Hello and welcome to our community! Is this your first visit?
Register
Enjoy an ad free experience by logging in. Not a member yet? Register.
Results 1 to 12 of 12
  1. #1
    Regular Coder
    Join Date
    Feb 2005
    Location
    Tokyo, Japan
    Posts
    151
    Thanks
    0
    Thanked 0 Times in 0 Posts

    php.ini gurus - session setup?

    I'm having a problem maintaining sessions, not entirly sure what the problem is but I figured I'd start by looking at the php.ini file to see how my sessions were set up.

    To me it looks fine, however I'm no expert...

    (background: currently I'm using Apache 2.0.53 and php5.0.4)

    Here is the sessions segment of my php.ini file. Can anyone see anything wrong with it?
    (let me know if there is anything else you need to see/know to help figure this out)
    Code:
    [Session]
    ; Handler used to store/retrieve data.
    session.save_handler = files
    
    ; Argument passed to save_handler.  In the case of files, this is the path
    ; where data files are stored. Note: Windows users have to change this
    ; variable in order to use PHP's session functions.
    ;
    ; As of PHP 4.0.1, you can define the path as:
    ;
         session.save_path = "C:\Temp"
    ;
    ; where N is an integer.  Instead of storing all the session files in
    ; /path, what this will do is use subdirectories N-levels deep, and
    ; store the session data in those directories.  This is useful if you
    ; or your OS have problems with lots of files in one directory, and is
    ; a more efficient layout for servers that handle lots of sessions.
    ;
    ; NOTE 1: PHP will not create this directory structure automatically.
    ;         You can use the script in the ext/session dir for that purpose.
    ; NOTE 2: See the section on garbage collection below if you choose to
    ;         use subdirectories for session storage
    ;
    ; The file storage module creates files using mode 600 by default.
    ; You can change that by using
    ;
    ;     session.save_path = "N;MODE;/path"
    ;
    ; where MODE is the octal representation of the mode. Note that this
    ; does not overwrite the process's umask.
    ;session.save_path = "/tmp"
    
    ; Whether to use cookies.
    session.use_cookies = 1
    
    ; This option enables administrators to make their users invulnerable to
    ; attacks which involve passing session ids in URLs; defaults to 0.
    ; session.use_only_cookies = 1
    
    ; Name of the session (used as cookie name).
    session.name = PHPSESSID
    
    ; Initialize session on request startup.
    session.auto_start = 0
    
    ; Lifetime in seconds of cookie or, if 0, until browser is restarted.
    session.cookie_lifetime = 0
    
    ; The path for which the cookie is valid.
    session.cookie_path = \
    
    ; The domain for which the cookie is valid.
    session.cookie_domain =
    
    ; Handler used to serialize data.  php is the standard serializer of PHP.
    session.serialize_handler = php
    
    ; Define the probability that the 'garbage collection' process is started
    ; on every session initialization.
    ; The probability is calculated by using gc_probability/gc_divisor,
    ; e.g. 1/100 means there is a 1% chance that the GC process starts
    ; on each request.
    
    session.gc_probability = 1
    session.gc_divisor     = 1000
    
    ; After this number of seconds, stored data will be seen as 'garbage' and
    ; cleaned up by the garbage collection process.
    session.gc_maxlifetime = 1440
    
    ; NOTE: If you are using the subdirectory option for storing session files
    ;       (see session.save_path above), then garbage collection does *not*
    ;       happen automatically.  You will need to do your own garbage
    ;       collection through a shell script, cron entry, or some other method.
    ;       For example, the following script would is the equivalent of
    ;       setting session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes):
    ;          cd /path/to/sessions; find -cmin +24 | xargs rm
    
    ; PHP 4.2 and less have an undocumented feature/bug that allows you to
    ; to initialize a session variable in the global scope, albeit register_globals
    ; is disabled.  PHP 4.3 and later will warn you, if this feature is used.
    ; You can disable the feature and the warning separately. At this time,
    ; the warning is only displayed, if bug_compat_42 is enabled.
    
