multiple sessions

Re: multiple sessions

Goalie wrote:
[color=blue]
> Dear all,
>
> I have a script which checks whether a user is logged in and on which
> level. If he is not logged in, he will get the login screen. My problem is
> that the script works on the server of the ISP, but not on my local
> machine. I checked me php.ini files and also phpinfo on the ISP server.
> But what happens is that if I try to log in on my local server the session
> is started but not read by the next file, it returns again to the login
> screen. The files in the /tmp directory are written and contain the data,
> but they are not read in again. Can any body help me on this. I work with
> php 4.3.
>
> Regards,
> goalie[/color]

Hi,

I think you better named your posting: 'Broken Session' instead of multiple
session. You don't seem to get 1 running. :-)

Ok, many settings can influence the behaviour.
The BEST way to start is in my humble opinion in your browser.
1) Delete all cookies.
2) Goto you PHP page
3) CHeck if it sets a cookie with a PHPSESSIONID=bl abla

(I expect not)

Now try to adjust your php.ini (and restart webserver if needed).
FInd the [Session] part

Pay special attention to:
session.save_ha ndler = files (in most cases)
session.save_pa th = /tmp (or whereever you store the stuff)
session.use_coo kies = 1 (important)
session.auto_st art = 1 (important!)

The autostart is very handy.
You don't have to fiddle around with starting sessions and such.

For security: DOn't rely on the fact that a session exists, just rely on the
fact that YOU put something into a session.
It makes things much more clear from a programmers point-of-view.
(At least that is what I think.)

eg:
$_SESSION["userauthentica tedLevel1"] = "Y";
$_SESSION["userauthentica tedLevel2"] = "N";

is a good way to set userrights.

On the pages that are secured, just check for the right value in the
session.

Hope this helps.

Regards,
Erwin Moller

-----------------------------------------

Here follows mine (which works)

[Session]
; Handler used to store/retrieve data.
session.save_ha ndler = files

; Argument passed to save_handler. In the case of files, this is the path
; where data files are stored. Note: Windows users have to change this
; variable in order to use PHP's session functions.
session.save_pa th = /tmp

; Whether to use cookies.
session.use_coo kies = 1


; Name of the session (used as cookie name).
session.name = PHPSESSID

; Initialize session on request startup.
session.auto_st art = 1

; Lifetime in seconds of cookie or, if 0, until browser is restarted.
session.cookie_ lifetime = 0

; The path for which the cookie is valid.
session.cookie_ path = /

; The domain for which the cookie is valid.
session.cookie_ domain =

; Handler used to serialize data. php is the standard serializer of PHP.
session.seriali ze_handler = php

; Percentual probability that the 'garbage collection' process is started
; on every session initialization.
session.gc_prob ability = 1

; After this number of seconds, stored data will be seen as 'garbage' and
; cleaned up by the garbage collection process.
session.gc_maxl ifetime = 1440

; Check HTTP Referer to invalidate externally stored URLs containing ids.
; HTTP_REFERER has to contain this substring for the session to be
; considered as valid.
session.referer _check =

; How many bytes to read from the file.
session.entropy _length = 0

; Specified here to create the session id.
session.entropy _file =

;session.entrop y_length = 16

;session.entrop y_file = /dev/urandom

; Set to {nocache,privat e,public} to determine HTTP caching aspects.
session.cache_l imiter = nocache

; Document expires after n minutes.
session.cache_e xpire = 180

; use transient sid support if enabled by compiling with --enable-trans-sid.
session.use_tra ns_sid = 1

url_rewriter.ta gs = "a=href,area=hr ef,frame=src,in put=src,form=fa keentry"

Re: multiple sessions

Dear all,

I changed the things in the php.ini file, but it didn't help (restarted
httpd as well).
My browser accepts cookies, in the temp directory a file made sess_blabla
after I clicked login. But when I go into my secure.php page
isset($_SESSION['name'] is false and I am redirected to my login page. After
that my second session file is started.

