sessions being destroyed prematurely

Re: sessions being destroyed prematurely

Lee wrote:Java applets can't access (at least not easily) PHP session information.

--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attgl obal.net
=============== ===

Re: sessions being destroyed prematurely

Java applets can't access (at least not easily) PHP session information.

The applet is not accessing the information actually--thank you for
prompting me to clarify.

The target PHP files carry session information themselves and return
specific data which are determined by their session information and
the applet's post/get variables. Thus, the applet never holds the
session variables.

Re: sessions being destroyed prematurely

Hi,

You may need to add a <paramwith the session ID. For example:

<param name="sessionId " value="<?php echo htmlentities(se ssion_id()) ?When you connect back to the site add "PHPSESSID= " +
getParameter("s essionId") to the URL or POST data.

Regards,

John Peters

On May 27, 3:32 pm, Lee <lsk...@gmail.c omwrote:

Re: sessions being destroyed prematurely

Lee wrote:It seems that what Jerry meant, was that java applets do not transmit
proper headers, that informs the php server what session files to use.
Since PHP does not receive the session id, it creates new session, that
is why you got an empty array - it's a new one.

Try checking headers, you will see the difference there.

As it's suggested in the other reply, you will need to force passing
some extra data. You can use both POST and GET requests to pass session
id to PHP

best regards
Piotr N

Re: sessions being destroyed prematurely

Lee wrote:OK, in that case you can do it. But again, you need a little help.

The PHP session id is typically stored in a cookie. Your java applet
will need to pass this information back to the PHP page. You can get
the cookie in your applet and pass it on in the header, or you can pass
it as a hidden field as a post value or in the url as a get value.

--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attgl obal.net
=============== ===

Re: sessions being destroyed prematurely

Thank you all.

Just to clarify, simply adding in PHPSESSID into the request variables
will set the session? Or do I need to so something like
<?
session_start() ;
if(isset($_REQU EST['PHPSESSID']))
session_name($_ REQUEST['PHPSESSID']);
?>
?

I will try this or whatever you suggest, thanks!

Re: sessions being destroyed prematurely

Lee wrote:It depends on your hosting company setup. If it allows the session id
to be in the URL (i.e. session.use_onl y_cookies NOT set to 1 in your
php.ini file), putting it in the URL should be all you need. You can
check this by disabling cookies in your browser and accessing the PHP
pages in your site (not using the java pages).

Otherwise you will need to call session_name with the session id (use
$_GET or $_POST, as appropriate - not $_REQUEST). But you need to call
session_name() BEFORE calling session_start() .

But I think the better way would be to go ahead and just send the
session id as a cookie in Java. Check one of the Java newsgroups on how
to do that.

--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attgl obal.net
=============== ===

Re: sessions being destroyed prematurely

Ok so based on all of your recommendations , I write the following
code:
<?
if(isset($_GET['PHPSESSID'])){
$PHPSESSID=$_GE T['PHPSESSID'];
session_id($PHP SESSID);
}
if(isset($_POST['PHPSESSID'])){
$PHPSESSID=$_PO ST['PHPSESSID'];
session_id($PHP SESSID);
}
session_start() ;
define('PHPSESS ID',session_id( ));
?>

When I go to the web page and log in (essentially setting session
variables), it works like normal and I retrieve the session id.
Changing it logs me out, and reverting it logs me back in.
Ok so, setting the session id works perfectly.

However, when I run a Java program that makes a post request using
PHPSESSID, it logs me out (the session array is empty). Running the
Java program with an incorrect session id does not force me to log
out.

Is there anything I have done wrong here or have I done it right and
there could be another source of the problem? Thank you all for your
help.

Re: sessions being destroyed prematurely

Lee wrote:No, I suspect you're either using the wrong session ID, or using the
correct session id but passing it incorrectly from the Java applet.

Display your session id before and after running your applet - what does
it show?

Of course it's always possible something is clearing out your session
information. For instance, if you're using java at the server, and it's
set up to use the same session files as PHP, you might have an
incompatibility between languages.

