Re: multiple sessions

From: Goalie (m.thart_removethis__at_tnodiana.com)
Date: 01/19/05 

Date: Wed, 19 Jan 2005 11:11:07 +0100

Dear all,

I changed the things in the php.ini file, but it didn't help (restarted
httpd as well).
My browser accepts cookies, in the temp directory a file made sess_blabla
after I clicked login. But when I go into my secure.php page
isset($_SESSION['name'] is false and I am redirected to my login page. After
that my second session file is started.

The session lines in php.ini looks like:
session.save_handler = files
session.save_path = /tmp
session.use_cookies = 1
session.name = PHPSESSID
session.auto_start = 1
session.cookie_lifetime = 0
session.cookie_path = /tmp
session.cookie_domain = donald
session.serialize_handler = php
session.gc_probability = 1
session.gc_maxlifetime = 1440
session.referer_check =
session.entropy_length = 0
session.entropy_file =
session.cache_limiter = nocache
session.cache_expire = 180
session.use_trans_sid = 1

Regards,

Marcel
"Erwin Moller"
<since_humans_read_this_I_am_spammed_too_much@spamyourself.com> wrote in
message news:41ee3034$0$6219$e4fe514c@news.xs4all.nl...
> Goalie wrote:
>
>> Dear all,
>>
>> I have a script which checks whether a user is logged in and on which
>> level. If he is not logged in, he will get the login screen. My problem
>> is
>> that the script works on the server of the ISP, but not on my local
>> machine. I checked me php.ini files and also phpinfo on the ISP server.
>> But what happens is that if I try to log in on my local server the
>> session
>> is started but not read by the next file, it returns again to the login
>> screen. The files in the /tmp directory are written and contain the data,
>> but they are not read in again. Can any body help me on this. I work with
>> php 4.3.
>>
>> Regards,
>> goalie
>
> Hi,
>
> I think you better named your posting: 'Broken Session' instead of
> multiple
> session. You don't seem to get 1 running. :-)
>
> Ok, many settings can influence the behaviour.
> The BEST way to start is in my humble opinion in your browser.
> 1) Delete all cookies.
> 2) Goto you PHP page
> 3) CHeck if it sets a cookie with a PHPSESSIONID=blabla
>
> (I expect not)
>
> Now try to adjust your php.ini (and restart webserver if needed).
> FInd the [Session] part
>
> Pay special attention to:
> session.save_handler = files (in most cases)
> session.save_path = /tmp (or whereever you store the stuff)
> session.use_cookies = 1 (important)
> session.auto_start = 1 (important!)
>
> The autostart is very handy.
> You don't have to fiddle around with starting sessions and such.
>
> For security: DOn't rely on the fact that a session exists, just rely on
> the
> fact that YOU put something into a session.
> It makes things much more clear from a programmers point-of-view.
> (At least that is what I think.)
>
> eg:
> $_SESSION["userauthenticatedLevel1"] = "Y";
> $_SESSION["userauthenticatedLevel2"] = "N";
>
> is a good way to set userrights.
>
> On the pages that are secured, just check for the right value in the
> session.
>
> Hope this helps.
>
> Regards,
> Erwin Moller
>
> -----------------------------------------
>
> Here follows mine (which works)
>
> [Session]
> ; Handler used to store/retrieve data.
> session.save_handler = files
>
> ; Argument passed to save_handler. In the case of files, this is the path
> ; where data files are stored. Note: Windows users have to change this
> ; variable in order to use PHP's session functions.
> session.save_path = /tmp
>
> ; Whether to use cookies.
> session.use_cookies = 1
>
>
> ; Name of the session (used as cookie name).
> session.name = PHPSESSID
>
> ; Initialize session on request startup.
> session.auto_start = 1
>
> ; Lifetime in seconds of cookie or, if 0, until browser is restarted.
> session.cookie_lifetime = 0
>
> ; The path for which the cookie is valid.
> session.cookie_path = /
>
> ; The domain for which the cookie is valid.
> session.cookie_domain =
>
> ; Handler used to serialize data. php is the standard serializer of PHP.
> session.serialize_handler = php
>
> ; Percentual probability that the 'garbage collection' process is started
> ; on every session initialization.
> session.gc_probability = 1
>
> ; After this number of seconds, stored data will be seen as 'garbage' and
> ; cleaned up by the garbage collection process.
> session.gc_maxlifetime = 1440
>
> ; Check HTTP Referer to invalidate externally stored URLs containing ids.
> ; HTTP_REFERER has to contain this substring for the session to be
> ; considered as valid.
> session.referer_check =
>
> ; How many bytes to read from the file.
> session.entropy_length = 0
>
> ; Specified here to create the session id.
> session.entropy_file =
>
> ;session.entropy_length = 16
>
> ;session.entropy_file = /dev/urandom
>
> ; Set to {nocache,private,public} to determine HTTP caching aspects.
> session.cache_limiter = nocache
>
> ; Document expires after n minutes.
> session.cache_expire = 180
>
> ; use transient sid support if enabled by compiling
> with --enable-trans-sid.
> session.use_trans_sid = 1
>
> url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"

Relevant Pages