GraffitiDan
asked on
Cookies / Sessions Not Working
I recently migrated to a new computer here at work, and I've noticed that some of my projects aren't working any more. I am using the same version of PHP (4.3.1) as well as a copy of my old php.ini. I did upgrade my apache version from 1.3.27 to 1.3.29.
This is what I do: I have a login script which sets a session variable whether you are logged in or not as well as some personal info like name and such. I have a header file that has session_start() as the first line, and this is included on every page. The login page gets submitted to itself where it then queries the database and if the info matches, then it header's them to a new page, if not then it shows the errors and the form again.
Here is my problem: When it header's to the new page it doesn't transfer the session information and thus it thinks im not logged in. What happens is it just creates a new session file on the server. On my old machine this exact same script worked fine. Also I noticed that it is appending the sessionID to all of the links, which I thought didn't happen unless you werent using cookies (it did not do this on my old machine), which I am and want to do.
Here is my current settings although I've tried a whole bunch of settings configurings:
session.save_handler = files
session.save_path = c:\php\sessions
session.use_cookies = 1
session.use_only_cookies = 1
session.name = PHPSESSID
session.auto_start = 0
session.cookie_lifetime = 0
session.cookie_path = ./
session.serialize_handler = php
session.use_trans_sid = 1
Anyone have any ideas? Thanks!
This is what I do: I have a login script which sets a session variable whether you are logged in or not as well as some personal info like name and such. I have a header file that has session_start() as the first line, and this is included on every page. The login page gets submitted to itself where it then queries the database and if the info matches, then it header's them to a new page, if not then it shows the errors and the form again.
Here is my problem: When it header's to the new page it doesn't transfer the session information and thus it thinks im not logged in. What happens is it just creates a new session file on the server. On my old machine this exact same script worked fine. Also I noticed that it is appending the sessionID to all of the links, which I thought didn't happen unless you werent using cookies (it did not do this on my old machine), which I am and want to do.
Here is my current settings although I've tried a whole bunch of settings configurings:
session.save_handler = files
session.save_path = c:\php\sessions
session.use_cookies = 1
session.use_only_cookies = 1
session.name = PHPSESSID
session.auto_start = 0
session.cookie_lifetime = 0
session.cookie_path = ./
session.serialize_handler = php
session.use_trans_sid = 1
Anyone have any ideas? Thanks!
ASKER
No I do not include the sessionID. I dont want to be passing around the sessionID at all, I want to be using cookies. Which even though I am saying force cookies, it doesn't seem to be doing this.
And yes, the directory exists and that seems to be working. It's actually kinda funny to watch it create the new session files when it should be using the same one.
And yes, the directory exists and that seems to be working. It's actually kinda funny to watch it create the new session files when it should be using the same one.
ahh, sorry about that. and excuse the obvious question here, but do you have cookies enabled on your browser?
is there a web site url we could check out ourselfs?
what about apache, did you restart it?
-Chris
is there a web site url we could check out ourselfs?
what about apache, did you restart it?
-Chris
ASKER
Hehe, yes cookies are enabled. I actually set it to ask me if it could set cookies and it asks me 2 or 3 times during login.
I have been making sure to restart apache every time I change the php.ini.
I have also tried logging in from other machines with no luck. I unfortunatly can't post the site since it's internal.
I have been making sure to restart apache every time I change the php.ini.
I have also tried logging in from other machines with no luck. I unfortunatly can't post the site since it's internal.
alright...
here's the biggie:
do you have a php.ini file in your c:\php and one in your c:\winnt (or c:\windows) directory?
if you do.. delete the php.ini that is not being used, then restart apache.
-Chris
here's the biggie:
do you have a php.ini file in your c:\php and one in your c:\winnt (or c:\windows) directory?
if you do.. delete the php.ini that is not being used, then restart apache.
-Chris
ASKER
Nope, I checked around and I only have the php.ini in C:\WINDOWS. I also verified that it was using that php.ini by changing the name of the session variable, which worked.
ok, try setting your cookie lifetime to something like 1800 instead of 0.
also, you could try setting url_rewrite_tags to ""
that's so weird that you still get the PHPSESSID in the html... have you tried clearing your browser history, cache and cookies? can you see if there is a cookie in there for your website?
-Chris
also, you could try setting url_rewrite_tags to ""
that's so weird that you still get the PHPSESSID in the html... have you tried clearing your browser history, cache and cookies? can you see if there is a cookie in there for your website?
-Chris
ASKER
Interesting.
I cleared out my temporary internet files and watched it while I visited the site. It really does write a cookie that stores the PHPSESSID, but it just overwrites it when I login.
Changing the rewrite tags successfully stopped the writing of the sessionID in the links, but it is still failing to use the cookie that it sets.
