Posted on 2007-10-09
Last Modified: 2013-12-13
I have an auth script which is failing to hold on to any $_SESSION values after any link or page change.
Doing some brief debugging, by using  "print_r($_SESSION)" I could see that the session variables (username & password) were in fact in the array just after the codes that assigns them.  I also had that same print_r($_SESSION) at the begging of the file to see what it is when the page loads.

I made a link to return back to the same page using <a href="my_page">Link</a>
and when I use the Link I get a print out for "Array()" from the print_r($_SESSION)
Indicating that nothing has been set and the $_SESSION array is empty.

Any Idea's on what I should be looking for?

Im using PHP 5.2.4 with IIS7 on Vista
Question by:gambit_642
    LVL 17

    Expert Comment

    Please check to ensure that session start before set or get $_SESSION array


    LVL 49

    Expert Comment

    Hello gambit_642,

    Are you using register_globals?


    LVL 5

    Author Comment

    Thanks for responses!

    session_start(); is line 1 of the first script in my auth engine.

    common mistake: register_globals enabled only affects how new var's register themselves in the local namespace, not system var's.  $_SESSION is a global system variable whether register_globals is enabled or disabled.  I humored you and enabled, and the behavior has not changed.

    Thanks for the try fellas.  It is appreciated :)
    LVL 5

    Author Comment

    Ok, I believe Vista is the culprit.
    I dumbed down the auth code for testing purposes:

    echo "<hr>";
    echo "Before SESSION assigned<br>";
    echo "<hr>";

    if(isset($_POST['password']) && isset($_POST['username']))
          $_SESSION['username'] = $_POST['username'];
          $_SESSION['password'] = $_POST['password'];

    echo "<hr>";
    echo "After SESSION assigned<br>";
    echo "<hr>";

    <form method="post">
    Username:<input name="username" /><br />
    Password:<input type="password" name="password" /><br />
    <input type="submit" value="Login" />

    <a href="test.php">Link</a>

    Ok, on Vista w/ IIS7, the super global $_SESSION is empty after a link, however the $_SESSION array keeps its values on the XP machine tried.

    So, what on Vista is goofing it?  (I am suspicious of the new AUC security model)
    LVL 5

    Accepted Solution

    Got IT!!!!!

    I found the explanation of this issue here:

    And anyone who is using Vista with PHP will have session issues, so I was surprised that no one else had this issue.

    It is a security issue caused by Microsoft's poorly implemented AUC permissions.

    There was a command line solution to tweak UAC.  Once I understood the problem, i decided to go this route.

    In the PHP.ini, uncomment "session.save_path" and point it to a folder that isn't in the system folder (or not protected by AUC)
    LVL 1

    Expert Comment

    Closed, 500 points refunded.
    Community Support Moderator

    Featured Post

    What Should I Do With This Threat Intelligence?

    Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

    Join & Write a Comment

    Suggested Solutions

    A Change in PHP Behavior with Session Write Short Circuit ( (Winter 2014)** With the release of PHP 5.6 the session handler changed in a way that many think should be considered a bug.  See the note …
    A publishing tool, a Version Control System, or a Collaboration Platform! These can be some of the defining words for the two very famous web-hosting Git repositories: Bitbucket and Github. Git is widely used amongst the programmers and developers f…
    Explain concepts important to validation of email addresses with regular expressions. Applies to most languages/tools that uses regular expressions. Consider email address RFCs: Look at HTML5 form input element (with type=email) regex pattern: T…
    Use Wufoo, an online form creation tool, to make powerful forms. Learn how to selectively show certain fields based on user input using rules to gather relevant information and data from your forms. The rules feature provides you with an opportunity…

    734 members asked questions and received personalized solutions in the past 7 days.

    Join the community of 500,000 technology professionals and ask your questions.

    Join & Ask a Question

    Need Help in Real-Time?

    Connect with top rated Experts

    19 Experts available now in Live!

    Get 1:1 Help Now