--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attgl obal.net
=============== ===

Re: sessions being destroyed prematurely

No, I suspect you're either using the wrong session ID, or using theWell while I am testing, I have moved from an applet to a command-line
Java application that makes a simple post request. The target web
page print_r's the session array, the post array, and the session id.
At first when the web page is opened, the session array is fine.
I can log into the web page and get the PHPSESSID, no problem. Next,
I make a post request

PHPSESSID=1ca8f d4c538034542db7 0cdf70ce2b23

where the PHPSESSID is the sessionid (which I copy from the web page
after logging in). The target web page (now from the command line)
prints the session id from the post request, next an empty session,
and finally the current session id which matches the one in the post
array. Theoretically, the session array should contain everything
that the web page showed earlier but it doesn't.
Next, I go back to the web page to refresh it and there is an empty
array. Something that the Java file did logged me out. This behavior
does not happen however, if I use a different PHPSESSID: the command
line still returns an empty array but the web site still has the
session array intact.

Re: sessions being destroyed prematurely

Yes, I am using the CLI for a simple Java program instead of an applet
for now. It should not change which php.ini file is being used.
Below all this is what phpinfo shows under the session heading from
the browser when I call phpinfo().

<?
// this is the PHP target page

if(isset($_GET['PHPSESSID'])){
$PHPSESSID=$_GE T['PHPSESSID'];
session_id($PHP SESSID);
}

if(isset($_POST['PHPSESSID'])){
$PHPSESSID=$_PO ST['PHPSESSID'];
session_id($PHP SESSID);
}

session_start() ;
define('PHPSESS ID',session_id( ));

print_r($_SESSI ON);
print_r($_POST) ;
print PHPSESSID."\n";
?>

/** The Java applet and the CLI script both use this method, which
basically opens a page and sends the request of PHPSESSID=... */
public static InputStream postToURL(URL postURL, String post)
throws IOException{
URLConnection connect = postURL.openCon nection();
connect.setDoOu tput(true);
connect.setUseC aches(false);

OutputStreamWri ter fwdOut = new
OutputStreamWri ter(connect.get OutputStream()) ;
fwdOut.write(po st);
fwdOut.flush();
fwdOut.close();

return connect.getInpu tStream();
}



session
Session Support enabled
Registered save handlers files user
Registered serializer handlers php php_binary wddx

Directive Local Value Master Value
session.auto_st art Off Off
session.bug_com pat_42 On On
session.bug_com pat_warn On On
session.cache_e xpire 180 180
session.cache_l imiter nocache nocache
session.cookie_ domain no value no value
session.cookie_ httponly Off Off
session.cookie_ lifetime 0 0
session.cookie_ path / /
session.cookie_ secure Off Off
session.entropy _file no value no value
session.entropy _length 0 0
session.gc_divi sor 100 100
session.gc_maxl ifetime 1440 1440
session.gc_prob ability 0 0
session.hash_bi ts_per_characte r 4 4
session.hash_fu nction 0 0
session.name PHPSESSID PHPSESSID
session.referer _check no value no value
session.save_ha ndler files files
session.save_pa th /var/lib/php5 /var/lib/php5
session.seriali ze_handler php php
session.use_coo kies On On
session.use_onl y_cookies Off Off
session.use_tra ns_sid 0 0

Re: sessions being destroyed prematurely

Lee wrote:Offhand I'd say it looks OK. I don't think you should be checking the
$_POST if $_GET works (and personally I'd do it the other way around).
But I don't think it will cause this problem.

Also, what do you get if you print_r($_COOKI ES); ?
OK, this isn't going to send the correct headers to get the id to the
PHP script. You need to follow up in the Java newsgroups to send the
information in the necessary format.
session.save_pa th is generally /tmp on Unix and a temporary directory
(i.e. c:/temp) on Windows. But it shouldn't cause this problem.

But I don't see any problems with your settings. I really think what's
being sent by your applet is incorrect. But I can't explain why it's
causing the symptoms you're seeing.


--
=============== ===
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attgl obal.net
=============== ===

Re: sessions being destroyed prematurely

Thank you for looking over everything. I'll try the Java forums and
see about header information. Thanks!

Re: sessions being destroyed prematurely

I went and looked into Java headers and other miscellaneous Java
topics but our group is quickly learning that there is no way for Java
to directly access the PHP session variables on the server.
That is to say, there is a place in the PHP files that starts a
session and there is one place that loads in the session variables;
however, there is no place in the PHP code that sets $_SESSION to an
empty array, which is what is happening.
The session id has been working perfectly. The only problem is that
somehow the connection that Java causes $_SESSION=array ();. Setting
$_SESSION to an empty array is nowhere in my code which leads me to
think that this is only a PHP problem.
What are some plausible reasons that the array would be reset to empty?