    session.bug_compat_42 = 0
    session.bug_compat_warn = 1
    
    ; Check HTTP Referer to invalidate externally stored URLs containing ids.
    ; HTTP_REFERER has to contain this substring for the session to be
    ; considered as valid.
    session.referer_check =
    
    ; How many bytes to read from the file.
    session.entropy_length = 0
    
    ; Specified here to create the session id.
    session.entropy_file =
    
    ;session.entropy_length = 16
    
    ;session.entropy_file = /dev/urandom
    
    ; Set to {nocache,private,public,} to determine HTTP caching aspects
    ; or leave this empty to avoid sending anti-caching headers.
    session.cache_limiter = nocache
    
    ; Document expires after n minutes.
    session.cache_expire = 180
    
    ; trans sid support is disabled by default.
    ; Use of trans sid may risk your users security.
    ; Use this option with caution.
    ; - User may send URL contains active session ID
    ;   to other person via. email/irc/etc.
    ; - URL that contains active session ID may be stored
    ;   in publically accessible computer.
    ; - User may access your site with the same session ID
    ;   always using URL stored in browser's history or bookmarks.
    session.use_trans_sid = 0
    
    ; Select a hash function
    ; 0: MD5   (128 bits)
    ; 1: SHA-1 (160 bits)
    session.hash_function = 0
    
    ; Define how many bits are stored in each character when converting
    ; the binary hash data to something readable.
    ;
    ; 4 bits: 0-9, a-f
    ; 5 bits: 0-9, a-v
    ; 6 bits: 0-9, a-z, A-Z, "-", ","
    session.hash_bits_per_character = 5
    
    ; The URL rewriter will look for URLs in a defined set of HTML tags.
    ; form/fieldset are special; if you include them here, the rewriter will
    ; add a hidden <input> field with the info which is otherwise appended
    ; to URLs.  If you want XHTML conformity, remove the form entry.
    ; Note that all valid entries require a "=", even if no value follows.
    url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"
    here are some scripts I've been using to test sessions on my current setup.

    When running this script a session file is created everytime the page is refreshed, but it never increments and nothing prints.
    PHP Code:
    //graciously provided my delinear
    <?php
    session_start
    ();

    if(!isset(
    $_SESSION['test'])) {
       
    $_SESSION['test'] = 0;
    } else {
        echo 
    $_SESSION['test'];
        
    $_SESSION['test']++;
    }
    ?>

    When running this script a session file is created everytime the page is refreshed and the counter only increments once (on the initial page load)
    PHP Code:
    <?php
    session_start
    ();
    session_register("count");

    if (!isset(
    $_SESSION)) 
    {
        
    $_SESSION["count"] = 0;
        echo 
    "<p>Counter initialized</p>\n";

    else { 
    $_SESSION["count"]++; }

    echo 
    "<p>The counter is now <b>$_SESSION[count]</b></p>".
        
    "<p>reload this page to increment</p>";
    ?>
    If there is nothing wrong with the php.ini file, any suggestions on what the problem is? could it have to do with my apache httpd.confg file?


    NOTE: My browser(s) seem to deal with sessions fine on external websites.

    Thanks,

    Yak
    Last edited by Yakisoba; 06-15-2005 at 04:21 AM.

  • #2
    New to the CF scene
    Join Date
    Jun 2005
    Posts
    8
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Quote Originally Posted by Yakisoba
    I'm having a problem maintaining sessions, not entirly sure what the problem is but I figured I'd start by looking at the php.ini file to see how my sessions were set up.

    To me it looks fine, however I'm no expert...

