Advertisement
If you have a new account but are having problems posting or verifying your account, please email us on hello@boards.ie for help. Thanks :)
Hello all! Please ensure that you are posting a new thread or question in the appropriate forum. The Feedback forum is overwhelmed with questions that are having to be moved elsewhere. If you need help to verify your account contact hello@boards.ie
Hi there,
There is an issue with role permissions that is being worked on at the moment.
If you are having trouble with access or permissions on regional forums please post here to get access: https://www.boards.ie/discussion/2058365403/you-do-not-have-permission-for-that#latest

php session problem

  • 11-12-2003 10:05pm
    #1
    Registered Users, Registered Users 2 Posts: 252 ✭✭


    hi

    ive been working with a newsletter php app - simply writing messages to mysql.
    its working sweet locally but when i up load it - no go!

    The problem is a session problem. I can log in alright but then when i try to select a link to add a newsletter or something it sends me right back to the log in !! THIS is not happening locally.

    Can any of you more experienced php'ers let me know is there any config on my host that disables my session creation or something?

    Tnx


Comments

  • Registered Users, Registered Users 2 Posts: 944 ✭✭✭nahdoic


    Ok not even nearly enough information to make an informed decision.

    What versions of php are you dealing with locally and remotely? What operating systems/web server are you using locally and remotely?

    At best guess it sounds like you might be experiencing the wonderful world of cookies.

    http://ie2.php.net/manual/en/function.session-start.php

    I use a Windows machine for development, Apache and PHP (in CGI mode). The same script that was working fine on Linux, failed to use PHPSESSID cookie.

    After many trials, I have noticed that if I send a cookie using header('Set-Cookie:'), PHPSESSID will not be sent by PHP. If I send my cookies using setcookie(), PHPSESSID cookie is sent.

    After all, this bug comes in the following situation:
    - PHP win32 CGI mode
    - other header('Set-Cookie:') commands in the initial page script

    Solution: use setcookie() or send PHPSESSID cookie yourself.


  • Registered Users, Registered Users 2 Posts: 2,808 ✭✭✭Ste.phen


    It could be similar to my problem, where internet explorer is serving cached pages, and not the new ones after you log in?

    on my own site, theres a fairly simple cookie based auth.; enter username / password, they're passed to "users_login.php", which checks the database, sets a cookie (if login was ok) and bounces you back to the referring page..
    IE doesnt reload this page though, and the cached copy with "error, you're not logged in, enter details below" is shown instead...
    Anyone know how i can force IE to re-request the page?
    (netscape / mozilla work OK)


  • Closed Accounts Posts: 1,651 ✭✭✭Enygma


    You can send HTTP headers that force the browser to get the 'latest version' of a page.

    Google: HTTP Cache headers.


  • Registered Users, Registered Users 2 Posts: 252 ✭✭ConsultClifford


    nahdoic


    Im using Apache 1.3 , and mysql 1.4 and php 4.3 on XP locally.

    the host i use uses
    PHP 4.3.* and Apache 1.3.29.


    i'll take a look into you cookie talk below BUT corect me if im wrong - should the use of sessions not remove the need for cookies??
    You may be thinking right now, well that's nice, but I can do this with Cookies! This may come to you as a suprise, but Cookies are about 30% unreliable right now and it's getting worse every day. More and more web browsers are starting to come with security and privacy settings and people browsing the net these days are starting to frown upon Cookies because they store information on their local computer that they do not want stored there. PHP has a great set of functions that can achieve the same results of Cookies and more without storing information on the user's computer. PHP Sessions store the information on the web server in a location that you chose in special files. These files are connected to the user's web browser via the server and a special ID called a "Session ID". This is nearly 99% flawless in operation and it is virtually invisible to the user.


  • Banned (with Prison Access) Posts: 16,659 ✭✭✭✭dahamsta


    Presumably we're talking about PHP's inbuilt session handler...
    Originally posted by ConsultClifford
    should the use of sessions not remove the need for cookies??
    No, the default handler for PHP sessions is cookies, it only moves to GET if cookies don't work. (It does this by setting a cookie /and/ pushing a QUERY_STRING into the page that started the session. If the cookie exists on the next request, it stops munging the HTML.) If your problem is in fact cookies, it's likely the problem is that PHP was compiled without '--enable-trans-sid' or has trans-sid turned off. Try creating a phpinfo() file and checking the Configuration Options for '--enable-trans-sid'.

