[Webinar] Learn how to a build a cloud-first strategyRegister Now

x
?
Solved

PHP SESSION VARS DISAPPEARING

Posted on 2007-10-09
7
Medium Priority
?
833 Views
Last Modified: 2013-12-13
I have an auth script which is failing to hold on to any $_SESSION values after any link or page change.
Doing some brief debugging, by using  "print_r($_SESSION)" I could see that the session variables (username & password) were in fact in the array just after the codes that assigns them.  I also had that same print_r($_SESSION) at the begging of the file to see what it is when the page loads.


I made a link to return back to the same page using <a href="my_page">Link</a>
and when I use the Link I get a print out for "Array()" from the print_r($_SESSION)
Indicating that nothing has been set and the $_SESSION array is empty.

Any Idea's on what I should be looking for?

Im using PHP 5.2.4 with IIS7 on Vista
0
Comment
Question by:gambit_642
6 Comments
 
LVL 17

Expert Comment

by:HuyBD
ID: 20046594
Please check to ensure that session start before set or get $_SESSION array

session_start();

HuyBD
0
 
LVL 49

Expert Comment

by:Roonaan
ID: 20046744
Hello gambit_642,

Are you using register_globals?

Regards,

Roonaan
0
 
LVL 5

Author Comment

by:gambit_642
ID: 20053537
Thanks for responses!

HuyBD:
session_start(); is line 1 of the first script in my auth engine.

Roonaan:
common mistake: register_globals enabled only affects how new var's register themselves in the local namespace, not system var's.  $_SESSION is a global system variable whether register_globals is enabled or disabled.  I humored you and enabled, and the behavior has not changed.

Thanks for the try fellas.  It is appreciated :)
0
What does it mean to be "Always On"?

Is your cloud always on? With an Always On cloud you won't have to worry about downtime for maintenance or software application code updates, ensuring that your bottom line isn't affected.

 
LVL 5

Author Comment

by:gambit_642
ID: 20061353
Ok, I believe Vista is the culprit.
I dumbed down the auth code for testing purposes:

[test.php]
<?php
session_start();
echo "<hr>";
echo "Before SESSION assigned<br>";
print_r($_SESSION);
echo "<hr>";

if(isset($_POST['password']) && isset($_POST['username']))
{
      $_SESSION['username'] = $_POST['username'];
      $_SESSION['password'] = $_POST['password'];
}

echo "<hr>";
echo "After SESSION assigned<br>";
print_r($_SESSION);
echo "<hr>";
?>

<form method="post">
Username:<input name="username" /><br />
Password:<input type="password" name="password" /><br />
<input type="submit" value="Login" />
</form>

<a href="test.php">Link</a>
[test.php]

Ok, on Vista w/ IIS7, the super global $_SESSION is empty after a link, however the $_SESSION array keeps its values on the XP machine tried.

So, what on Vista is goofing it?  (I am suspicious of the new AUC security model)
0
 
LVL 5

Accepted Solution

by:
gambit_642 earned 0 total points
ID: 20062540
Got IT!!!!!

I found the explanation of this issue here:
http://blogs.iis.net/bills/archive/2006/10/18/loadUserProfile-and-IIS7-_2D00_-understanding-temporary-directory-failures.aspx

And anyone who is using Vista with PHP will have session issues, so I was surprised that no one else had this issue.

It is a security issue caused by Microsoft's poorly implemented AUC permissions.

There was a command line solution to tweak UAC.  Once I understood the problem, i decided to go this route.

In the PHP.ini, uncomment "session.save_path" and point it to a folder that isn't in the system folder (or not protected by AUC)
0
 
LVL 1

Expert Comment

by:Vee_Mod
ID: 20741830
Closed, 500 points refunded.
Vee_Mod
Community Support Moderator
0

Featured Post

Free Tool: Site Down Detector

Helpful to verify reports of your own downtime, or to double check a downed website you are trying to access.

One of a set of tools we are providing to everyone as a way of saying thank you for being a part of the community.

Question has a verified solution.

If you are experiencing a similar issue, please ask a related question

Since pre-biblical times, humans have sought ways to keep secrets, and share the secrets selectively.  This article explores the ways PHP can be used to hide and encrypt information.
It’s a season to be thankful, and we’re thankful for users like you who engage on site, solve technology problems, and network with others in the industry. What tech are we most thankful for? Keep reading.
This tutorial will teach you the core code needed to finalize the addition of a watermark to your image. The viewer will use a small PHP class to learn and create a watermark.
Use Wufoo, an online form creation tool, to make powerful forms. Learn how to choose which pages of your form are visible to your users based on their inputs. The page rules feature provides you with an opportunity to create if:then statements for y…
Suggested Courses
Course of the Month20 days, 10 hours left to enroll

867 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question