    (background: currently I'm using Apache 2.0.53 and php5.0.4)

    Here is the sessions segment of my php.ini file. Can anyone see anything wrong with it?
    (let me know if there is anything else you need to see/know to help figure this out)
    Code:
    [Session]
    ; Handler used to store/retrieve data.
    session.save_handler = files
    
    ; Argument passed to save_handler.  In the case of files, this is the path
    ; where data files are stored. Note: Windows users have to change this
    ; variable in order to use PHP's session functions.
    ;
    ; As of PHP 4.0.1, you can define the path as:
    ;
         session.save_path = "C:\Temp"
    ;
    ; where N is an integer.  Instead of storing all the session files in
    ; /path, what this will do is use subdirectories N-levels deep, and
    ; store the session data in those directories.  This is useful if you
    ; or your OS have problems with lots of files in one directory, and is
    ; a more efficient layout for servers that handle lots of sessions.
    ;
    ; NOTE 1: PHP will not create this directory structure automatically.
    ;         You can use the script in the ext/session dir for that purpose.
    ; NOTE 2: See the section on garbage collection below if you choose to
    ;         use subdirectories for session storage
    ;
    ; The file storage module creates files using mode 600 by default.
    ; You can change that by using
    ;
    ;     session.save_path = "N;MODE;/path"
    ;
    ; where MODE is the octal representation of the mode. Note that this
    ; does not overwrite the process's umask.
    ;session.save_path = "/tmp"
    
    ; Whether to use cookies.
    session.use_cookies = 1
    
    ; This option enables administrators to make their users invulnerable to
    ; attacks which involve passing session ids in URLs; defaults to 0.
    ; session.use_only_cookies = 1
    
    ; Name of the session (used as cookie name).
    session.name = PHPSESSID
    
    ; Initialize session on request startup.
    session.auto_start = 0
    
    ; Lifetime in seconds of cookie or, if 0, until browser is restarted.
    session.cookie_lifetime = 0
    
    ; The path for which the cookie is valid.
    session.cookie_path = \
    
    ; The domain for which the cookie is valid.
    session.cookie_domain =
    
    ; Handler used to serialize data.  php is the standard serializer of PHP.
    session.serialize_handler = php
    
    ; Define the probability that the 'garbage collection' process is started
    ; on every session initialization.
    ; The probability is calculated by using gc_probability/gc_divisor,
    ; e.g. 1/100 means there is a 1% chance that the GC process starts
    ; on each request.
    
    session.gc_probability = 1
    session.gc_divisor     = 1000
    
    ; After this number of seconds, stored data will be seen as 'garbage' and
    ; cleaned up by the garbage collection process.
    session.gc_maxlifetime = 1440
    
    ; NOTE: If you are using the subdirectory option for storing session files
    ;       (see session.save_path above), then garbage collection does *not*
    ;       happen automatically.  You will need to do your own garbage
    ;       collection through a shell script, cron entry, or some other method.
    ;       For example, the following script would is the equivalent of
    ;       setting session.gc_maxlifetime to 1440 (1440 seconds = 24 minutes):
    ;          cd /path/to/sessions; find -cmin +24 | xargs rm
    
    ; PHP 4.2 and less have an undocumented feature/bug that allows you to
    ; to initialize a session variable in the global scope, albeit register_globals
    ; is disabled.  PHP 4.3 and later will warn you, if this feature is used.
    ; You can disable the feature and the warning separately. At this time,
    ; the warning is only displayed, if bug_compat_42 is enabled.
    
    session.bug_compat_42 = 0
    session.bug_compat_warn = 1
    
    ; Check HTTP Referer to invalidate externally stored URLs containing ids.
    ; HTTP_REFERER has to contain this substring for the session to be
    ; considered as valid.
    session.referer_check =
    
    ; How many bytes to read from the file.
    session.entropy_length = 0
    
    ; Specified here to create the session id.
    session.entropy_file =
    
    ;session.entropy_length = 16
    
    ;session.entropy_file = /dev/urandom
    
    ; Set to {nocache,private,public,} to determine HTTP caching aspects
    ; or leave this empty to avoid sending anti-caching headers.
    session.cache_limiter = nocache
    
    ; Document expires after n minutes.
    session.cache_expire = 180
    
    ; trans sid support is disabled by default.
    ; Use of trans sid may risk your users security.
    ; Use this option with caution.
    ; - User may send URL contains active session ID
    ;   to other person via. email/irc/etc.
    ; - URL that contains active session ID may be stored
    ;   in publically accessible computer.
    ; - User may access your site with the same session ID
    ;   always using URL stored in browser's history or bookmarks.
    session.use_trans_sid = 0
    
