Re: Session overwritten - but why

On 30 Nov., 18:27, "Rik Wasmus" <luiheidsgoe...@xxxxxxxxxxx> wrote:
On Fri, 30 Nov 2007 16:57:18 +0100, <j.wendelm...@xxxxxxxxxxx> wrote:

[snip]

$sess_id = md5(microtime());

Why do you want to do that???? microtime() is highly, highly unsuited for
a busy server. At least use something like uniqid(). You basically are
asking for problems creating session-ids like this. Is there any
particular reason you want to set the session-id? Why not let PHP handle
it (and it's uniqueness at that time). If you just want to know a
session-id after it's being set just call session_id() with no arguments.

OK, you're right. I'll change this.

session_name('SESSID');
session_id($sess_id);
session_start();

$_SESSION['blah'] = 'blah';
$_SESSION['fasel'] = 'fasel';
$_SESSION['blubb'] = 'blubb';

session_write_close();

and returns the session id and a URL to A.

OK, and where is the sharded storage of session data? Are both servers set
up to look at the same storage?

The A server is not looking at this storage. Server A just works as an
entry point to B. A does not need to know anything about storage of
B's sessions.

A takes the URL and the session id and performs a redirect via

header('Location: ' . $url . '?SESSID=' . $sess_id). The URL
points to a script located on B's side.

Using a GET is somewhat hazardous. What domains do your servers have? You
might be better of setting a cookie for a wildcard domain (setcookie() ->
<http://nl2.php.net/manual/en/function.setcookie.php>, i.e. set the domain
to '.example.com' rather then 'server1.example.com' or
'server2.example.com'.

Ok, does it mean A (server) can sent a cookie to B (server). I'll try
it.

When the script on B is called, it checks if a session id is given
within the URL ($_GET) and tries to start the session.

$sess_id = $_GET['SESSID'];
session_name('SESSID');
session_id($sess_id);
session_start();

As i mentioned above it works fine on the PHP v5.2.0 machine but not
on v5.2.4. After session_start() the existing session will be
overwritten with an empty one, having the same session id. I've
additionally confirmed this behaviour in the sessions directory.

Where is this sessions directory, and how have you configured the servers
to look into one and the same directory (which can be on only 1 server,
either A or B, or an unmentioned C) for the storage?

As stated above, only server B has to handle the session data.

[snip]

Thanks for your hints. I'll state the result ASAP.

Best regards,
der Jens
.

Relevant Pages

  • Re: Session overwritten - but why
    ... and where is the sharded storage of session data? ... The A server is not looking at this storage. ...
    (comp.lang.php)
  • Re: POST or SESSION ?
    ... > It's entirely dependant on the sort of data transferred between the client ... >> session variables cannot. ... > maintenance and storage is the responsibility of the server. ...
    (comp.lang.php)
  • Re: Help - Secure page by remembering user?
    ... > Secure Page with a script that checks to see if a session or cookie is ... Session timeouts can be controlled either directly from the server, ... Which is better Sessions or cookies? ...
    (microsoft.public.inetserver.asp.general)
  • Re: RWW Timing
    ... I understand that you want to monitor when and how ... > to an internal Windows XP or Terminal Server computer. ... SBS creates a connection to the internal client on port 3389 which is ... But it can not tell which one session from the RWW, ...
    (microsoft.public.windows.server.sbs)
  • Re: Restricting TS USers
    ... MCSE, CCEA, Microsoft MVP - Terminal Server ... Terminal Services and Microsoft Windows Server 2003 Service Pack ... the remote session does not end immediately. ...
    (microsoft.public.windows.terminal_services)