Re: $_SESSION problem - page reload creates new Session ID
From: Pedro Graca (hexkid_at_dodgeit.com)
Date: 11 Dec 2004 02:17:04 GMT
> Yes, everything works on individual pages.
Ok. So it is not a problem with the server.
> So I can set session variables
> and later make references to them or print them out on the screen.
When you say later, do you mean later in the same script (like setting
$_SESSION['something'] = 42 in line 17 and echoing that in line 163)
or later in another request for possibly another URL?
> What is not working is accessing session vars that have been already
> set on a page just viewed because there is a new session created
> when the page is loaded.
> What is also strange is that every time I try to refresh any page on my app,
> a new session is created and don't understand why !? And that is the reason
> I can not pinpoint the problem.
As fas as the server is concerned all requests are independant.
Between two requests of your browser, there could have been a hundred
requests from other browsers. PHP needs a way to identify that this
101st request is the one to associate with the first and recreate the
session variables. It does that because on the first session_start() it
sent the browser a cookie with the session id and the browser sends the
cookie back to the server. PHP then checks in session.save_path for a
file corresponding to that cookie and recreates the session variables.
Something like this happens:
CLIENT => Hey! Gimme "index.php"
SERVER <= I'm going to keep a few values for you saved on my disk.
In order for me to fetch them later I ask you to send
me back the "PHPSESSID=0123456789abcdef" cookie.
ANOTHER CLIENT => same thing here
SERVER (TO ANOTHER CLIENT) <= almost the same thing (different
100 more requests
CLIENT (you again) => Hey! Gimme "list.php"
You stored data for me on your disk. The key
to that data is "PHPSESSID=0123456789abcdef"
SERVER <= Ok, keep sending me the key to the data and all is well
if the browser didn't send the cookie, PHP thinks it is a request
that is independant of the first and will create a brand new session
id for it (with the corresponding file in the session.save_path
Another way for the browser to tell the server what session to use,
instead of using cookies, is to pass the session id in the URL or in a
(hidden) form field
So, I guess your browser is not sending the session id back to the
server for that specific page you're having problems with.
-- Mail to my "From:" address is readable by all at http://www.dodgeit.com/ == ** ## !! ------------------------------------------------ !! ## ** == TEXT-ONLY mail to the whole "Reply-To:" address ("My Name" <my@address>) may bypass my spam filter. If it does, I may reply from another address!