I'm having some "fun" sharing session between magento and Symfony2. It works really well on my computer (mac osx 10.6 + PHP 5.3.3) and here is the mechanism :
User logs in into magento (on foo.example.com)
User goes on another website (bar.example.com) and is logged as well.
Session are stored as files under the magento var/session directory.
The session cookie is set to be shared on all .example.com subdomains.
As I said before, it works perfectly on my machine.
I deployed the two applications today on an Ubuntu 8.0.4 server with PHP 5.3.5-dotdeb and configured the session sharing mechanism for my production domains (.example.org).
The session cookie is shared between the two subdomains as well.
And now, the fun begins :
I log in on my magento application on foo.example.org and gets a session cookie with value "abc"
A file name sess_abc is create in magento var/session directory.
file owner is www-data:www-data and files rights are -rw-------
If I refresh the magento page, I'm still logged.
I go to my other application on bar.example.org
PHP accepts the session cookie abc but does NOT retrieve the data inside.
If I do a var_dump($_SESSION), I'll have an empty array
At the end, the file sess_abc is overwritten and the rights are the same.
If I refresh this page, my var_dump will provide some informations that symfony wrote into the session.
Do you guys have any thought on why PHP does not retrieve datas from this session file ?
I already tried to chmod go+rw the session file but the result is the same...
A big big big thanx in advance !
EDIT :
Suhosin is enabled.
phpinfo() gives this on bar.example.org
suhosin.session.checkraddr 0 0
suhosin.session.cryptdocroot On On
suhosin.session.cryptkey [ protected ] [ protected ]
suhosin.session.cryptraddr 0 0
suhosin.session.cryptua Off Off
suhosin.session.encrypt On On
suhosin.session.max_id_length 128 128
session.auto_start Off Off
session.bug_compat_42 Off Off
session.bug_compat_warn Off Off
session.cache_expire 180 180
session.cache_limiter no value nocache
session.cookie_domain .example.org no value
session.cookie_httponly Off Off
session.cookie_lifetime 3600 0
session.cookie_path / /
session.cookie_secure Off Off
session.entropy_file no value no value
session.entropy_length 0 0
session.gc_divisor 1000 1000
session.gc_maxlifetime 1440 1440
session.gc_probability 1 1
session.hash_bits_per_character 5 5
session.hash_function 0 0
session.name frontend PHPSESSID
session.referer_check no value no value
session.save_handler files files
session.save_path /www/var/session no value
session.serialize_handler php php
session.use_cookies On On
session.use_only_cookies On On
session.use_trans_sid 0 0
I don't know you you know, but magento store sessions in "private" folder path/to/magento/var/session... May be on MacOS you could overide your php.ini (trought magento) in oder to overide your session path; But on ubuntu you cannot (/may not) overide you php.ini...
Have you check this ?
The problem is sushosin and configuration "suhosin.session.cryptdocroot" and maybe "suhosin.cookie.cryptdocroot". You must turn off this values. With this values On, soshosin crypt session with DocumnetRoot value.
Set this in your sushosin config (suhosin.ini in Ubuntu):
suhosin.session.cryptdocroot = off
suhosin.cookie.cryptdocroot = off
For more details look at here
Related
I use to have my website hosted on 1and1 server for years and it was working fine (php 7.4).
Since, i decided to switch to a dedicated server w/Linux ubuntu OS for my webserver (php 8.1.2).
All is working fine after the migration but I have a weird issue:
when I get a redirection from an Ajax/php query I usualy redict (using JS) the client to a desired web page and the session is lost.
I do have the session_start(); and ensure that it do not switch from www.mywebsite.com to mywebsite.com.
I am confused as it is 100% the code that is working on the hosted server.
other clue, I see that the approval of cookies always prompt. so there is clearly a session issue that un_sync the client/server session_id.
Any config to ensure on a new apache server ?
I can see in my "/var/lib/php/sessions" folder a new session every time i trigger the redirection ...
