SitePoint Sponsor

User Tag List

Results 1 to 16 of 16
  1. #1
    Confirmed Halfwit
    Join Date
    Oct 1999
    Location
    Vancouver, BC, Canada
    Posts
    983
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    Question Session variables are not being passed when calling new pages of a script...

    Hello,

    I have a script that uses "sessions" extensively.

    Occassionaly, I have a user who is not able to use the script, because for some reason the session information is not being "passed" when they click on a link. (ie: Go from one script file to the next, etc..)

    I have been trying to understand what is the problem, and the only thing I can determine what might be the problem is how the session value is being "passed".

    On most servers, I understand session info is stored as a cookie. But for some servers, this is not true, and so session info has no way to be automatically "passed" to another URL, unless you pass the SID as part of the url itself.

    Is this true?

    If so, how can I test for this? Is there some php .ini setting that I can check to see is enabled or not?

    Thanks very much for any help.

    I have two example files to illustrate the problem. (For some users, the file2.php file does not display anything, because the session variable is empty.. not passed from the first file.)

    file1.php
    PHP Code:
     <?php 
    session_start
    ();
    SESSION['something'] = "my value";
    echo 
    "<a href='file2.php'>file2.php</a>";
    ?>
    file2.php
    PHP Code:
     <?php 
    session_start
    ();
    echo 
    SESSION['something'];
    ?>
    Thanks for any help!
    - A simple online WYSIWYG editor for HTML code snippets.
    - Managed Web Hosting - $3.95/month (resellers welcome)
    - Why pay more? $8.95 domains & $9.95 SSL certificates!

  2. #2
    The Omnipresent [ArcanE]'s Avatar
    Join Date
    Mar 2005
    Location
    Belgium
    Posts
    214
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    enable use_trans_id = 1
    That should append the PHPSESSID=xxxxxxxxxxx part to your urls in case you don't want to use cookies, it is a setting in php.ini, and don't forget that php only adds it to relative urls, not to absolute urls.

    session.use_cookies is another ini setting you might want to try out.
    Webdevelopment : Skyrocket Concepts Inventis Web Architects
    Ain't got time for the future or the past.
    Live for the moment, make it last.

  3. #3
    Confirmed Halfwit
    Join Date
    Oct 1999
    Location
    Vancouver, BC, Canada
    Posts
    983
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by [ArcanE]
    enable use_trans_id = 1
    That should append the PHPSESSID=xxxxxxxxxxx part to your urls in case you don't want to use cookies, it is a setting in php.ini, and don't forget that php only adds it to relative urls, not to absolute urls.

    session.use_cookies is another ini setting you might want to try out.
    Thanks! I checked the phpinfo() output for the website that does not work, but it looks exactly the same as the phpinfo() output from a "working" website.

    Is it possible I can PM you with the information and you can test to see what might be the problem?

    I am very unfamiliar with how "sessions" work, and would be willing to pay for your time if you can determine what is the problem.

    Thanks!
    - A simple online WYSIWYG editor for HTML code snippets.
    - Managed Web Hosting - $3.95/month (resellers welcome)
    - Why pay more? $8.95 domains & $9.95 SSL certificates!

  4. #4
    The Omnipresent [ArcanE]'s Avatar
    Join Date
    Mar 2005
    Location
    Belgium
    Posts
    214
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Sure send away but i don't know how fast i'll be able to look into it. You probably have a higher chance posting the details in public without revealing sensitive data?
    Webdevelopment : Skyrocket Concepts Inventis Web Architects
    Ain't got time for the future or the past.
    Live for the moment, make it last.

  5. #5
    SitePoint Guru silver trophy Luke Redpath's Avatar
    Join Date
    Mar 2003
    Location
    London
    Posts
    794
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Your code isn't working because you should be using $_SESSION, not SESSION.

  6. #6
    SitePoint Wizard siteguru's Avatar
    Join Date
    Oct 2002
    Location
    Scotland
    Posts
    3,631
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    This is something I have come across before, although it seems to be more of an issue with classic ASP than PHP. Part of the problem relates to the user's browser settings and whether they will allow session cookies. I don't recall finding an absolute solution.

    Do you have one user having a problem with both sites, or more than one user having a problem with one site?
    Ian Anderson
    www.siteguru.co.uk

  7. #7
    SitePoint Enthusiast
    Join Date
    Oct 2005
    Posts
    36
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    There have been debates on sessions that use "PHPSESSID" in the URL and in some cases these can be faked and compromised. Not trying to start a war over this topic, but do some research on it before using them... I honestly do not know the truth behind this, just remember reading it somewhere.

    Cheers!
    -----------------------
    Matthew R. Miller
    Code and Coffee
    BlueCrestStudios, LLC.

  8. #8
    Confirmed Halfwit
    Join Date
    Oct 1999
    Location
    Vancouver, BC, Canada
    Posts
    983
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by Luke Redpath
    Your code isn't working because you should be using $_SESSION, not SESSION.
    Sorry about that. I mistyped when I was writing the post. It is $_SESSION['var'] in my test script, etc.

    - A simple online WYSIWYG editor for HTML code snippets.
    - Managed Web Hosting - $3.95/month (resellers welcome)
    - Why pay more? $8.95 domains & $9.95 SSL certificates!

  9. #9
    Confirmed Halfwit
    Join Date
    Oct 1999
    Location
    Vancouver, BC, Canada
    Posts
    983
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by siteguru
    Do you have one user having a problem with both sites, or more than one user having a problem with one site?
    OK.. for anyone who wants to try and help me figure out what php setting (lack of php setting) is "causing" this problem...

    I have attached two test files to this post. (Rename the .txt extension to .php, upload to your server, and run the "sessions-test.php" file.)

