Php &amp; Session Problems

Php & Session Problems

iges

Hi,

I'm running Apache 2.0.44 and php 4.3.1 on rh 8.0.
I have problems using sessions, since it's seems to me
that they are not created properly or are destroied...

I can not get back old values since every time a new
session id is created no matter what. I have tried couple
of versions: the default using files, and also postgreSQL db
based ones (session_set_save_handler).

When using the simple example in the php manual
(with $_SESSION) to count how many times the page is hit...
every time I reload the page I new session id is created
with default value???

Does anybody have an idea?

Thanx to guru's in advance 😉
Regards,

Iges.

NeonZ

I had this problem before. I simply wrote some code to check to see if the session was already declared. If it wasn't, then I put a value in it. If it already existed then the page had already been visited.

--MartinZ

keith73

are you using cookies with your sessions?

Post your code please, it's hard to guess what may be wrong. Looking at code, we may be able to pick it right out.

Keith

iges

Hi!

No I'm not using cookies, turned it of
from php.ini.
Here's also my code: two files
frist sesstest.php and sess.inc, and
also the sql for the table I use in
PostgreSQL. So the problem is, each

time a new session id is created...

SQL

CREATE TABLE phpsess (
sessid text PRIMARY KEY,
sessdata text
);

no timestap for expiry on purpose.
also have create a phpsessuser and
rights to access the table properly

A new sessid is always inserted.

sesstest.php


include_once("sess.inc");

session_start();

if (!isset($_SESSION['count'])) {
	$_SESSION['count'] = 0;
} else {
	$_SESSION['count']++;
}

echo $_SESSION['count'];

sess.inc


function sess_open ($save_path, $session_name) {
	return(true);
}

function sess_close() {
	return(true);
}

function sess_read ($id) {
	$cnnstr = "host=localhost port=5432 dbname=plm user=phpsessuser password=phpsessions";
	$pgcnn = pg_connect($cnnstr);
	if ($pgcnn) {
		$rs = pg_query($pgcnn, "SELECT sessid, sessdata FROM phpsess WHERE sessid='$id'");
		if (pg_num_rows($rs) > 0) {
			$ars = pg_fetch_array($rs, 1, PGSQL_ASSOC);
			return($ars["sessdata"]);
		} else {
			return("");
		}
		pg_close($pgcnn);
	} else {
		return("");
	}
}

function sess_write ($id, $sess_data) {
	$cnnstr = "host=localhost port=5432 dbname=plm user=phpsessuser password=phpsessions";
	$pgcnn = pg_connect($cnnstr);
	if ($pgcnn) {
		$rs = pg_query($pgcnn, "SELECT sessid, sessdata FROM phpsess WHERE sessid='$id'");
		if (pg_num_rows($rs) >= 1) {
			pg_query($pgcnn, "UPDATE phpsess SET sessdata='$sess_data' WHERE sessid='$id'");
		} else {
			pg_query($pgcnn, "INSERT INTO phpsess (sessid, sessdata) values('$id', '$sess_data')");
		}
		pg_close($pgcnn);
		return(true);
	} else {
		return(false);
	}
}

function sess_destroy ($id) {
	$cnnstr = "host=localhost port=5432 dbname=plm user=phpsessuser password=phpsessions";
	$pgcnn = pg_connect($cnnstr);
	if ($pgcnn) {
		pg_query($pgcnn, "DELETE FROM phpsess WHERE sessid='$id'");
		pg_close($pgcnn);
		return(true);
	} else {
		return(false);
	}
}

function sess_gc ($maxlifetime) {
	return true;
}

session_set_save_handler("sess_open", "sess_close", "sess_read", "sess_write", "sess_destroy", "sess_gc");

Regards,

Iges

keith73

Well, I've seen your code, but how is your session ID being passed?

If you aren't using cookies, then the session ID has to be passed via the url.

session_start will always create a new session ID unless one is passed to the script. I assume your session name is the default PHPSESSID that is set in the php.ini file.

You need to start the session, then see if any links in the page have ?PHPSESSID=sessionID. If not, then there's your problem.

create a page called sesstest2.php and put a link on sesstest.php to that file.

PHP will automatically append the session id to all links in the page.

If you want to use a different name for your sessions, call session_name('mysession'); before session_start();

Keith

BTW - please use the vbCode when posting large blocks of PHP code. It makes it much easier to read.

iges

Well, I konw about passing the id on url's, but i've also
read for security reasons it can done with out passing
the id on url. So I'm a bit confused... should I use a
hidden form field or something in that direction???...

Regards,
Iges.

julesdw

Well I've tried this before and using session_start() does often pick up an existing session that was created when you ran session_start() before.

However, I found it was not reliable at picking up the session again. So you really need a way of remembering which session the user was using. The easiest is using cookies, I normally use session_start to create a sesison and then session_id to get the session ID back. This session I store in the database and the cookie. This way I have a match as to which sessions are open. Subsequent session_starts() are only used to store small amounts of (semi) non-persistent data... such as information between forms.

Jules...

keith73

Originally posted by iges
Well, I konw about passing the id on url's, but i've also
read for security reasons it can done with out passing
the id on url. So I'm a bit confused... should I use a
hidden form field or something in that direction???...

Regards,
Iges.

regardless of how you pass it, it seems to me that your script isn't even passing it.

Step through the process. From what I can see by the code you posted, you only have one page that you are working with. If a cookie was set, then when you reload that page, session_start would automatically resume the session. Without cookies, you have to pass the SID back to that page. Simply reloading won't do it. Passing it as a hidden field only works if all of your navigation is using forms. If you want to maintain a session throughout your site, you need a cookie or to pass it via the URL.

There is a way to have PHP hide the SID from the browsers' location bar.
You have to compile PHP with session.use_trans_sid enabled.

http://www.php.net/manual/en/ref.session.php

keith

iges

Hi,

many thanks to those who share their
knowledge 😉 Got my sessions running😃

Regards,
Iges.