session_start()

I have a content management system that starts a session, defines and prints session variables

so, using the same domain name, I tried to print the session, without using or connecting to content management system
but session variable did not print

is session done by
'login name'
'url'



would
session_start()
delete all the current session variables

LVL 1
rgb192Asked:
Who is Participating?
 
Ray PaseurCommented:
This teaches how to address the domain-related issue.

setcookie() has the option to permit or deny access from directories as well as subdomains.  The '/' in line 44 is permissive.  

We do not know what your code is doing with its setcookie() (or implicit setcookie, caused by starting the session) because until we see the code posted here at EE we are just guessing in the dark.
<?php // RAY_session_cookie_domain.php
/* *
 * QUESTION: WHEN CLIENTS VISIT MY SITE SOMETIMES THEY USE www.mysite.org
 * BUT SOMETIMES THEY USE mysite.org WITHOUT THE WWW.  HOW CAN I HANDLE
 * THE SESSION ISSUES THAT ARISE FROM THIS?
 *
 * ANSWER: ONE WAY IS TO REWRITE THE URL TO REMOVE THE SUBDOMAIN IF IT
 * IS WWW.  FOR EXAMPLE:
 *
 *     Options +FollowSymlinks
 *     RewriteEngine on
 *     RewriteCond %{http_host} ^www\.example\.org [NC]
 *     RewriteRule ^(.*)$ http://example.org/$1 [R=301,NC]
 *
 * ANOTHER WAY IS TO MODIFY THE SESSION COOKIE SO IT WORKS ACROSS ALL OF
 * YOUR SUBDOMAINS.  YOUR CHOICE WILL LARGELY DEPEND ON THE WAY YOU WANT
 * TO HANDLE OTHER SUBDOMAINS (OTHER THAN WWW).
 */

// DEMONSTRATE HOW TO START SESSIONS THAT WORK IN DIFFERENT SUBDOMAINS PHP 5.2+
error_reporting(E_ALL);


// MAKE THE SESSION COOKIE AVAILABLE TO ALL SUBDOMAINS
// MAKE A DOMAIN NAME THAT OMITS WWW OR OTHER SUBDOMAINS
// BREAK THE HOST NAME APART AT THE DOTS
$x = explode('.', strtolower($_SERVER["HTTP_HOST"]));
$y = count($x);
if ($y == 1) // POSSIBLY 'localhost'
{
    $host = $x[0];
}
else // MAYBE SOMETHING LIKE 'www2.atf70.whitehouse.gov'
{
    // USE A DOT PLUS THE LAST TWO POSITIONS TO MAKE THE HOST DOMAIN NAME
    $host = '.' . $x[$y-2] . '.' . $x[$y-1];
}

// START THE SESSION AND SET THE COOKIE FOR ALL SUBDOMAINS
$sess_name = session_name();
if (session_start())
{
    // MAN PAGE http://us.php.net/manual/en/function.setcookie.php
    setcookie($sess_name, session_id(), NULL, '/', $host, FALSE, TRUE);
}


// PROVE THAT THE COOKIE WORKS IN MULTIPLE DOMAINS
// LOAD UP SOME INFORMATION TO SHOW SESSION CONTENTS
$_SESSION["cheese"] = "Cheddar";
if (!isset($_SESSION["count"])) $_SESSION["count"] = 0;
$_SESSION["count"] ++;


// PUT UP TWO LINKS WITH DIFFERENT SUBDOMAINS
// STRIP OFF THE DOT THAT WAS NEEDED FOR SETCOOKIE
$gost = ltrim($host,'.');
$dmn_link = 'http://'    . $gost . '/RAY_dump_session.php'; // var_dump() SCRIPT
$www_link = 'http://www' . $host . '/RAY_dump_session.php';

echo "<br/><a target=\"_blank\" href=\"$www_link\">$www_link</a>" . PHP_EOL;
echo "<br/><a target=\"_blank\" href=\"$dmn_link\">$dmn_link</a>" . PHP_EOL;


// SHOW WHAT IS IN COOKIE AND IN $_SESSION
echo "<pre>";
echo "COOKIE ";
var_dump($_COOKIE);
echo PHP_EOL . PHP_EOL;
echo "SESSION ";
var_dump($_SESSION);
echo "</pre>";


?>
<form method="post">
<input type="submit" value="CLICK ME" />
</form>

Open in new window

0
 
Shinesh PremrajanEngineering ManagerCommented:
Nope session_start() will initialize an session with a unique session id. If session already exist then this code will retain the same session in the defined page. to destroy a session use session_destroy()

Hope this helps
0
 
rgb192Author Commented:
then could there be something in the content management system code to not include other sessions using the same domain name

is that what a login does
0
Free Tool: Path Explorer

An intuitive utility to help find the CSS path to UI elements on a webpage. These paths are used frequently in a variety of front-end development and QA automation tasks.

