_start();
I am using session to store some data in my php website, but in some page when I fetched the data in the session is changed some times and some time its same.
I searched lots of and find some answer at
session id value changes
" if you have register globals on, you may be seeing behavior like that if you use the variable $id in your code. As a test, try:
<?php
session_start();
$_SESSION['testing'] = 'Foo';
$testing = 'bar';
die($_SESSION['testing']);
?>
"
help me i searched in my php file but i dont find similar variables like session variables so what is the problem ??
give me some details about php session and if possible suggest good books.
edited :
i have set the php.ini as all of you saying its problem of register_global off and than ckeck by using phpinfo(); function and check the register_global is off.
but after some time i logged in with my id and than at mypage menu.php accessed by me after that its changed session logged id and i logged in another account automatically.
please help me
Disabling Register_Globals by adding the following line in your php.ini file may fix this problem.
register_globals = Off
If you are using a Shared Web Hosting service, follow:
If you have access to /cgi-bin folder then create your custom php.ini file inside it.
And if you dont have access, then create your custom php.ini file in root folder.
And then add above mentioned line in php.ini file.
Adding the following line of code in your .htaccess file also fix your problem.
php_flag register_globals off
You shouldn't be using register globals so it shouldn't be an issue.
Add this line to .htaccess to disable if you have register globals running:
php_flag register_globals off
it can't be done with ini_set() at runtime so you will need to use htaccess or php.ini as in previous answer.
It's unlikely these days that register_globals is your problem. More likely it's to do with a) where the actual session data is being stored; and b) how the "session ID" is being transmitted from one request to the next.
The first thing to look at is session_save_path(), which tells PHP where on disk to store the data that you put into the session variables.
The other part is a little more complicated, but is about how the cookie is set which lets PHP know to load the same session rather than creating a new one. You might need to look at things like the lifetime of this cookie, or the scope (domain / sub-domain / URL path) it applies to. Have a look at session_set_cookie_params(), and in general have a read through that section of the PHP manual to understand how sessions work.
I have a Windows server 2008 with apache2. The server has 2 discs and I run an apache instance on both. The first runs as a service the second in the commandline. They both use an exact copy of an identical webroot in their own htdocs folder. Also they both use the same PHP install that is located on the first disc (Program Files (x86)). My application runs over SSL and uses PHP and MySQL.
The webserver that runs as a service runs my application fine and lets me login and has my session data ready at all times. The second server however lets me run my login script, has session data while running the script but loses that session data after a redirect to another page inside the same webroot.
The problem on the second webserver is similar to this question with the exception that I have session_start() on every page.
My login script works like this:
User requests a page
If the user is not authenticated, he is thrown back to the login page
If the user is authenticated, he gets an $_SESSION["auth"] with his profile data
Then when the user is browsing the main page or other pages that need auth, they just check if the $_SESSION["auth"] is set.
Any tips on how to solve this?
EDIT: A small clarification. I do have a session ID on each page. That id does not change when I get redirected. I do NOT have any data in the $_SESSION variable on the page I redirect to.
Look at the permissions of the php session directory where the files for the session are being stored. If php doesn't have the rights to write, create and change files you won't be able to store anything in your $_SESSION var.
I found the solution. The user that runs the webserver did have permission to all paths in the httpd.conf but did not have permission to access all paths in PHP.ini. session.save_path is one of those paths and the server can't access session data if it can't store session data.
The session.save_path was set to C:\Windows\Temp and initially I did not think I had to give permissions to anything but the apache dirs, php dirs and webroot.
Thanks for all your help!
Sessions will break if the user visits a sub-path of your site root and then navigates upwards. This is because the cookie will only be set for that path, not your entire domain. More info here: http://www.php.net/manual/en/function.session-start.php#91298