    I dunno where you got that quote from, but the suggestion that "Cookies are about 30% unreliable right now" is bollocks. Yes, browsers have security settings these days and the defaults are more secure, but they nearly all still default to "accept from local server", which is all you need. And regular users don't frown on cookies. Regular users wouldn't know what a cookie was if it came up and bit them on the arse.

    adam


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 648 ✭✭✭ChicoMendez


    adam

    this is some of the Configure Command info
    [PHP]'./configure' '--prefix=/usr/local' '--enable-exif' '--enable-track-vars' '--with-calendar=shared' '--enable-magic-quotes' '--enable-trans-sid' '--enable-wddx' '--enable-ftp' '--enable-inline-[/PHP]

    --enable-trans-sid is there! ive also added a print screen of the phpinfo() session info.

    does anything jump out at you that may be causing the problem?


  • Registered Users, Registered Users 2 Posts: 648 ✭✭✭ChicoMendez


    tnx


  • Registered Users, Registered Users 2 Posts: 944 ✭✭✭nahdoic


    Did you compare the phpinfo with the local and remote system?

    It all looks good to me though, can you post the code you are using to create the session?

    [edit]Wait a second you have use_trans_sid set to 0 that would defintely be the problem. If you don't have cookies enabled you won't be able to go anywhere after the first page.[/edit]


  • Banned (with Prison Access) Posts: 16,659 ✭✭✭✭dahamsta


    What nahdoic said.


  • Registered Users, Registered Users 2 Posts: 252 ✭✭ConsultClifford


    heres my code

    remote and local settings look to be same


  • Advertisement
  • Registered Users, Registered Users 2 Posts: 944 ✭✭✭nahdoic


    session.auto_start is also set to off and in your code you have no session_start in your code.


  • Registered Users, Registered Users 2 Posts: 252 ✭✭ConsultClifford


    sorry should have stated

    i call session_start(); in the included header.php file

    do you reckon the problem is in the code as i have also installed osCommerce on that remote server that uses sessions and that is working grand!


  • Banned (with Prison Access) Posts: 16,659 ✭✭✭✭dahamsta


    osCommerce seems to use an internal session handler. Did you change the use_trans_sid setting in php.ini as nahdoic suggested?

    adam


  • Registered Users, Registered Users 2 Posts: 252 ✭✭ConsultClifford


    i would if i could find it on the remote host which i have access to via ftp.

    as its another company hosting my site have a rights to change this? for my site?

    phpinfo() says php.ini is in /usr/local/lib/php.ini but i cant find it on the host.


  • Registered Users, Registered Users 2 Posts: 944 ✭✭✭nahdoic


    well you may want to get in touch with the other company hosting your website and ask them to change it.


  • Registered Users, Registered Users 2 Posts: 1,862 ✭✭✭flamegrill


    Sean may i suggest the following:

    session_cache_limiter('private');
    session_cache_expire(30);
    session_start();

    $sid = session_name() . "=" . session_id();

    and pass the $sid to each page as you move around the system.

    The use session.use_trans_sid = 1 is not recomended and can lead to bad things where sessions are concerned.

    Regards,

    Paul


  • Banned (with Prison Access) Posts: 16,659 ✭✭✭✭dahamsta


    The use_trans_id config var can't be set on the fly using ini_set() but it does have PHP_INI_PERDIR permissions, which means you can set it in .htaccess if your host allows it. Try creating a file called .htaccess in the root directory of your application with this in it:

    php_flag use_trans_sid on

    Now load a phpinfo() file in that directory and see if the local config has changed. You'll find the documentation for configuration settings, and how and what you can change here.

    Flamegrill, what bad things?

    adam


  • Registered Users, Registered Users 2 Posts: 1,862 ✭✭✭flamegrill


    Without looking farther than the php.ini, it says a few things about it.
    ; trans sid support is disabled by default.
    ; Use of trans sid may risk your users security.
    ; Use this option with caution.
    ; - User may send URL contains active session ID
    ; to other person via. email/irc/etc.
    ; - URL that contains active session ID may be stored
    ; in publically accessible computer.
    ; - User may access your site with the same session ID
    ; always using URL stored in browser's history or bookmarks.

    I personally don't think it's needed, just pass the session name to each url and bobs yer uncle :)

    Paul


Advertisement