I would appreciate any advise.
here is my SESSION config from php.ini:
Session Support enabled
Registered save handlers files user
Registered serializer handlers php_serialize php php_binary
Directive Local Value Master Value
session.auto_start Off Off
session.cache_expire 180 180
session.cache_limiter nocache nocache
session.cookie_domain no value no value
session.cookie_httponly no value no value
session.cookie_lifetime 0 0
session.cookie_path / /
session.cookie_samesite no value no value
session.cookie_secure 0 0
session.gc_divisor 1000 1000
session.gc_maxlifetime 1440 1440
session.gc_probability 0 0
session.lazy_write On On
session.name PHPSESSID PHPSESSID
session.referer_check no value no value
session.save_handler files files
session.save_path /var/lib/php/sessions /var/lib/php/sessions
session.serialize_handler php php
session.sid_bits_per_character 5 5
session.sid_length 26 26
session.upload_progress.cleanup On On
session.upload_progress.enabled On On
session.upload_progress.freq 1% 1%
session.upload_progress.min_freq 1 1
session.upload_progress.name PHP_SESSION_UPLOAD_PROGRESS PHP_SESSION_UPLOAD_PROGRESS
session.upload_progress.prefix upload_progress_ upload_progress_
session.use_cookies 1 1
session.use_only_cookies 1 1
session.use_strict_mode 0 0
session.use_trans_sid 0 0
session_start(); should be declared at the top of the script before any html output, including white spaces.
<?php
session_start();
// code
Do you also use session_name()? https://www.php.net/manual/en/function.session-name.php
Check the cookie name PHPSESSID and see if it's changing.
You could try to store the sessions in Redis for example, maybe it's a cron that is deleting the contents of your /var/lib/php/sessions?
Sometimes the default session path may not be writeable or a custom session handler might be used by the new server you're using.
In this case I usually try override the session storage path and see if the session sticks between requests.
The below code should be placed at the earliest point in the request lifecycle. (before any other code is executed)
<?php
//DEFINE THE CUSTOM SESSION STORAGE PATH
$session_save_path = '/path/to/custom/session/storage';
//MAKE THE FOLDER IF NEEDED
if(!file_exists($session_save_path)) mkdir($session_save_path, 0755, true);
//SET THE SESSION TO USE THE CUSTOM PATH
session_save_path(realpath($session_save_path));
//START THE SESSION IF POSSIBLE
if(!session_id()) session_start();
...
See the PHP documentation https://www.php.net/manual/en/function.session-save-path.php
Another possible problem is that the session cookie isnt being sent with your ajax request.
If that is the case you might want to see this answer:
Why is jQuery's .ajax() method not sending my session cookie?
Ok Guys,
I have find what was wrong, and I feel stupid but need to share the reason in case it happens to anyone.
Before, when using the 1and1 webhosting server, I was using a structure like this:
mysiteweb.com
subDomainWebApp.mysiteweb.com
if i wasnt logged on the webapp, i am redirected to the website with an iframe that opens the webapp login page.
After logging, i open the index in subdomainofwebapp.mysiteweb.com
So cookies are shared between website and subdomain.
But now I moved the subDomainWebApp.mysiteweb.com to a dedicated server with its own domain WebApp.com
so the iframe call in the initial website do not share the cookies with the new WebApp.com domain.
I had to restructure the logging to manage it directly on the new domain.
Sorry for that, but all your hints guided me to that conclusion after i put a close look to the cookie session data.
Thanks guys
What I understand is that session data is lost. If I understood correctly you can try updating your server's write permissions.
it look like;
sudo chmod 1777 -R /home/your_user_path/tmp/
I am trying to pass variables between pages using a session. The codes works when I deploy it to my server but during local development it does not. Some background information, the session broke when I moved my development over to a mac where I am using MAMP (although I was using MAMP on my windows computer as well). I've made sure my save_path is defined in the php.ini and the folder is writable. The session keeps the data for the first page, but then when I advance onto the second page the session loses all the data.
Here is my code:
First page (this works):
session_start();
// retrieve Application Name and API Key
$_SESSION['appName'] = $_POST['appName'];
$_SESSION['apiKey'] = $_POST['apiKey'];
$appName = $_SESSION['appName'];
$apiKey = $_SESSION['apiKey'];
// create app and connection
$app = establishConnection($appName, $apiKey);
Second page (this is where the data is lost):
session_start();
// set default timezone
date_default_timezone_set('America/New_York');
// include openrate sdk
require_once('src/isdk.php');
include 'src/openratesdk.php';
ini_set ('display_errors', 1);
error_reporting (E_ALL & ~E_NOTICE | E_STRICT);
// retrieve Application Name and API Key
$appName = $_SESSION['appName'];
$apiKey = $_SESSION['apiKey'];
// create app and connection
$app = establishConnection($appName, $apiKey);
I know the code is right since it's always worked until I moved my code over to a Mac so I am sure it has something to do with the php.ini file but I cannot figure out what it is. Any help would be appreciated.