    ; Select a hash function
    ; 0: MD5   (128 bits)
    ; 1: SHA-1 (160 bits)
    session.hash_function = 0
    
    ; Define how many bits are stored in each character when converting
    ; the binary hash data to something readable.
    ;
    ; 4 bits: 0-9, a-f
    ; 5 bits: 0-9, a-v
    ; 6 bits: 0-9, a-z, A-Z, "-", ","
    session.hash_bits_per_character = 5
    
    ; The URL rewriter will look for URLs in a defined set of HTML tags.
    ; form/fieldset are special; if you include them here, the rewriter will
    ; add a hidden <input> field with the info which is otherwise appended
    ; to URLs.  If you want XHTML conformity, remove the form entry.
    ; Note that all valid entries require a "=", even if no value follows.
    url_rewriter.tags = "a=href,area=href,frame=src,input=src,form=fakeentry"
    here are some scripts I've been using to test sessions on my current setup.

    When running this script a session file is created everytime the page is refreshed, but it never increments and nothing prints.
    PHP Code:
    //graciously provided my delinear
    <?php
    session_start
    ();

    if(!isset(
    $_SESSION['test'])) {
       
    $_SESSION['test'] = 0;
    } else {
        echo 
    $_SESSION['test'];
        
    $_SESSION['test']++;
    }
    ?>

    When running this script a session file is created everytime the page is refreshed and the counter only increments once (on the initial page load)
    PHP Code:
    <?php
    session_start
    ();
    session_register("count");

    if (!isset(
    $_SESSION)) 
    {
        
    $_SESSION["count"] = 0;
        echo 
    "<p>Counter initialized</p>\n";

    else { 
    $_SESSION["count"]++; }

    echo 
    "<p>The counter is now <b>$_SESSION[count]</b></p>".
        
    "<p>reload this page to increment</p>";
    ?>
    If there is nothing wrong with the php.ini file, any suggestions on what the problem is? could it have to do with my apache httpd.confg file?


    NOTE: My browser(s) seem to deal with sessions fine on external websites.

    Thanks,

    Yak
    I think it's because of this :
    PHP Code:
    //graciously provided my delinear
    <?php
    session_start
    ();

    if(!isset(
    $_SESSION['test'])) {
       
    $_SESSION['test'] = 0;
    } else {
        echo 
    $_SESSION['test'];
        
    $_SESSION['test']++;
    }
    ?>
    If the sessions is set, it directly goes back to 0.
    Try changing it the way you like.

  • #3
    Regular Coder
    Join Date
    Feb 2005
    Location
    Tokyo, Japan
    Posts
    151
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Markman -
    If the sessions is set, it directly goes back to 0.
    I believe you are referring to this piece of code:

    PHP Code:
    if(!isset($_SESSION['test'])) {
       
    $_SESSION['test'] = 0;


    The explanation mark (!), from my understanding, is the "not" operator. So, if the session isNOTset (!isset) then it will initialize the session variable to 0, ELSE it should increment the session variable...

    PHP Code:
    else {
        echo 
    $_SESSION['test'];
        
    $_SESSION['test']++;


    Anymore suggestions?

    Thanks,

    Yak

  • #4
    Regular Coder
    Join Date
    Nov 2004
    Location
    The Netherlands
    Posts
    551
    Thanks
    0
    Thanked 0 Times in 0 Posts
    PHP Code:
    if (!isset($_SESSION)) {}//Your not specifiyng any particular session here.

    //Should be:

     
    if(!isset($_SESSION['count'])) {}

    //that's why it won't work. 
    CATdude about IE6: "All your box-model are belong to us"

  • #5
    Regular Coder
    Join Date
    Jun 2005
    Posts
    804
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Your first block of code (from delinear) is fine. One problem with your second is that you're using session_register() with the SESSION array -- you should use one or the other (and session_register() should only be used if register_globals is on -- which it shouldn't be).

