session/cookie..

enterume

Hi,

Recently I encounting massive problem in implementing the session and cookie.

1) When I use session+(save session at server), I might encounter some problem like 'can't find /tmp' directory error from PHP). This will cause the cookieless session_register doesn't work. Why?

2) When I use cookie, certain pc seem like can't support cookie name in array, especially in Window 2000 client.

Actaully what I trying to do is create a cookie/session, as long as the browser is not close, the cookie will be still valid. I try to set my session via below:

 
 $p_cookie['username']		= $info['username'];
$p_cookie['password']		= $info['password'];

session_register('p_cookie');

but somehow, after the user login, and click on other link, the session will be lost, esp in Win2K machine. Why it could happend?

So, I am wondering whether to use Cookieless session(so I won't have the problem to store cookie at client site ,but might get the directory error to store session sometimes), or use set_cookie() (but some client browser have limitation in store cookie?) ?

Please advice.

drewbie

you need to set the session directory in your php.ini file

session.save_path = C:\php\sessions

MrAlaska

Addressing your second issue:

If you are using native PHP sessions, you do not need to set your own cookie. You can just forget about cookies and let PHP do the work. PHP, by default, will set the cookie or insert the session ID in the URL if the client does not accept cookies. You can access these settings in your php.ini file if they are not working properly.

You can safely store session variables on the server, but you should not use session register(). For security purposes you should set and retrieve session variables through $_SESSION (or HTTP_SESSION_VARS). You can find examples how to do so here:
http://www.php.net/manual/en/ref.session.php

enterume

So what could be the problem, certain client can't store the cookie at their browser? it is OS dependcy? because it just happend to certain client.

Please give me a simple example to register and retrieve session via $_SESSION , instead of using session_register.

And also, my site is host under shared machine, so I dont' have permission to change any setting in php.ini. What I know, is the web hosting compnay install PHP via the RPM package.

And I find out that their session_path specify to a non-existing directly from phpinfo() (they dont' have /tmp as well, or they change the permission of the dir). Could it be the problem that can't store the session at server site? I try to use init_alter() to change teh session_path, but it seem like can't work also.

Please advice.

MrAlaska

The 'can't find /tmp' directory error from PHP is a server issue that will affect all sessions and is unrelated to the client whether they are using cookies or not. Either something else in your code prompted that error, sessions are not working at all, or your server 'lost' the tmp directory for some reason at that time.

Regarding your client's issue with the cookie: To the best of my knowledge, PHP cookies are fully compliant with all browsers. By default, if the client does not accept the cookie PHP then uses 'session in the url'. Are you also setting your own cookies?

I do not use native session management myself so I am not familiar with the mechanics of it, but from the tutorial it appears you would handle session variables properly using something like this syntax:

To set a session variable:
$_SESSION['var']=$var;

To access a session variable:
$var=$_SESSION['var'];

To release a session variable:
unset($_SESSION['var']);