• Status: Solved
  • Priority: Medium
  • Security: Public
  • Views: 840
  • Last Modified:

PHP SESSION VARS DISAPPEARING

I have an auth script which is failing to hold on to any $_SESSION values after any link or page change.
Doing some brief debugging, by using  "print_r($_SESSION)" I could see that the session variables (username & password) were in fact in the array just after the codes that assigns them.  I also had that same print_r($_SESSION) at the begging of the file to see what it is when the page loads.


I made a link to return back to the same page using <a href="my_page">Link</a>
and when I use the Link I get a print out for "Array()" from the print_r($_SESSION)
Indicating that nothing has been set and the $_SESSION array is empty.

Any Idea's on what I should be looking for?

Im using PHP 5.2.4 with IIS7 on Vista
0
gambit_642
Asked:
gambit_642
1 Solution
 
HuyBDCommented:
Please check to ensure that session start before set or get $_SESSION array

session_start();

HuyBD
0
 
RoonaanCommented:
Hello gambit_642,

Are you using register_globals?

Regards,

Roonaan
0
 
gambit_642Author Commented:
Thanks for responses!

HuyBD:
session_start(); is line 1 of the first script in my auth engine.

Roonaan:
common mistake: register_globals enabled only affects how new var's register themselves in the local namespace, not system var's.  $_SESSION is a global system variable whether register_globals is enabled or disabled.  I humored you and enabled, and the behavior has not changed.

Thanks for the try fellas.  It is appreciated :)
0
Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
gambit_642Author Commented:
Ok, I believe Vista is the culprit.
I dumbed down the auth code for testing purposes:

[test.php]
<?php
session_start();
echo "<hr>";
echo "Before SESSION assigned<br>";
print_r($_SESSION);
echo "<hr>";

if(isset($_POST['password']) && isset($_POST['username']))
{
      $_SESSION['username'] = $_POST['username'];
      $_SESSION['password'] = $_POST['password'];
}

echo "<hr>";
echo "After SESSION assigned<br>";
print_r($_SESSION);
echo "<hr>";
?>

<form method="post">
Username:<input name="username" /><br />
Password:<input type="password" name="password" /><br />
<input type="submit" value="Login" />
</form>

<a href="test.php">Link</a>
[test.php]

Ok, on Vista w/ IIS7, the super global $_SESSION is empty after a link, however the $_SESSION array keeps its values on the XP machine tried.

So, what on Vista is goofing it?  (I am suspicious of the new AUC security model)
0
 
gambit_642Author Commented:
Got IT!!!!!

I found the explanation of this issue here:
http://blogs.iis.net/bills/archive/2006/10/18/loadUserProfile-and-IIS7-_2D00_-understanding-temporary-directory-failures.aspx

And anyone who is using Vista with PHP will have session issues, so I was surprised that no one else had this issue.

It is a security issue caused by Microsoft's poorly implemented AUC permissions.

There was a command line solution to tweak UAC.  Once I understood the problem, i decided to go this route.

In the PHP.ini, uncomment "session.save_path" and point it to a folder that isn't in the system folder (or not protected by AUC)
0
 
Vee_ModCommented:
Closed, 500 points refunded.
Vee_Mod
Community Support Moderator
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

Join & Write a Comment

Featured Post

Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

Tackle projects and never again get stuck behind a technical roadblock.
Join Now