Changing the lifetime didn't seem to change anything either. This is getting quite annoying. )c:
I cleared out my temporary internet files and watched it while I visited the site. It really does write a cookie that stores the PHPSESSID, but it just overwrites it when I login.
Changing the rewrite tags successfully stopped the writing of the sessionID in the links, but it is still failing to use the cookie that it sets.
Changing the lifetime didn't seem to change anything either. This is getting quite annoying. )c:
ok.. and you are starting the sessions on each page, right?
because i notice you don't have session.auto_start set to 1
-Chris
because i notice you don't have session.auto_start set to 1
-Chris
ASKER
Yeah, I include a header file on each page, which calls session_start() on it's first line.
But I just tried changing it to 1, and that also didn't seem to help.
But I just tried changing it to 1, and that also didn't seem to help.
you say a new cookie gets written each time you hit the page...
does that new cookie contain a new sessionid?
does that new cookie contain a new sessionid?
ASKER
Yeah. It actually is overwriting the old cookie with the new PHPSESSID. Here is what it wrote last time:
PHPSESSID
192531c838bd3e8bf9f67eb84f
localhost./
1024
799257344
29613786
4278813824
29613781
*
PHPSESSID
192531c838bd3e8bf9f67eb84f
localhost./
1024
799257344
29613786
4278813824
29613781
*
the only reason it would be creating a new session id is if it can't pass the current sessionid between pages.
you don't have a session_destroy() anywhere do you?
-Chris
you don't have a session_destroy() anywhere do you?
-Chris
ASKER
Nope I am not calling or deleting that function. I've also used ActiveState's Komodo's debugging tools to step through the code, and nothing seems out of the ordinary.
I got a copy of our server's php.ini and I'm going to compare them, because this same code does work on there. But then again I'm using my old php.ini and it worked on my old machine. So may this will help, we'll see.
I got a copy of our server's php.ini and I'm going to compare them, because this same code does work on there. But then again I'm using my old php.ini and it worked on my old machine. So may this will help, we'll see.
yeah, that's a good idea...
i would almost just use your server's php.ini if that works out for you.
-Chris
i would almost just use your server's php.ini if that works out for you.
-Chris
ASKER
Sorry, "calling that function or deleting the $_SESSION variable"
did the server's php.ini file work out for you on your machine?
ASKER
Unfortunatly all of the session stuff was exactly the same. Well, correction ... There was no option for use only cookies, so I tried to comment that out again and it still doesn't work.
It's still putting the PHPSESSID in the links...its still not using the cookie...still creating new sessions on header()'s ... I don't know what is php's deal here!
It's still putting the PHPSESSID in the links...its still not using the cookie...still creating new sessions on header()'s ... I don't know what is php's deal here!
ASKER CERTIFIED SOLUTION
membership
This solution is only available to members.
To access this solution, you must be a member of Experts Exchange.
ASKER
MOTHER ****ER! I am swearing up and down all over the place. ... I fixed the bug
Are you ready?
Remember: session.cookie_path = ./ ?
I changed that to: session.cookie_path = / and it ****in' worked.
UGH!
Thanks a lot for the help though. I'll go ahead and give you the points for helping me weed out the possibilies.
Are you ready?
Remember: session.cookie_path = ./ ?
I changed that to: session.cookie_path = / and it ****in' worked.
UGH!
Thanks a lot for the help though. I'll go ahead and give you the points for helping me weed out the possibilies.
ASKER
By the way, I found this info on a google search that turned up some random bug report page on php.net
"""
[13 Jan 3:34pm EST] mgandalf at seznam dot cz
Hi, I just look at your source and php.ini and it was clear
to me. Problem is here: "session.cookie_path = c:\temp".
It is not path to file but path on web server where is
cookie valid. So change it to "session.cookie_path = /"
and it will work. When it is for example "/dir_name",
cookie is valid just for http://server/dir_name/, but not
for http://server/dir_name2/ and in this 2nd case will not be sent.
Gandalf
"""
http://bugs.php.net/bug.php?id=14636
"""
[13 Jan 3:34pm EST] mgandalf at seznam dot cz
Hi, I just look at your source and php.ini and it was clear
to me. Problem is here: "session.cookie_path = c:\temp".
It is not path to file but path on web server where is
cookie valid. So change it to "session.cookie_path = /"
and it will work. When it is for example "/dir_name",
cookie is valid just for http://server/dir_name/, but not
for http://server/dir_name2/ and in this 2nd case will not be sent.
Gandalf
"""
http://bugs.php.net/bug.php?id=14636
Ahh! typos are fun, no?
Sorry i couldn't have been more helpful.
-Chris
Sorry i couldn't have been more helpful.
-Chris
i.e., header("Location: blah.html?PHPSESSID=".sess
also, does the c:\php\sessions directory exist, and are files being written to it?
-Chris