Solved

session_start()

Posted on 2010-11-07
15
276 Views
Last Modified: 2012-05-10
I have a content management system that starts a session, defines and prints session variables

so, using the same domain name, I tried to print the session, without using or connecting to content management system
but session variable did not print

is session done by
'login name'
'url'



would
session_start()
delete all the current session variables

0
Comment
Question by:rgb192
  • 6
  • 6
  • 3
15 Comments
 
LVL 17

Expert Comment

by:shinuq
Comment Utility
Nope session_start() will initialize an session with a unique session id. If session already exist then this code will retain the same session in the defined page. to destroy a session use session_destroy()

Hope this helps
0
 

Author Comment

by:rgb192
Comment Utility
then could there be something in the content management system code to not include other sessions using the same domain name

is that what a login does
0
 
LVL 17

Expert Comment

by:shinuq
Comment Utility
yes it almost true, The login will first validates user authenticity then if the user is an valid one, then add user details from the user tables to session.

if you wish to see wt all details the session contains try this:

print_r($_SESSION);

Anywhere in the page, also in the top of the page, u must have the session_start() defined.

Hope this helps
0
 
LVL 108

Expert Comment

by:Ray Paseur
Comment Utility
"then could there be something in the content management system code to not include other sessions using the same domain name"

You're in kind of a gray area with this question.  PHP sessions (almost invariably) involve the use of cookies.  The PHP session handler, by default, sets the cookies for the subdomain active at the time of the session_start() command.  If you have http://www.example.com and you try to use the session on http://example.com you may find that it does not work.  For the session to be started cross-subdomains, there is a little extra programming required beyond just saying session-start();

An example of a login system with explanations of how the parts work is available here:
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_2391-PHP-login-logout-and-easy-access-control.html
0
 

Author Comment

by:rgb192
Comment Utility
print_r($_SESSION);
only has output when I do it in the content management system


I am using subdomain.domain.com
so there is no www. vs non www.


the content management system uses

isset commands

like the ones in
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_2391-PHP-login-logout-and-easy-access-control.html
        if (isset($_SESSION["entry_uri"]))
        {
0
 
LVL 108

Expert Comment

by:Ray Paseur
Comment Utility
When you say it "only has output..." -- what does the output or lack of output look like?

This kind of thing is one of the reasons I try to encourage programmers to use data visualization techniques, such as var_dump() and error_reporting(E_ALL).  If you install this script and run it you will see what I mean.

isset tests to see if a variable is set.
http://us3.php.net/manual/en/function.isset.php
<?php // RAY_temp_rgb192.php

error_reporting(E_ALL);



// $_SESSION IS AN UNDEFINED VARIABLE BECAUSE WE DID NOT USE session_start();



// THIS WILL PRINT NOTHING

// print_r($_SESSION);



// PRINTS 'NULL'

var_dump($_SESSION);

Open in new window

0
 

Author Comment

by:rgb192
Comment Utility
when I
add
session_start();
and
 uncomment lines 7,10

Array ( ) array(0) { }
0
What Should I Do With This Threat Intelligence?

Are you wondering if you actually need threat intelligence? The answer is yes. We explain the basics for creating useful threat intelligence.

 
LVL 108

Expert Comment

by:Ray Paseur
Comment Utility
Good, that makes sense.  

Without seeing the code, we are guessing about this.  Maybe the CMS destroys the session array (a security precaution?)  Maybe the CMS has a specialized or non-standard session handler.  Maybe the CMS has a different session name from the regular PHP session name.

Have you looked at the cookies to see what is set on the browser?  In Firefox you can find these with Tools => Options => Privacy
0
 

Author Comment

by:rgb192
Comment Utility
yes
there is
one cookie named by me
and
another cookie created by your script
named PHPSESSID

when I delete the cookie named by me,
I am logged out
0
 
LVL 108

Expert Comment

by:Ray Paseur
Comment Utility
So maybe that cookie is used by the CMS to recognize the "session" information?  Without seeing the code we are only guessing.
0
 

Author Comment

by:rgb192
Comment Utility
and it is difficult for me to show, because I cant find it
0
 
LVL 17

Expert Comment

by:shinuq
Comment Utility
try this, using editplus do a search on the CMS folder for "session_start" (without quotes).

There may be many records, but lookout for the login page or any home page in the list of search results.

In that you can see whats the name of the session used. session_start("username") some thing i think from your comments above.

Hope this helps
0
 
LVL 108

Expert Comment

by:Ray Paseur
Comment Utility
Something like this may be helpful to you when you are trying to debug this condition.
<?php // RAY_dump_session.php

error_reporting(E_ALL);



// START THE SESSION

session_start();



// DISPLAY THE VARS

echo "<pre>";



echo "_GET ";

var_dump($_GET);

echo PHP_EOL . PHP_EOL;



echo "_POST ";

var_dump($_POST);

echo PHP_EOL . PHP_EOL;



echo "_COOKIE ";

var_dump($_COOKIE);

echo PHP_EOL . PHP_EOL;





echo "_SESSION ";

var_dump($_SESSION);

echo PHP_EOL . PHP_EOL;

Open in new window

0
 
LVL 108

Accepted Solution

by:
Ray Paseur earned 500 total points
Comment Utility
This teaches how to address the domain-related issue.

setcookie() has the option to permit or deny access from directories as well as subdomains.  The '/' in line 44 is permissive.  

