session change from 4.2.3 -> 4.3.x?

Re: session change from 4.2.3 -> 4.3.x?

*** Name wrote/escribió (Tue, 30 Aug 2005 21:24:14 GMT):[color=blue]
> I have a site that has been working perfectly for a few years now, under
> PHP 4.2.3. Since later versions of PHP run so much more quickly, I wanted
> to update this site to one of those later versions. Being a very cautious
> person, I started with 4.3.11, since it was the highest version of the next
> PHP increment. When I tried this version, my session file kept getting
> rebuilt (with the same name) as though the session file found was old. The
> same thing has happened to me all the way to version 5.0.4.[/color]

A test you can do: backup php.ini and replace it with the old one from
4.2.3. If that way it works, compare settings and see what's different.



--
-- Álvaro G. Vicario - Burgos, Spain
-- http://bits.demogracia.com - Mi sitio sobre programación web
-- Don't e-mail me your questions, post them to the group
--

Re: session change from 4.2.3 -> 4.3.x?

Alvaro G Vicario <alvaro_QUITAR_ REMOVE@telecomp uter.com> wrote in
news:1rfaitvx72 bum.of3ms8pe67y z.dlg@40tude.ne t:
[color=blue]
> *** Name wrote/escribió (Tue, 30 Aug 2005 21:24:14 GMT):[color=green]
>> I have a site that has been working perfectly for a few years now,
>> under PHP 4.2.3. Since later versions of PHP run so much more
>> quickly, I wanted to update this site to one of those later versions.
>> Being a very cautious person, I started with 4.3.11, since it was
>> the highest version of the next PHP increment. When I tried this
>> version, my session file kept getting rebuilt (with the same name) as
>> though the session file found was old. The same thing has happened
>> to me all the way to version 5.0.4.[/color]
>
> A test you can do: backup php.ini and replace it with the old one from
> 4.2.3. If that way it works, compare settings and see what's
> different.
>
>
>[/color]

orry, I've tried the easy stuff (and some pretty tough stuff too). This
may be needed additional information. If I recreate PHP with all the same
configuration options, except to make it an Apache module, it works fine.
I would keep it this way, however, our security setup won't allow it on the
production system.

Now I'm no PHP expert. Was there a big (or subtle) change in how sessions
were handled between 4.2.x and future versions? I noticed there are
additional INI entries, but they seem to deal with 4.2.x compatibility and
security.

Thanks,
Vincent

Re: session change from 4.2.3 -&gt; 4.3.x?

*** Name wrote/escribió (Wed, 31 Aug 2005 13:27:01 GMT):[color=blue]
> orry, I've tried the easy stuff (and some pretty tough stuff too). This
> may be needed additional information. If I recreate PHP with all the same
> configuration options, except to make it an Apache module, it works fine.
> I would keep it this way, however, our security setup won't allow it on the
> production system.[/color]

Have you been able to reproduce the problem with a four line script? If so,
could you please paste it here?

In any case, I realize I don't really understand what your problem is.
Session file is supposed to be rebuilt when you change session data :-?


--
-- Álvaro G. Vicario - Burgos, Spain
-- http://bits.demogracia.com - Mi sitio sobre programación web
-- Don't e-mail me your questions, post them to the group
--

Re: session change from 4.2.3 -&gt; 4.3.x?

Alvaro G Vicario <alvaro_QUITAR_ REMOVE@telecomp uter.com> wrote in
news:zib5z169ie hs$.1qje7abxdig 6h$.dlg@40tude. net:
[color=blue]
> *** Name wrote/escribió (Wed, 31 Aug 2005 13:27:01 GMT):[color=green]
>> orry, I've tried the easy stuff (and some pretty tough stuff too).
>> This may be needed additional information. If I recreate PHP with
>> all the same configuration options, except to make it an Apache
>> module, it works fine. I would keep it this way, however, our
>> security setup won't allow it on the production system.[/color]
>
> Have you been able to reproduce the problem with a four line script?
> If so, could you please paste it here?
>
> In any case, I realize I don't really understand what your problem is.
> Session file is supposed to be rebuilt when you change session data
> :-?
>
>[/color]

<?
session_start() ;
session_registe r("count");
$count=$count+1 ;
echo $count;
?>
<EOF - test.php>

<BOF - php-cgi.ini (as it pertains to sessions)>

session.registe r_globals=1
session.bug_com pat_42=1
session.bug_com pat_warn=0

<EOF - php-cgi.ini end>

When I run this, count always displays as 1. I have done traces on the
server and it shows that the file is created the first time and then
getting opened with O_TRUNC each following time, rather than updated.

Thanks,
Vincent

Re: session change from 4.2.3 -&gt; 4.3.x?

