PHP prevents fopen of session files

Rex__

I can't get session information from the cookie directly, as it's on another domain and IE prevents cookies from being read from different domains.

For some odd reason I can still get the session id. This is very useful as it can let me open the session file on the server, in theory.

The problem is that php seems to be preventing me from reading the session file from a script located on the same domain that it was set. I can access it if i place the script on any other domain except the one from which i set the session.

Does anyone know how to get around this problem, which I assume is a security precaution?

Rex__

I still can't seem to open the session file. 🙁

It's my understanding that when a user starts a session, a copy of the cookie is saved on the server. I can get the session id from the client, which lets me find which session file they are using. I can then open it in a text editor and look at it. There is nothing wrong with the file, and it's not locked.

At first I thought the session file was locked, since the script was using it. fopen() returns a handle when I open it for reading though, so it must be accessible.

fread returns nothing. function_exists("fread") returns true.

I don't know if the module is run in safe_mode or not, but if function_exists("fread") returns true then it should work regardless.

I am at my wits end. It frustrating not being able to open a simple text file on my own server from a script on the same server!

Here's the sloppy function that i am using. It works when I run it on my server from other domains (virtualhosted domains). It would be more clean with regular expressions, but I am not good with those:

function get_session_value_from_file($pid,$skey) {
//takes the session id and the key and returns it's value of the key from the server side cookie
	$filename = "C:\\\\Apache2\\\\session\\\\sess_".$pid; //valid windows session folder path
	$handle = fopen($filename, "rb");
	$contents = fread($handle, filesize($filename));
	fclose ($handle);
	$tmpval=explode(";",$contents);
	//now find key...
	for($i=0;$i<count($tmpval);$i++) {
		$tmpval2=explode("|",$tmpval[$i]);
		if ($tmpval2[0]==$skey) {
			$newval=explode("\"",$tmpval[$i]);
			return $newval[1];
		}
	}
	return false;
}

The reason that I have to do all this is that I am trying to access cookies from multiple domains on the same server. For some reason I can get the session_id(), but not session variables. In the function above, fopen works, but fread doesn't return anything unless the page is on another domain than where the session was started.

Rex__

I'm going nuts trying to figure this out. I've been surfing the web looking for solutions but I can't find a solution.

I found a post on another board where the guy has the same problem (fread() won't work) at http://www.phpbuilder.com/lists/php-general/2001041/1983.php but nobody seemed to offer him a solution either.

Rex__

please help 🙁