I've got the weirdest problem with Cookies. I've written some PHP script that uses tokens to identify the visitor so that "he/she" can use the website correctly.
The Token system is working perfectly on the local development machine (windoze+ZendApache) and doesn't work on the production server, which is on Bluehost.
I use "/" for path and "mydomain.com" for the domain when setting the cookie with an expiry of 60 days. I can see the cookies on the browser correctly and I can confirm that the values are set correctly when compared to the values in the database.
Every time the page gets refreshed the server doesn't get the cookie and creates a new token and sends it back to the browser and is creating a new record in the database again. The new cookie matches the latest record again, but next time I refresh, same thing all over again. Can't maintain the token, so navigating the site is impossible.
Any idea why this is happening? Is it possible that I've missed some setting?
I've tested it on latest Firefox, Opera, Safari and Chrome.
Thanks.
EDIT:
It is a PHP & Bluehost related issue, I was storing 3, 40-character strings on the value of the cookie in serialized format. The unserialize() function wasn't executing for some reason on Bluehost but was running fine on my dev machine. So I changed the stored value to 40chars.40chars.40chars and exploded the value with the delimiter "." to get the 3 strings.
Thanks again.
you should use
.mydomain.com
instead of
mydomain.com
for example:
setcookie("MyCookie", $value, time()+60*24*3600, "/", ".mydomain.com", 1);
Related
I use ngrok to tunnel localhost to a web address
./ngrok http 80
I use only custom PHP code. Last time I tested it was working ok. Now, I can't login because it seems my PHP resets the data stored in session every 5 or so requests.
When I say reset I mean that my code calls session_id() does not get it and resets that valuable session data including internal captcha code! At the end captcha comparison fails!
Everything works fine at localhost though!
I reset session.cookie_domain with ini_set() setting the ngrok url.
Any ideas?
At last I found it: for a address xxx.ngrok.io just set php session cookie for domain .xxx.ngrok.io and do not include http.
The cookie is not deleting on my Debian apache server but deleting fine on my local xampp.
Here is the code i used for setting cookie
$token = substr(hash('sha512', mt_rand() . microtime()), 0, 50);
$extime = time()+86500;
$url_parts = parse_url(current_url());
$domain = str_replace('www.', '', $url_parts['host']);
// set cookie
setcookie('rememberme',$token,$extime,"/",$domain);
This code works on the server and rememberme cookie is created on the server.
Here is the code I used for deleting it
// Delete Cookie
setcookie('rememberme',"",0,"/");
The above code work fine on local but not working on my server.
I hosted the test application as subdomain with url like http://example.com/myproject and $domain give value .example.com
If someone knows why it not working properly on server please help me.
As per my comment: (and add the domain as an argument).
setcookie('rememberme',"",0,"/",$domain);
Many a times, it needs the domain.
From the manual on cookies: http://php.net/manual/en/function.setcookie.php and from User Contributed Notes:
"if you are having problems seeing cookies sometimes or deleting cookies sometimes, despite following the advice below, make sure you are setting the cookie with the domain argument. Set it with the dot before the domain as the examples show: ".example.com". I wasn't specifying the domain, and finally realized I was setting the cookie when the browser url had the http://www.example.com and later trying to delete it when the url didn't have the www. ie. http://example.com. This also caused the page to be unable to find the cookie when the www. wasn't in the domain. (When you add the domain argument to the setcookie code that creates the cookie, make sure you also add it to the code that deletes the cookie.)"
I have PHP 5.6 running on IIS 8.5. I used this test log:
echo '<p>'.sizeof($_SESSION).' - '.session_id().' - '.ini_get('session.cookie_domain').'</p>';
With it I see that $_SESSION has some elements, cookie_domain is properly set in php.ini as my domain, but session_id() has a different string on each page load. session_start() is being called on every page load.
Any idea on what I can do to make session persistent?
$sessionfile = ini_get('session.save_path') . '/' . 'sess_'.session_id(); shows where the session file is. I'm able to open it and data is there. Indeed it's something in the creation of each session, not in saving their files.