Also here is my phpinfo():
Session Support enabled
Registered save handlers files user
Registered serializer handlers php_serialize php php_binary
Directive Local Value Master Value
session.auto_start Off Off
session.cache_expire 180 180
session.cache_limiter nocache nocache
session.cookie_domain no value no value
session.cookie_httponly Off Off
session.cookie_lifetime 0 0
session.cookie_path / /
session.cookie_secure Off Off
session.entropy_file no value no value
session.entropy_length 0 0
session.gc_divisor 100 100
session.gc_maxlifetime 1440 1440
session.gc_probability 1 1
session.hash_bits_per_character 4 4
session.hash_function 0 0
session.name PHPSESSID PHPSESSID
session.referer_check no value no value
session.save_handler files files
session.save_path /Applications/MAMP/tmp/php /Applications/MAMP/tmp/php
session.serialize_handler php php
session.upload_progress.cleanup On On
session.upload_progress.enabled On On
session.upload_progress.freq 1% 1%
session.upload_progress.min_freq 1 1
session.upload_progress.name PHP_SESSION_UPLOAD_PROGRESS PHP_SESSION_UPLOAD_PROGRESS
session.upload_progress.prefix upload_progress_ upload_progress_
session.use_cookies On On
session.use_only_cookies On On
session.use_strict_mode Off Off
session.use_trans_sid 0 0
[Newest Edit]: When I look at my session I have noticed it creates a whole new session for the second page load instead of accessing the one already created.
Are you sure /Applications/MAMP/tmp/php exist in your system.
session.save_path /Applications/MAMP/tmp/php /Applications/MAMP/tmp/php
Change the path which exists in your system like for windows
session.save_path "c:/tmp"
c:/tmp is just and example like me having folder tmp named inside the C drive.
the same like windows you need to check in Mac a proper directory which exist.
Am sure Session is not enabled and MAMP is different from WAMP and XAMPP. check for the permissions again. Right not in the first page also session is not working.
I found a soluation. I had to specific the session id before calling session_start(). I do not fully understand why this was necessary to work because by default the session already started should just be continued so if someone could explain why this was necessary, that'd be great.
session_id('OPENRATE');
session_start();
I need to see the cart of products, and I need to do a first load by PHP and the rest of queries (updates by deleting a product or similar) by jQuery post.
Ok, there's the problem.
[I get variables by JSON on the same php file "any.php"]
The first PHP load doesn't work , when I do the first isset($_COOKIE) on PHP (by curl) and returns NULL, but.. if I call the method .post("any.php") on jQuery PHP, it returns the cart with products.
For add the products I use PHP function
setcookie($cookieName, $createcart, $cookieExpire);
Cookie Params:
session_set_cookie_params(
time()+3600,
'/',
'.test.com',
0,
0
);
setCookie (createcart is the json value):
setcookie($cookieName, $createcart, $cookieExpire);
PHPINFO
session
Session Support enabled
Registered save handlers files user
Registered serializer handlers php php_binary wddx
Directive Local Value Master Value
session.auto_start Off Off
session.bug_compat_42 Off Off
session.bug_compat_warn Off Off
session.cache_expire 180 180
session.cache_limiter nocache nocache
session.cookie_domain .test.com.pe no value
session.cookie_httponly Off Off
session.cookie_lifetime 1379499657 0
session.cookie_path / /
session.cookie_secure Off Off
session.entropy_file no value no value
session.entropy_length 0 0
session.gc_divisor 1000 1000
session.gc_maxlifetime 1440 1440
session.gc_probability 1 1
session.hash_bits_per_character 5 5
session.hash_function 0 0
session.name PHPSESSID PHPSESSID
session.referer_check no value no value
session.save_handler files files
session.save_path /var/lib/php/session /var/lib/php/session
session.serialize_handler php php
session.use_cookies On On
session.use_only_cookies On On
session.use_trans_sid 0 0
From: http://php.net/manual/en/function.setcookie.php
Common Pitfalls:
Cookies will not become visible until the next loading of a page that
the cookie should be visible for. To test if a cookie was successfully
set, check for the cookie on a next loading page before the cookie
expires. Expire time is set via the expire parameter. A nice way to
debug the existence of cookies is by simply calling
print_r($_COOKIE);.
See also: How can I set a cookie and then redirect in PHP?