    I have uploaded these two files already to two test locations. One that works, and one that does not. I also have a phpinfo() file so you can compare php settings. Perhaps you can identify what php setting is missing from the system that does not work?

    WORKING
    http://www.snippetmaster.com/snippet...sions-test.php
    phpinfo

    NOT WORKING
    http://www.westcreek.org/snippetmast...sions-test.php
    phpinfo

    Thanks for any help.
    Attached Files Attached Files
    - A simple online WYSIWYG editor for HTML code snippets.
    - Managed Web Hosting - $3.95/month (resellers welcome)
    - Why pay more? $8.95 domains & $9.95 SSL certificates!

  10. #10
    SitePoint Wizard silver trophy
    Join Date
    Mar 2006
    Posts
    6,132
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    run this on the problem server
    PHP Code:

    <?php

    $path 
    ini_get('session.save_path');

    if (!
    is_dir($path)) {
        exit(
    "dir doesnt exist '$path'");
    }
    if (!
    is_readable($path)) {
        exit(
    "no read '$path'");
    }
    if (!
    is_writable($path)) {
        exit(
    "no write '$path'");
    }

    $dh opendir($path);
    while (
    $file readdir($dh)) {
        echo 
    $file;
    }
    ?>
    if it outputs a bunch of file names, i honestly dont know what to tell you.

  11. #11
    Confirmed Halfwit
    Join Date
    Oct 1999
    Location
    Vancouver, BC, Canada
    Posts
    983
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by clamcrusher
    run this on the problem server

    ....

    if it outputs a bunch of file names, i honestly dont know what to tell you.
    http://www.westcreek.org/snippetmast...diag/test1.php

    Here is the output from the test file.

    Let me know what you are thinking... good or bad?

    I'm really stuck...

    (BTW - I also ran this test file on the server that DOES work, and it output a whole bunch of big numbers and names, etc.. so I'm assuming you found the problem! Can you let me know "in non-technical English" what this means?)
    - A simple online WYSIWYG editor for HTML code snippets.
    - Managed Web Hosting - $3.95/month (resellers welcome)
    - Why pay more? $8.95 domains & $9.95 SSL certificates!

  12. #12
    SitePoint Wizard siteguru's Avatar
    Join Date
    Oct 2002
    Location
    Scotland
    Posts
    3,631
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    I've just followed that link and I see this (I have added line breaks for readability in this forum - the below all actually displays on 1 line) ...

    Code:
    .
    ..
    sess_00dceea4ed5baa153c5596cd81153bb4
    sess_b4bd438ebd16030acc08af660519bccc
    sess_d088de693ab1ac9eec26a0ba1a6b982a
    sess_081a309fedae8a82fddd90e6baf28ceb
    sess_558465ecad36ee92f252486d173afa72
    To me that looks like sessions files are being created (which is what clamcrusher's code is checking for). Does the working server show the same sort of info? (You imply this but haven't shown it).
    Ian Anderson
    www.siteguru.co.uk

  13. #13
    The Omnipresent [ArcanE]'s Avatar
    Join Date
    Mar 2005
    Location
    Belgium
    Posts
    214
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by mattrmiller
    There have been debates on sessions that use "PHPSESSID" in the URL and in some cases these can be faked and compromised. Not trying to start a war over this topic, but do some research on it before using them... I honestly do not know the truth behind this, just remember reading it somewhere.

    Cheers!
    Revealing the session_id to the user is always a risk. A not knowing user could easily copy a link including his session_id on the internet with the know dangers as results

    Perhaps saving session data in a database is another option? Requires some extra coding skills and research though.
    Webdevelopment : Skyrocket Concepts Inventis Web Architects
    Ain't got time for the future or the past.
    Live for the moment, make it last.

  14. #14
    Confirmed Halfwit
    Join Date
    Oct 1999
    Location
    Vancouver, BC, Canada
    Posts
    983
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)
    Actually, the owner of the server that was having a problem has fixed the issue. The code from clamcrusher was exactly what was needed to identify the problem.

    Thanks again! (problem resolved)
    - A simple online WYSIWYG editor for HTML code snippets.
    - Managed Web Hosting - $3.95/month (resellers welcome)
    - Why pay more? $8.95 domains & $9.95 SSL certificates!

  15. #15
    SitePoint Enthusiast
    Join Date
    Oct 2005
    Posts
    36
    Mentioned
    0 Post(s)
    Tagged
    0 Thread(s)

    That's what I thought...

    Quote Originally Posted by [ArcanE]
    Revealing the session_id to the user is always a risk. A not knowing user could easily copy a link including his session_id on the internet with the know dangers as results

    Perhaps saving session data in a database is another option? Requires some extra coding skills and research though.
    I thought this was the case, but I didn't want to start a war over this topic. Other scripting languages have this flaw as well. It's scary to think what practices some of the sites one visits on a single day uses. I check my cookies every now and then, and believe it or not I have seen usernames, emails, passwords for some sites... I usually write the site owner and stop using it.
    -----------------------
    Matthew R. Miller
    Code and Coffee
    BlueCrestStudios, LLC.

  16. #16
    SitePoint Wizard siteguru's Avatar
    Join Date
    Oct 2002
    Location
    Scotland
    Posts
    3,631
    Mentioned
    2 Post(s)
    Tagged
    0 Thread(s)
    Quote Originally Posted by hstraf
    Actually, the owner of the server that was having a problem has fixed the issue. The code from clamcrusher was exactly what was needed to identify the problem.

    Thanks again! (problem resolved)
    So what was the problem? (May be useful info for anyone else with similar problems who goes searching for an answer).
    Ian Anderson
    www.siteguru.co.uk


Bookmarks

Posting Permissions

  • You may not post new threads
  • You may not post replies
  • You may not post attachments
  • You may not edit your posts
  •