*** Name wrote/escribió (Fri, 02 Sep 2005 16:07:00 GMT):[color=blue]
> <?
> session_start() ;
> session_registe r("count");
> $count=$count+1 ;[/color]

You modify $count *after* storing it in session data?
[color=blue]
> echo $count;
> ?>[/color]
[...][color=blue]
> session.registe r_globals=1[/color]
[color=blue]
> When I run this, count always displays as 1.[/color]

From manual:

"If you want your script to work regardless of register_global s, you need
to instead use the $_SESSION array as $_SESSION entries are automatically
registered. If your script uses session_registe r(), it will not work in
environments where the PHP directive register_global s is disabled."

I particularly find it very easy to write insecure scripts when
register_global s is set to 'on' so I always use $_SESSION. I don't think it
worth trying to debug a script that relies on register_global s.


--
-- Álvaro G. Vicario - Burgos, Spain
-- http://bits.demogracia.com - Mi sitio sobre programación web
-- Don't e-mail me your questions, post them to the group
--

Re: session change from 4.2.3 -&gt; 4.3.x?

Alvaro G Vicario <alvaro_QUITAR_ REMOVE@telecomp uter.com> wrote in
news:lmlwhwjxlh fc.tlwx4ywjbhn3 .dlg@40tude.net :
[color=blue]
> *** Name wrote/escribió (Fri, 02 Sep 2005 16:07:00 GMT):[color=green]
>> <?
>> session_start() ;
>> session_registe r("count");
>> $count=$count+1 ;[/color]
>
> You modify $count *after* storing it in session data?
>[color=green]
>> echo $count;
>> ?>[/color]
> [...][color=green]
>> session.registe r_globals=1[/color]
>[color=green]
>> When I run this, count always displays as 1.[/color]
>
> From manual:
>
> "If you want your script to work regardless of register_global s, you
> need to instead use the $_SESSION array as $_SESSION entries are
> automatically registered. If your script uses session_registe r(), it
> will not work in environments where the PHP directive register_global s
> is disabled."
>
> I particularly find it very easy to write insecure scripts when
> register_global s is set to 'on' so I always use $_SESSION. I don't
> think it worth trying to debug a script that relies on
> register_global s.
>
>[/color]

Sorry, but I did read this part of the manual. Maybe I'm
misunderstandin g it.
I thought, since I have register_global s set to "1," that I was okay.

In any event, using $_SESSION fixes my sample. However, my production
script
already uses $_SESSION, so I have nothing I can change (it also has
register_global s=1)
there. I can't post my production script (you wouldn't want it anyway.
It is about a
thousand lines long [don't look at me. I didn't design the
monstrosity.]).

I guess, at this point, I'm on my own again. If I figure out what is
happening and get
things running, I'll post the solution.

Thanks,
Vincent

Re: session change from 4.2.3 -&gt; 4.3.x?

Name <e-mail@company.co m> wrote in
news:Xns96C965A FD1DC3emailcomp anycom@199.45.4 9.11:
[color=blue]
> Alvaro G Vicario <alvaro_QUITAR_ REMOVE@telecomp uter.com> wrote in
> news:lmlwhwjxlh fc.tlwx4ywjbhn3 .dlg@40tude.net :
>[color=green]
>> *** Name wrote/escribió (Fri, 02 Sep 2005 16:07:00 GMT):[color=darkred]
>>> <?
>>> session_start() ;
>>> session_registe r("count");
>>> $count=$count+1 ;[/color]
>>
>> You modify $count *after* storing it in session data?
>>[color=darkred]
>>> echo $count;
>>> ?>[/color]
>> [...][color=darkred]
>>> session.registe r_globals=1[/color]
>>[color=darkred]
>>> When I run this, count always displays as 1.[/color]
>>
>> From manual:
>>
>> "If you want your script to work regardless of register_global s, you
>> need to instead use the $_SESSION array as $_SESSION entries are
>> automatically registered. If your script uses session_registe r(), it
>> will not work in environments where the PHP directive register_global s
>> is disabled."
>>
>> I particularly find it very easy to write insecure scripts when
>> register_global s is set to 'on' so I always use $_SESSION. I don't
>> think it worth trying to debug a script that relies on
>> register_global s.
>>
>>[/color]
>
> Sorry, but I did read this part of the manual. Maybe I'm
> misunderstandin g it.
> I thought, since I have register_global s set to "1," that I was okay.
>
> In any event, using $_SESSION fixes my sample. However, my production
> script
> already uses $_SESSION, so I have nothing I can change (it also has
> register_global s=1)
> there. I can't post my production script (you wouldn't want it anyway.
> It is about a
> thousand lines long [don't look at me. I didn't design the
> monstrosity.]).
>
> I guess, at this point, I'm on my own again. If I figure out what is
> happening and get
> things running, I'll post the solution.
>
> Thanks,
> Vincent
>[/color]

This paticular problem is now solved. I don't know why the
manifestation of this was the loss of session data, but the
problem was that I did not have the ORACLE_HOME enviroment
variable set.

Thanks for everyone's support,
Vincent