    Try commenting out your session.save_path -- that's the only difference I saw between your session .ini setups and mine, unless you're problem's a PHP5-only issue (though I sort of doubt it is -- the PHP5-specific .ini settings don't look like they'd break your sessions completely, but I'll admit I'm doing a bit of guessing here).

  • #6
    Regular Coder
    Join Date
    Feb 2005
    Location
    Tokyo, Japan
    Posts
    151
    Thanks
    0
    Thanked 0 Times in 0 Posts
    mrruben5 - my first little test script (in my initial post) you will see that I tried somthing similar to what you suggest...

    (in this case the session is specified as 'test')
    PHP Code:
    <?php
    session_start
    ();

    if(!isset(
    $_SESSION['test'])) {
       
    $_SESSION['test'] = 0;
    } else {
        echo 
    $_SESSION['test'];
        
    $_SESSION['test']++;
    }
    ?>
    In my second test script; instead of specifying it the initial IF statement, I tried to "register" the session variable. (session_register("count"); )

    PHP Code:
    <?php
    session_start
    ();
    session_register("count");

    if (!isset(
    $_SESSION)) 
    {
        
    $_SESSION["count"] = 0;
        echo 
    "<p>Counter initialized</p>\n";

    else { 
    $_SESSION["count"]++; }

    echo 
    "<p>The counter is now <b>$_SESSION[count]</b></p>".
        
    "<p>reload this page to increment</p>";
    ?>
    is what I tried to do above wrong?


    Thanks

    Yak

    P.S. - I tried
    PHP Code:
    if(!isset($_SESSION['count'])) {} 
    still no luck.

  • #7
    Regular Coder
    Join Date
    Feb 2005
    Location
    Tokyo, Japan
    Posts
    151
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Kid Charming - tried commenting out the session.save_path. Nothing.

    just wondering...why shouldn't register_globals be on?
    (Note: although I am intrested in the answer, it is secondary to my initial problem.)

    PHP sessions are driving me off the deep end, I have no idea what I'm doing wrong.

    Yak

  • #8
    Regular Coder
    Join Date
    Jun 2005
    Posts
    804
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Having variables sent via POST and GET dropped directly into the global space is a security risk -- read more about it here.

    Are your cookies enabled?

  • #9
    Regular Coder
    Join Date
    Feb 2005
    Location
    Tokyo, Japan
    Posts
    151
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Yes, cookies are enabled.

    Thanks, for the link.

    Yak

  • #10
    Regular Coder
    Join Date
    Feb 2005
    Location
    Tokyo, Japan
    Posts
    151
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Oh man, you guys are not going to believe this...

    So everything is O.K. now (and its a good thing too, I was on the verge of insanity).

    Here is what the problem was (I still can't believe it):

    The problem was in the php.ini file...



    you want to know what it was...



    I'll tell you what it was...


    I had to change this:
    Code:
    ; The path for which the cookie is valid.
    session.cookie_path = \
    to this:
    Code:
    ; The path for which the cookie is valid.
    session.cookie_path = /

    Thank you all for taking the time to help me with this...

    *Blood pressure returning to normal*

    Yak

  • #11
    Regular Coder
    Join Date
    Jun 2005
    Posts
    804
    Thanks
    0
    Thanked 0 Times in 0 Posts
    Well, ain't that crap. What OS are you on?

  • #12
    Regular Coder
    Join Date
    Feb 2005
    Location
    Tokyo, Japan
    Posts
    151
    Thanks
    0
    Thanked 0 Times in 0 Posts
    "crap" doesn't even begin to describe it...

    The OS I'm using is windows XP.

    Note: it is a Japanese version, although the program is the same the character set is different. (this may be the cause of the problem)

    Thanks again

    Yak


  •  

    Posting Permissions

    • You may not post new threads
    • You may not post replies
    • You may not post attachments
    • You may not edit your posts
    •