Is it possible that some IIS setting or some asp is reseting the session?
This problem occur most times if you don't have permissions to store the session in your IIS. I had the same problem before a long time. To correct the permissions or the session path solved my problem.
I'm working on a RackSpace server, and I am unable to successfully write cookies or persistent sessions through PHP (I can write javascript cookies just fine).
The cookies are never written at all, and the sessions are never accessible on any page but the one they're written on. I've tried the exact same code on a different server, and it worked just fine -- so I'm assuming it's some kind of configuration issue.
Here's an example:
Sessions
Page 1:
session_start();
$_SESSION['mysession'] = 'hello';
//writes correct value
echo $_SESSION['mysession'];
Page 2:
session_start();
//this dumps 'NULL'
var_dump($_SESSION['mysession']);
Cookies:
//this never gets written.
setcookie($mycookie, $myvalue, time() + (86400 * 30), "/");
Are there any particular server settings I should be looking at?
I ran phpinfo, and see my session.save_path. I tried setting that to 777 just to see if it would help, but it did not.
I'm stumped, and their support couldn't help me. Anyone have any ideas?
Edit:
Upon closer inspection, I can see that the sessions are being written -- I just can't read them.
You can gather more information by creating a php file with content:
<?php phpinfo();
Request this site and search for the session settings.
- Are sessions really enabled?
- Which session save handler is used?
Maybe the session data is not even saved in a file and the error is anywhere else.
I have dedicated a server to maintain Memcached and store sessions, so that all my servers can work on the same session without difficulties.
But somehow I think I may have misunderstood the meaning of Memcached possibilities about PHP sessions.
I thought that I would be able to stand on Apache 1 a.domain.com and create a session e.g. $_SESSION['test'] = "This string is saved in the session" and then go to Apache 2 b.domain.com or c.domain.com and simply continue the session and type echo $_SESSION['test']; and it would output the string.
It doesn't, but i am sure that I was told that memcached would be a great tool if you have multiple webservers to share the same session.
What have I done wrong?
By the way. We seriously need a fully detailed tutorial or ebook to describe how to set up the server, using php, building clusters etc. based on Memcached.
In my php.ini file it says:
session.save_path = "192.168.100.228:11211"
Tutorials told me not to define a protocol, and the ip address has been given to the Apache 3 - memcached Server
Here is an image of phpinfo()
The domain in session.cookie_domain is not called domain but it is a .local.
It has been changed for this image.
EDIT:
Just for information. When I am using a simple Memcached based PHP command - everything works perfectly. But somehow when I am trying to save a session, the memcached server doesn't store the item.
This works:
<?php
$m = new Memcached();
$m->addServer('192.168.100.228', 11211);
$m->set('int', 99);
$m->set('string', 'a simple string');
$m->set('array', array(11, 12));
/* expire 'object' key in 5 minutes */
$m->set('object', new stdclass, time() + 300);
var_dump($m->get('int'));
var_dump($m->get('string'));
var_dump($m->get('array'));
var_dump($m->get('object'));
?>
This doesn't work
<?php
session_start();
$_SESSION['name'] = "This is a simple string.";
?>
EDIT 2: THE SOLUTION
I noticed that after deleting the cache history including cookies etc. the browser didn't finish the job. The problem continued due to the fact, that it hang on to the original individual session id, which made each subdomain separated from each other.
Everything defined here is correct, just make sure your browser resets its cookies when you ask it to. >.<
By default (session) cookies are domain specific, so set the cookie domain in your php.ini
session.cookie_domain = ".domain.com"
Also see here
Allow php sessions to carry over to subdomains
Make sure to restart your webserver and clear all of your browser cookies after making the change. Your browser could get confused if you have cookies with the same name but different subdomains.
Other things to check:
That the sessions work fine on each individual server.
Make sure the session handler is set properly by using phpinfo() if you are working with a large codebase especially inherited / 3rd party stuff there may be something overriding it.
If you are using 3rd party code - like phpbb for instance - check that the cookie settings are correct in there too.
(please note this answer tidied to remove brainstorming, kept all relevant info)