The session lines in php.ini looks like:
session.save_ha ndler = files
session.save_pa th = /tmp
session.use_coo kies = 1
session.name = PHPSESSID
session.auto_st art = 1
session.cookie_ lifetime = 0
session.cookie_ path = /tmp
session.cookie_ domain = donald
session.seriali ze_handler = php
session.gc_prob ability = 1
session.gc_maxl ifetime = 1440
session.referer _check =
session.entropy _length = 0
session.entropy _file =
session.cache_l imiter = nocache
session.cache_e xpire = 180
session.use_tra ns_sid = 1

Regards,

Marcel
"Erwin Moller"
<since_humans_r ead_this_I_am_s pammed_too_much @spamyourself.c om> wrote in
message news:41ee3034$0 $6219$e4fe514c@ news.xs4all.nl. ..[color=blue]
> Goalie wrote:
>[color=green]
>> Dear all,
>>
>> I have a script which checks whether a user is logged in and on which
>> level. If he is not logged in, he will get the login screen. My problem
>> is
>> that the script works on the server of the ISP, but not on my local
>> machine. I checked me php.ini files and also phpinfo on the ISP server.
>> But what happens is that if I try to log in on my local server the
>> session
>> is started but not read by the next file, it returns again to the login
>> screen. The files in the /tmp directory are written and contain the data,
>> but they are not read in again. Can any body help me on this. I work with
>> php 4.3.
>>
>> Regards,
>> goalie[/color]
>
> Hi,
>
> I think you better named your posting: 'Broken Session' instead of
> multiple
> session. You don't seem to get 1 running. :-)
>
> Ok, many settings can influence the behaviour.
> The BEST way to start is in my humble opinion in your browser.
> 1) Delete all cookies.
> 2) Goto you PHP page
> 3) CHeck if it sets a cookie with a PHPSESSIONID=bl abla
>
> (I expect not)
>
> Now try to adjust your php.ini (and restart webserver if needed).
> FInd the [Session] part
>
> Pay special attention to:
> session.save_ha ndler = files (in most cases)
> session.save_pa th = /tmp (or whereever you store the stuff)
> session.use_coo kies = 1 (important)
> session.auto_st art = 1 (important!)
>
> The autostart is very handy.
> You don't have to fiddle around with starting sessions and such.
>
> For security: DOn't rely on the fact that a session exists, just rely on
> the
> fact that YOU put something into a session.
> It makes things much more clear from a programmers point-of-view.
> (At least that is what I think.)
>
> eg:
> $_SESSION["userauthentica tedLevel1"] = "Y";
> $_SESSION["userauthentica tedLevel2"] = "N";
>
> is a good way to set userrights.
>
> On the pages that are secured, just check for the right value in the
> session.
>
> Hope this helps.
>
> Regards,
> Erwin Moller
>
> -----------------------------------------
>
> Here follows mine (which works)
>
> [Session]
> ; Handler used to store/retrieve data.
> session.save_ha ndler = files
>
> ; Argument passed to save_handler. In the case of files, this is the path
> ; where data files are stored. Note: Windows users have to change this
> ; variable in order to use PHP's session functions.
> session.save_pa th = /tmp
>
> ; Whether to use cookies.
> session.use_coo kies = 1
>
>
> ; Name of the session (used as cookie name).
> session.name = PHPSESSID
>
> ; Initialize session on request startup.
> session.auto_st art = 1
>
> ; Lifetime in seconds of cookie or, if 0, until browser is restarted.
> session.cookie_ lifetime = 0
>
> ; The path for which the cookie is valid.
> session.cookie_ path = /
>
> ; The domain for which the cookie is valid.
> session.cookie_ domain =
>
> ; Handler used to serialize data. php is the standard serializer of PHP.
> session.seriali ze_handler = php
>
> ; Percentual probability that the 'garbage collection' process is started
> ; on every session initialization.
> session.gc_prob ability = 1
>
> ; After this number of seconds, stored data will be seen as 'garbage' and
> ; cleaned up by the garbage collection process.
> session.gc_maxl ifetime = 1440
>
> ; Check HTTP Referer to invalidate externally stored URLs containing ids.
> ; HTTP_REFERER has to contain this substring for the session to be
> ; considered as valid.
> session.referer _check =
>
> ; How many bytes to read from the file.
> session.entropy _length = 0
>
> ; Specified here to create the session id.
> session.entropy _file =
>
> ;session.entrop y_length = 16
>
> ;session.entrop y_file = /dev/urandom
>
> ; Set to {nocache,privat e,public} to determine HTTP caching aspects.
> session.cache_l imiter = nocache
>
> ; Document expires after n minutes.
> session.cache_e xpire = 180
>
> ; use transient sid support if enabled by compiling
> with --enable-trans-sid.
> session.use_tra ns_sid = 1
>
> url_rewriter.ta gs = "a=href,area=hr ef,frame=src,in put=src,form=fa keentry"[/color]

