Session problems

Re: Session problems

Daniel Bengs <a-very@non-existing-e-mail-adress.com> schrieb:
[color=blue]
> I've got a problem where a normal string variable loses its value after
> session_start() is called. The funny thing is, that this only happens
> for some people, and they are using IE6, but it does not happen with all
> versions of IE6. I've tested myself only with Mozilla and IE5, but the
> problem does not occur for me.[/color]

Very strange. PHP is running on the server, not on the browser.
[color=blue]
> I've got a username stored in $user, which is obtained from the $_POST
> variable, but after session_start() is called $user is empty, but the
> username still is in $_POST['username'].[/color]

This is one of the problems if register_global s is activated. Could you
check this?
[color=blue]
> Then another problem I have is being logged out from a session after a
> certain length of inactivity it would seem. I've only noticed this on
> a server which is running PHP 4.3.3/Apache 1.3.28/linux. It's about
> after half an hour of inactivity that I get logged out. I've checked
> the cookie and it is set to expire on session/browser exit. I haven't
> noticed this behavior on my own server also running PHP 4.3.3. I also
> checked the PHP session configuration and it's the same on both servers.[/color]

Sure? What's the value of session.gc_maxl ifetime and
session.gc_prob ability = 1 in the php.ini?

Regards,
Matthias

Re: Session problems

Matthias Esken wrote:[color=blue]
> Daniel Bengs <a-very@non-existing-e-mail-adress.com> schrieb:
>
>[color=green]
>>I've got a problem where a normal string variable loses its value after
>>session_start () is called. The funny thing is, that this only happens
>>for some people, and they are using IE6, but it does not happen with all
>>versions of IE6. I've tested myself only with Mozilla and IE5, but the
>>problem does not occur for me.[/color]
>
>
> Very strange. PHP is running on the server, not on the browser.
>
>[color=green]
>>I've got a username stored in $user, which is obtained from the $_POST
>>variable, but after session_start() is called $user is empty, but the
>>username still is in $_POST['username'].[/color]
>
>
> This is one of the problems if register_global s is activated. Could you
> check this?[/color]

Yes, according to phpinfo() register globals is on.
[color=blue][color=green]
>>Then another problem I have is being logged out from a session after a
>>certain length of inactivity it would seem. I've only noticed this on
>>a server which is running PHP 4.3.3/Apache 1.3.28/linux. It's about
>>after half an hour of inactivity that I get logged out. I've checked
>>the cookie and it is set to expire on session/browser exit. I haven't
>>noticed this behavior on my own server also running PHP 4.3.3. I also
>>checked the PHP session configuration and it's the same on both servers.[/color]
>
>
> Sure? What's the value of session.gc_maxl ifetime and
> session.gc_prob ability = 1 in the php.ini?[/color]

session.gc_maxl ifetime 1440
session.gc_prob ability 1

....according to phpinfo() at least...

Re: Session problems

Daniel Bengs wrote:
[color=blue]
> Matthias Esken wrote:
>[color=green]
>> Daniel Bengs <a-very@non-existing-e-mail-adress.com> schrieb:
>>
>>[color=darkred]
>>> I've got a problem where a normal string variable loses its value
>>> after session_start() is called. The funny thing is, that this only
>>> happens for some people, and they are using IE6, but it does not
>>> happen with all versions of IE6. I've tested myself only with Mozilla
>>> and IE5, but the problem does not occur for me.[/color]
>>
>>
>>
>> Very strange. PHP is running on the server, not on the browser.
>>
>>[color=darkred]
>>> I've got a username stored in $user, which is obtained from the $_POST
>>> variable, but after session_start() is called $user is empty, but the
>>> username still is in $_POST['username'].[/color]
>>
>>
>>
>> This is one of the problems if register_global s is activated. Could you
>> check this?[/color]
>
>
> Yes, according to phpinfo() register globals is on.
>[/color]

What's also common for the people in this case is that they are on an
internal network, not that I understand why that would make any
difference either... :)

And now I also noticed another funny thing. On one page where an
addition to a mysql database is made a field, which is the user who made
the addition, is empty for some persons, but not everyone who makes the
addition. The username value is retrieved with:

"((string) $_SESSION['username'])".

But when the username, on the same page, is written to a logfile, with
the same code above, it is not empty.

Re: Session problems

Daniel Bengs <a-very@non-existing-e-mail-adress.com> schrieb:
[color=blue]
> And now I also noticed another funny thing. On one page where an
> addition to a mysql database is made a field, which is the user who made
> the addition, is empty for some persons, but not everyone who makes the
> addition. The username value is retrieved with:
>
> "((string) $_SESSION['username'])".
>
> But when the username, on the same page, is written to a logfile, with
> the same code above, it is not empty.[/color]

Does the problem occur while displaying the data or storing the data in
the database.

In the second case, there might be some special chars like ' in the
username. Always use mysql_escape_st ring() for values that you want to
send to the MySQL server.

Regards,
Matthias

Re: Session problems

Daniel Bengs <a-very@non-existing-e-mail-adress.com> schrieb:
[color=blue]
> Matthias Esken wrote:
>[color=green]
>> Sure? What's the value of session.gc_maxl ifetime and
>> session.gc_prob ability = 1 in the php.ini?[/color]
>
> session.gc_maxl ifetime 1440
> session.gc_prob ability 1[/color]

So the session is considered invalid after 1440 seconds of inactivity
which are 24 minutes. With a probability of 1% the session is killed
during a session initialization. If not, you can continue to use the
session. If a lot of requests hit the server, the probability that the
idling session is killed after 30 minutes is very high. If you're just
testing your code with one user, it might take longer. Increase
session.gc_maxl ifetime if you need more time.

Regards,
Matthias

Re: Session problems

Matthias Esken <muelleimer2003 nospam@usenetve rwaltung.org> wrote in message news:<bnrgsm.1g 0.1@usenet.eske n.de>...[color=blue]
> Daniel Bengs <a-very@non-existing-e-mail-adress.com> schrieb:
>[color=green]
> > And now I also noticed another funny thing. On one page where an
> > addition to a mysql database is made a field, which is the user who made
> > the addition, is empty for some persons, but not everyone who makes the
> > addition. The username value is retrieved with:
> >
> > "((string) $_SESSION['username'])".
> >
> > But when the username, on the same page, is written to a logfile, with
> > the same code above, it is not empty.[/color]
>
> Does the problem occur while displaying the data or storing the data in
> the database.[/color]

Displaying it... anyway, it seems that it works better now when I
moved the session_start to the top of the code, but I still didn't
have any code that was outputting anything...
[color=blue]
> In the second case, there might be some special chars like ' in the
> username. Always use mysql_escape_st ring() for values that you want to
> send to the MySQL server.[/color]

None of the usernames have any special characters...


PS. My news server didn't get the last two posts (besides a whole lot
other posts it doesn't get) and therefore I haven't answered before
now. So I'm using Google groups now instead...