I'm split as to whether this is an SO question or a SF question, so I'm starting here.
We have a legacy application running under PHP 4 (don't ask), and some other code we need to run under PHP 5.
Session data that is set on the PHP 4 side doesn't seem to be visible/present when running code on the PHP 5/cgi side.
I'm doing a session_start, adding some session data under PHP 4, and then doing a var_dump of the session from PHP 5 and $_SESSION is null.
Has anyone got this working?
Environment:
Apache 2.2.x
PHP 4.4.9 (mod_php)
PHP 5.1.3 (cgi)
Centos 5.6
First, have you verified that the session.save_path is the same for both versions of PHP? You can get/set it with session_save_path().
Second, are you sure both PHP instances are using the same session ID, or is each version generating its own session ID? You can get/set it with session_id(). If they aren't, verify that the session.name is the same, or else they might be trying to load the session ID from different cookies. (Can be get/set with session_name().)
Even if both of the above match, I don't know whether or not they can even share a session like that. If not, you can define a custom session handler for both of them to use. That's how applications that are load-balanced usually work -- they have a custom session handler that saves session info wherever/however they want (usually in a database instead of files), and all servers can access that shared location. See session_set_save_handler().
Related
I am starting an old app refactoring, I will rebuild some functionality from spaghetti code to MVC (Symfony). Plan was I will set up new IIS app, using subdomain. Now, old app is running PHP 5.3 which can't be upgraded. New app will be running on PHP 5.6. Only thing I need to carry is authentication. I can have login script either on old or new app.
I tried setting session cookie params but I can't get it working.
Is it possible at all or do I have to use database?
If it is not possible, can that be achieved in Apache?
Edit:
What I'm to do is:
session.cookie_domain = ".dev"
In both php.ini. Then I start the session in one, set a session variable.
session_start();
$_SESSION['test'] = 123;
Then in the second app (php 5.6) I'm trying to read it:
session_start();
var_dump($_SESSION);
But it's empty.
Apparently setting session cookie domains does not work for top level domains (TLD), like .dev
Changed my code to:
ini_set('session.cookie_domain', '.local.dev');
and now I am able to set session variables on .local.dev website and read them in new.local.dev
Both apps are physically in separate folders, operate from two IIS entries and using different PHP versions.
For sharing session between different php versions, they have to physically have the same session.save_path ini setting which defaults to /tmp.
So if you have two PHP versions in different Docker containers, you should set the session.save_path for both versions to something like /tmp/php_session and then share that directory with both Docker containers.
I'm having an issue with a Symfony2 site. I've got the codebase running on a production server, which is absolutely fine but I'm trying to get another developer started on the project and we're running into issues getting the build up and running. The environments are pretty much identical, the developer is using a Vagrant instance, the same provisioning on that instance was used to provision an EC2 instance on AWS.
When a form is submitted the action goes through and stores values to the session using Symfonys session handler before redirecting to another action which makes up step two of the form. I can see in Xdebug that the values are being added to the global $_SESSION variable, however when I reach the next break point in the second action the $_SESSION variable is missing the content that it had on the previous action. I'm not clearing the session anywhere, and as I said it works fine on production.
It's almost as if Symfony isn't storing session data between page loads, does anybody have any ideas?
Things tried
Adding cookie domain to the config
Setting permissions to 777 (just to test)
PHP Versions are one minor iteration apart (5.4.28-1 vs
5.4.27-1)
I had a similar issue after upgrading from PHP 5.4.27 to PHP 5.4.28, and in my case it was related to this bug: https://bugs.php.net/bug.php?id=66171
Quote from the description:
Second problem: When the session.save_path is a directory that
everyone can write into (like on Debian), even if it's not possible to
find the IDs of existing sessions, a local attacker can just create a
new session file with malicious session data, chmod it to 666 and
access any webapp hosted on the system with the session ID he chose.
The webapp then opens the session file and treats it as if it had
created it. My fix: fstat() the session, check the uid that created
the file. If it's neither the result of getuid() nor uid 0, ignore the
existing file.
They now compare the owner of the session files with the user executing the PHP script, and if the uids do not match, the session file will be ignored.
In my case, the apache user had write access to the session files through group rights, but because the uid did not match, PHP would not load the session files.
Have a look at your session files (you can find the save path in your php.ini file), and make sure the owner of the files match the user attempting to access them.
is it possible and how to pass php session variables i have with a php and apache.
I have a main site with log in option for my users that runs from apache server and I want to use nginx as a chat/communication server that automatically gets all session variables i have in apache/php session without to pass php session id (for security reason). Both servers have a same ip and stais on a same domain. Nginx server will be on subdomain. Already have set php session to work on any sub domain but is this is valid also if I use nginx server.
Any example will be helpful.
Thanks in advanced.
Technically, the php sessions are files, which are usually located somewhere in /tmp. So once you've the session cookie, you can just read and unserialize the file's contents — after checking, it goes without saying, that the session is not expired.
If you need a more convenient format, look at php's session options. I'm quite sure you can serialize it as json for more portability, and there are ways to store sessions in SQL or even memcached.
I was wondering if any one could teach me how to use sessions in GAE php. I know that the usual method is to use session_start() in every page that wants the session to carry over and then assign variables using $_SESSION['name'].
But PHP on GAE is a bit confusing at times.
https://developers.google.com/appengine/docs/php/?hl=en#Sessions
I have some idea on memcache but dont know how to use it to store session variable. Can any one tell how I can create a session variable so that when I redirect using header the variables will be present too.
Eg.
First.php
session_start();
$_SESSION['name'] = Abilash;
header('location: second.php');
Second.php
session_start();
echo $_SESSION['name']; // should output Abilash.
Now how do I do that in GAE. Whenever I try to redirect using header the redirected page loads but the session variables are not passed through.
You should not need to do anything to get sessions working, as we automatically put them into memcache by default.
Perhaps the session cookie is not being passed by your browser for the second request. I'd turn on developer tools in chrome to make sure you see that the cookie is on the request and I'd also output the result of session_start() to check it's returning true.
You should not need to do anything to get sessions working, as we automatically put them into memcache by default.
was very misleading to me. It may worked back then. Nowadays, each PHP instance has it's own PHP session management by default. If you like centralized PHP session management stored in Google GAE memcache, you have to configure it!
A working possible legacy solution:
https://cloud.google.com/appengine/docs/standard/php-gen2/services/access#session
you need legacy bundled services for PHP
deployable just with the beta SDK: gcloud beta app deploy
I am trying to develop an Apache 2 module that, among other functions, should intercept certain POST variables, and then establish a PHP session underneath, setting all the relevant session variables.
One option I've considered was using cookie libraries to set the PHPSESSID in the request, and then insert all these values in the $_SESSION associative array.
Problem is I can't seem to find an API for the PHP, and my suspicions that these values actually lie underneath, in the Apache server itself, are currently unfounded.
Does anyone know if this is even possible? Or even if I am overlooking a simple workaround that would work?
I eventually decided to write a PHP extension, alongside another handler on my Apache Module, since I prefer to parse some POST vars there.
The module will "chew" the data that needs to be saved to the session, and pass it off as new POST variables, after criptografically validating the data. The PHP extension will then start a new session, and set each item as a Session variable.
This assumes my module will run before the PHP module itself. In case that doesn't happen, I will have to handle the validation on PHP, or try to force the handler to run before PHP somehow.