Maybe the problem is the path of the cookie. You need write it for work correcly in the whole pages.
path
The path on the server in which the cookie will be available on. If set to '/', the cookie will be available within the entire domain. If set to '/foo/', the cookie will only be available within the /foo/ directory and all sub-directories such as /foo/bar/ of domain. The default value is the current directory that the cookie is being set in.
from http://www.php.net/manual/en/function.setcookie.php
PHP newbie here, but I can't find a straight answer online. Given the bellow session section of my phpinfo, what would I need in a php.ini to enable sessions in the most basic of ways? Thanks :)
Session Support enabled
Registered save handlers files user
Registered serializer handlers php php_binary wddx
Directive Local Value Master Value
session.auto_start Off Off
session.bug_compat_42 On On
session.bug_compat_warn On On
session.cache_expire 180 180
session.cache_limiter nocache nocache
session.cookie_domain no value no value
session.cookie_httponly Off Off
session.cookie_lifetime 0 0
session.cookie_path / /
session.cookie_secure Off Off
session.entropy_file no value no value
session.entropy_length 0 0
session.gc_divisor 100 100
session.gc_maxlifetime 1440 1440
session.gc_probability 1 1
session.hash_bits_per_character 4 4
session.hash_function 0 0
session.name PHPSESSID PHPSESSID
session.referer_check no value no value
session.save_handler files files
session.save_path no value no value
session.serialize_handler php php
session.use_cookies On On
session.use_only_cookies On On
session.use_trans_sid 0 0
PHP installations do not need any special configuration to enable sessions. They are enabled by default.
You should make sure you have session_start(); as the first line in any page that you intend to use sessions; it should be the very first line, before any whitespace (an empty line, for example).
I guess you must increase your session as follow:
session.cookie_lifetime 0 0 and session.gc_maxlifetime 1440 1440
to
session.cookie_lifetime 86400 86400 and session.gc_maxlifetime 86400 86400 cumulatively.
86400 means 1 day.
This will allow your system to use "session_start()" which will have 1 day life.
Hope this helps someone.
There are a following built-in options for storing session data. The session handler is set in the php.ini under the directive named
session.save_handler
You can also give sqlite db to store your session like
session.save_handler = sqlite
session.save_path = /tmp/phpsess.db
Your current save_handler is set to store session date in files on the system. The problem is that your save_path looks like it doesn't currently have a value. You will need to add a save_path so PHP knows where to put those files.
PHP: Runtime Configuration #session.save_path
Take a look at this page where a user describes having a similar issue.
After installing and settings, rebooting solves problem. Manually starting servers did produce the result above. Definetly somethings does not load properly when starting the server manually.
I hope still helps someone.
I've used sessions before on shared hosting and they were very simple. I'm now using Amazon and have linux server with the following configuration in php. The catch is session variables don't carry on from one page to the next:
session
Session Support enabled
Registered save handlers files user memcached
Registered serializer handlers php php_binary
Directive Local Value Master Value
session.auto_start Off Off
session.bug_compat_42 Off Off
session.bug_compat_warn Off Off
session.cache_expire 180 180
session.cache_limiter nocache nocache
session.cookie_domain no value no value
session.cookie_httponly On On
session.cookie_lifetime 0 0
session.cookie_path / /
session.cookie_secure Off Off
session.entropy_file no value no value
session.entropy_length 0 0
session.gc_divisor 1000 1000
session.gc_maxlifetime 604800 604800
session.gc_probability 1 1
session.hash_bits_per_character 5 5
session.hash_function 0 0
session.name PHPSESSID PHPSESSID
session.referer_check no value no value
session.save_handler files files
session.save_path /var/lib/php/session /var/lib/php/session
session.serialize_handler php php
session.use_cookies On On
session.use_only_cookies On On
session.use_trans_sid 0 0
Sample Page: http://www.datingjapan.co/index.php
Code:
index.php
<?php
session_start();
error_reporting(E_ALL & ~E_NOTICE);
$_SESSION['domain'] = 'www.datinggirls.co';
print_r($_SESSION);
?>
<h1>This is the HTML</h1>
Visit W3Schools
page.php
<?php
session_start();
$_SESSION['page2'] = 'page-two-data';
print_r($_SESSION);
?>
<h1>This is page 2</h2>
Visit Home Page
Any advise... ?
thx
Each time I ping your domain www.datingjapan.co it gives me a different IP.
Is your shared hosting on multiple cloud instances ? Probably.
Then the PHP session files may be stored localy on the first server that displayed the page "index". When you load the second page, you are on another server...
I agree with Peter, look at the amazon FAQ or support about how your session storage is synchronized (or not).
if you are using multiple servers they will each have their own session storage. You should look at post on the amazon support forums about synchronizing the session storage between servers.
Edit:
Here's one such post on SO: How to synchronize sessions using Amazon Web Services (AWS)?