Re: multiple sessions

Goalie wrote:
[color=blue]
> Dear all,
>
> I changed the things in the php.ini file, but it didn't help (restarted
> httpd as well).
> My browser accepts cookies, in the temp directory a file made sess_blabla
> after I clicked login. But when I go into my secure.php page
> isset($_SESSION['name'] is false and I am redirected to my login page.
> After that my second session file is started.[/color]

Hi,

Are both files on the same domain? (should be)
And what is 'donald' excactly doing in your php.ini?
--> session.cookie_ domain = donald <--

Is that a valid domain????
Try to remove donald, and try again.

Regards,
Erwin Moller
[color=blue]
>
> The session lines in php.ini looks like:
> session.save_ha ndler = files
> session.save_pa th = /tmp
> session.use_coo kies = 1
> session.name = PHPSESSID
> session.auto_st art = 1
> session.cookie_ lifetime = 0
> session.cookie_ path = /tmp
> session.cookie_ domain = donald
> session.seriali ze_handler = php
> session.gc_prob ability = 1
> session.gc_maxl ifetime = 1440
> session.referer _check =
> session.entropy _length = 0
> session.entropy _file =
> session.cache_l imiter = nocache
> session.cache_e xpire = 180
> session.use_tra ns_sid = 1
>
> Regards,
>
> Marcel[/color]

Re: multiple sessions

Yes, they are in the same domain.
I removed it, but not succeed.

Goalie
"Erwin Moller"
<since_humans_r ead_this_I_am_s pammed_too_much @spamyourself.c om> wrote in
message news:41ee3fcd$0 $6222$e4fe514c@ news.xs4all.nl. ..[color=blue]
> Goalie wrote:
>[color=green]
>> Dear all,
>>
>> I changed the things in the php.ini file, but it didn't help (restarted
>> httpd as well).
>> My browser accepts cookies, in the temp directory a file made sess_blabla
>> after I clicked login. But when I go into my secure.php page
>> isset($_SESSION['name'] is false and I am redirected to my login page.
>> After that my second session file is started.[/color]
>
> Hi,
>
> Are both files on the same domain? (should be)
> And what is 'donald' excactly doing in your php.ini?
> --> session.cookie_ domain = donald <--
>
> Is that a valid domain????
> Try to remove donald, and try again.
>
> Regards,
> Erwin Moller
>[color=green]
>>
>> The session lines in php.ini looks like:
>> session.save_ha ndler = files
>> session.save_pa th = /tmp
>> session.use_coo kies = 1
>> session.name = PHPSESSID
>> session.auto_st art = 1
>> session.cookie_ lifetime = 0
>> session.cookie_ path = /tmp
>> session.cookie_ domain = donald
>> session.seriali ze_handler = php
>> session.gc_prob ability = 1
>> session.gc_maxl ifetime = 1440
>> session.referer _check =
>> session.entropy _length = 0
>> session.entropy _file =
>> session.cache_l imiter = nocache
>> session.cache_e xpire = 180
>> session.use_tra ns_sid = 1
>>
>> Regards,
>>
>> Marcel[/color][/color]