We do not know what your code is doing with its setcookie() (or implicit setcookie, caused by starting the session) because until we see the code posted here at EE we are just guessing in the dark.
<?php // RAY_session_cookie_domain.php

/* *

 * QUESTION: WHEN CLIENTS VISIT MY SITE SOMETIMES THEY USE www.mysite.org

 * BUT SOMETIMES THEY USE mysite.org WITHOUT THE WWW.  HOW CAN I HANDLE

 * THE SESSION ISSUES THAT ARISE FROM THIS?

 *

 * ANSWER: ONE WAY IS TO REWRITE THE URL TO REMOVE THE SUBDOMAIN IF IT

 * IS WWW.  FOR EXAMPLE:

 *

 *     Options +FollowSymlinks

 *     RewriteEngine on

 *     RewriteCond %{http_host} ^www\.example\.org [NC]

 *     RewriteRule ^(.*)$ http://example.org/$1 [R=301,NC]

 *

 * ANOTHER WAY IS TO MODIFY THE SESSION COOKIE SO IT WORKS ACROSS ALL OF

 * YOUR SUBDOMAINS.  YOUR CHOICE WILL LARGELY DEPEND ON THE WAY YOU WANT

 * TO HANDLE OTHER SUBDOMAINS (OTHER THAN WWW).

 */



// DEMONSTRATE HOW TO START SESSIONS THAT WORK IN DIFFERENT SUBDOMAINS PHP 5.2+

error_reporting(E_ALL);





// MAKE THE SESSION COOKIE AVAILABLE TO ALL SUBDOMAINS

// MAKE A DOMAIN NAME THAT OMITS WWW OR OTHER SUBDOMAINS

// BREAK THE HOST NAME APART AT THE DOTS

$x = explode('.', strtolower($_SERVER["HTTP_HOST"]));

$y = count($x);

if ($y == 1) // POSSIBLY 'localhost'

{

    $host = $x[0];

}

else // MAYBE SOMETHING LIKE 'www2.atf70.whitehouse.gov'

{

    // USE A DOT PLUS THE LAST TWO POSITIONS TO MAKE THE HOST DOMAIN NAME

    $host = '.' . $x[$y-2] . '.' . $x[$y-1];

}



// START THE SESSION AND SET THE COOKIE FOR ALL SUBDOMAINS

$sess_name = session_name();

if (session_start())

{

    // MAN PAGE http://us.php.net/manual/en/function.setcookie.php

    setcookie($sess_name, session_id(), NULL, '/', $host, FALSE, TRUE);

}





// PROVE THAT THE COOKIE WORKS IN MULTIPLE DOMAINS

// LOAD UP SOME INFORMATION TO SHOW SESSION CONTENTS

$_SESSION["cheese"] = "Cheddar";

if (!isset($_SESSION["count"])) $_SESSION["count"] = 0;

$_SESSION["count"] ++;





// PUT UP TWO LINKS WITH DIFFERENT SUBDOMAINS

// STRIP OFF THE DOT THAT WAS NEEDED FOR SETCOOKIE

$gost = ltrim($host,'.');

$dmn_link = 'http://'    . $gost . '/RAY_dump_session.php'; // var_dump() SCRIPT

$www_link = 'http://www' . $host . '/RAY_dump_session.php';



echo "<br/><a target=\"_blank\" href=\"$www_link\">$www_link</a>" . PHP_EOL;

echo "<br/><a target=\"_blank\" href=\"$dmn_link\">$dmn_link</a>" . PHP_EOL;





// SHOW WHAT IS IN COOKIE AND IN $_SESSION

echo "<pre>";

echo "COOKIE ";

var_dump($_COOKIE);

echo PHP_EOL . PHP_EOL;

echo "SESSION ";

var_dump($_SESSION);

echo "</pre>";





?>

<form method="post">

<input type="submit" value="CLICK ME" />

</form>

Open in new window

0
 

Author Closing Comment

by:rgb192
Comment Utility
thanks
0

Featured Post

What Security Threats Are You Missing?

Enhance your security with threat intelligence from the web. Get trending threat insights on hackers, exploits, and suspicious IP addresses delivered to your inbox with our free Cyber Daily.

Join & Write a Comment

This article will explain how to display the first page of your Microsoft Word documents (e.g. .doc, .docx, etc...) as images in a web page programatically. I have scoured the web on a way to do this unsuccessfully. The goal is to produce something …
Things That Drive Us Nuts Have you noticed the use of the reCaptcha feature at EE and other web sites?  It wants you to read and retype something that looks like this.Insanity!  It's not EE's fault - that's just the way reCaptcha works.  But it is …
The viewer will learn how to count occurrences of each item in an array.
The viewer will learn how to look for a specific file type in a local or remote server directory using PHP.

728 members asked questions and received personalized solutions in the past 7 days.

Join the community of 500,000 technology professionals and ask your questions.

Join & Ask a Question

Need Help in Real-Time?

Connect with top rated Experts

9 Experts available now in Live!

Get 1:1 Help Now