in my local WAMP server, when I call session_start() the session-id is being set in the cookie as follows and var_dump($_COOKIE) gives the following.
array
'PHPSESSID' => string 'qg8nrlpdtgb391386lhghgv727' (length=26)
so when I call session_start() again, my previous session is resumed.
but when I deployed the same code to my web-server, the PHPSESSID is not being set in the cookie. So as a result, every time I call session_start(), a new session is getting created instead of resume the previous session.
Can anyone please tell me a possible cause of the problem. Do we have to explicitly set the PHPSESSID to the cookie?
Also, In my local(WAMP) I dont have https, but the web-server where I pushed the code is https. Is this a problem?
I am stuck with this for almost 3 days now.
Thanks in advance.
Kanna
Looks like session handling is configured differently on this webserver. You should compare the values set in the php.ini file under the session-section.
Especially:
Is session.use_cookies set to 1?
Does session.save_path point to a valid directory, where the webserver user has write permission
See here for a full list of session-settings:
http://de3.php.net/manual/de/session.configuration.php
I had called session_start() immediately after html < head > tag. This was the problem. When I moved the session_start() method before the html head tag, the problem was solved.
Thanks everyone for your help.
Kanna
Related
I found that session_start() changed the PHPSESSID in the cookie, because without it, the PHPSESSID in the cookie will not change.
But the expected result should be that after refreshing the page, session_start () will not change the PHPSESSID in the cookie and I got the correct result when deploying the same code file to another server.
Another point that confuses me is that in the server in question, the value of PHPSESSID in the set-cookie value of the response header every time the page is refreshed is an unchanged, correct value.
I find that if I set session.auto_start = 1 then the problem is solved.However,I need to call session_save_path() before session_start() so that sessions won't be saved in the tmp directory.I don't know why when I call session_start () manually, the error occurs on this server, but it works fine on other servers.
I have PHP 5.6 running on IIS 8.5. I used this test log:
echo '<p>'.sizeof($_SESSION).' - '.session_id().' - '.ini_get('session.cookie_domain').'</p>';
With it I see that $_SESSION has some elements, cookie_domain is properly set in php.ini as my domain, but session_id() has a different string on each page load. session_start() is being called on every page load.
Any idea on what I can do to make session persistent?
$sessionfile = ini_get('session.save_path') . '/' . 'sess_'.session_id(); shows where the session file is. I'm able to open it and data is there. Indeed it's something in the creation of each session, not in saving their files.
Is it possible that some IIS setting or some asp is reseting the session?
This problem occur most times if you don't have permissions to store the session in your IIS. I had the same problem before a long time. To correct the permissions or the session path solved my problem.
I have followed a tutorial to work with sessions using cookies. I have now two issues:
My lifetime session is too short (one or two hours), eventhough I've set the value of session.cookie_lifetime and session.gc_maxlifetime to "1209600"
I try to save sessions into files using:
ini_set("session.save_handler", "files");
session_set_save_handler($session, true);
session_save_path($rel_path . "/sessions");
where $session is the instance of the sessions I've created but not yet started.
Now, this works correctly when I use it locally with XAMPP, but not when I upload the site online. I guess the problem comes from my web host which is www.ovh.com, but I have no idea on how to solve this problem. Any idea or suggestion?
I solved the issue by adding this line of code:
ini_set('session.force_path', 0);
with the other ini_set and session parameters. The session.force_path parameter wasn't visible in the session section when I printed the phpinfo() locally (using XAMPP), while it was on my web hosting service. This also solved my session lifetime issue as it was depending on the existence of the session file.
I heard my friend say that I don't have to use session_start() to use $_SESSION in PHP? Is that true? If yes, how do I make it work? If I remove session_start() from my code, I can no longer get $_SESSION to work.
Yes it is possible not to have session_start() calls on top of every page necessarily when you want to work with sessions. Thats the job of session autostart. If you set your session to auto start you can avoid those calls, otherwise you must.
session.auto_start boolean
session.auto_start specifies whether the session module starts a session automatically on request startup. Defaults to 0 (disabled).
So if you set session.auto_start to 1 in your php configuration, you wont need to start session manually.
Manual
P.S: It is working fine for your friend and not for you because he/she has enabled session.auto_start and you haven't touched it and by default it is disabled.
My session variables are resetting every time I load a new page.
I have included a header.php file to each script with the session_start() function at the very top like so:
session_start();
error_reporting(E_ERROR);
I have also checked to make sure that the session_id is the same across all pages and it is.
I checked my web host's php_ini config file and I saw that the session.save_path was set to /tmp. I changed it to /var/lib/session/ like someone had suggested on this site and I began to get odd warnings in my code.
Warning: session_start() [function.session-start]: open(/var/lib/php/session//sess_97fca6d21c7ffa8333cd42eaa87f2eac, O_RDWR) failed: Permission denied (13) in /home/mforsyth/public_html/Beesting/header.php on line 2
I do not know what to do to fix this problem. Any help would be useful. If more details are needed please let me know.
EDIT: I have changed the folder back to /tmp and have made sure i can read/write into it and I can. I have also echoed the session id on every page and it all comes out the same. Also it seems that the session only lasts for one page
What happens is that php tries to track your sessions with some information it writes to the directory that ThinkingMonkey mentioned.
As the directory is not writable by the php/webserver process' user, this fails. Thus you don't get a session.
Find out which user the process is running under and grant him the read/write right for that directory.
Thanks for the help. After further investigation and talking to my host about the matter, I was able to find conclude that the problem was NOT the capability of writing to the /tmp folder. In fact what the problem really was, was a javascript function in my header.php include file.
function logout()
{
<?
session_destroy();
?>
alert("you have been logged out");
}
It was avoiding the fact that it was in a function, probably my fault seeing how the two languages are compiled differently. I did a simple ajax call to take care of the session destroy and all is well now. I wonder if anyone else out there has similar problem and if this helps them.
Try restarting the webserver and php service, in case of nginx/php-fpm, try
root#server > service nginx restart
root#server > service php-fpm restart
that should do the trick!
Had the same general problem and it turns out for some reason I was using JavaScript to delete the session cookie.
document.cookie = '[session_name]' +'=; Path=/; Expires=Thu, 01 Jan 1970 00:00:01 GMT;';