One of a set of tools we're offering as a way of saying thank you for being a part of the community.

 
Shinesh PremrajanEngineering ManagerCommented:
yes it almost true, The login will first validates user authenticity then if the user is an valid one, then add user details from the user tables to session.

if you wish to see wt all details the session contains try this:

print_r($_SESSION);

Anywhere in the page, also in the top of the page, u must have the session_start() defined.

Hope this helps
0
 
Ray PaseurCommented:
"then could there be something in the content management system code to not include other sessions using the same domain name"

You're in kind of a gray area with this question.  PHP sessions (almost invariably) involve the use of cookies.  The PHP session handler, by default, sets the cookies for the subdomain active at the time of the session_start() command.  If you have http://www.example.com and you try to use the session on http://example.com you may find that it does not work.  For the session to be started cross-subdomains, there is a little extra programming required beyond just saying session-start();

An example of a login system with explanations of how the parts work is available here:
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_2391-PHP-login-logout-and-easy-access-control.html
0
 
rgb192Author Commented:
print_r($_SESSION);
only has output when I do it in the content management system


I am using subdomain.domain.com
so there is no www. vs non www.


the content management system uses

isset commands

like the ones in
http://www.experts-exchange.com/Web_Development/Web_Languages-Standards/PHP/A_2391-PHP-login-logout-and-easy-access-control.html
        if (isset($_SESSION["entry_uri"]))
        {
0
 
Ray PaseurCommented:
When you say it "only has output..." -- what does the output or lack of output look like?

This kind of thing is one of the reasons I try to encourage programmers to use data visualization techniques, such as var_dump() and error_reporting(E_ALL).  If you install this script and run it you will see what I mean.

isset tests to see if a variable is set.
http://us3.php.net/manual/en/function.isset.php
<?php // RAY_temp_rgb192.php
error_reporting(E_ALL);

// $_SESSION IS AN UNDEFINED VARIABLE BECAUSE WE DID NOT USE session_start();

// THIS WILL PRINT NOTHING
// print_r($_SESSION);

// PRINTS 'NULL'
var_dump($_SESSION);

Open in new window

0
 
rgb192Author Commented:
when I
add
session_start();
and
 uncomment lines 7,10

Array ( ) array(0) { }
0
 
Ray PaseurCommented:
Good, that makes sense.  

Without seeing the code, we are guessing about this.  Maybe the CMS destroys the session array (a security precaution?)  Maybe the CMS has a specialized or non-standard session handler.  Maybe the CMS has a different session name from the regular PHP session name.

Have you looked at the cookies to see what is set on the browser?  In Firefox you can find these with Tools => Options => Privacy
0
 
rgb192Author Commented:
yes
there is
one cookie named by me
and
another cookie created by your script
named PHPSESSID

when I delete the cookie named by me,
I am logged out
0
 
Ray PaseurCommented:
So maybe that cookie is used by the CMS to recognize the "session" information?  Without seeing the code we are only guessing.
0
 
rgb192Author Commented:
and it is difficult for me to show, because I cant find it
0
 
Shinesh PremrajanEngineering ManagerCommented:
try this, using editplus do a search on the CMS folder for "session_start" (without quotes).

There may be many records, but lookout for the login page or any home page in the list of search results.

In that you can see whats the name of the session used. session_start("username") some thing i think from your comments above.

Hope this helps
0
 
Ray PaseurCommented:
Something like this may be helpful to you when you are trying to debug this condition.
<?php // RAY_dump_session.php
error_reporting(E_ALL);

// START THE SESSION
session_start();

// DISPLAY THE VARS
echo "<pre>";

echo "_GET ";
var_dump($_GET);
echo PHP_EOL . PHP_EOL;

echo "_POST ";
var_dump($_POST);
echo PHP_EOL . PHP_EOL;

echo "_COOKIE ";
var_dump($_COOKIE);
echo PHP_EOL . PHP_EOL;


echo "_SESSION ";
var_dump($_SESSION);
echo PHP_EOL . PHP_EOL;

Open in new window

0
 
rgb192Author Commented:
thanks
0
Question has a verified solution.

Are you are experiencing a similar issue? Get a personalized answer when you ask a related question.

Have a better answer? Share it in a comment.

All Courses

From novice to tech pro — start learning today.