[RESOLVED] PHP Session Problem

PHP321

I have a 3-page order process I created for a client using my own website for initial development and testing. It is a Windows NT server with PHP 4.4.1 on it. When everything was working as desired, I copied it to my clients website -- which is Linux with PHP 5.2.4 on it. The problem now is that the $SESSION data is not recovered when moving from page to page. Within the same page the $SESSION data is recoverable but disappears as soon as the process moves to the next page. The following is what my debug codes shows while on the first page:

SESSION_NAME=PHPSESSID
SESSION_ID=85aab42b46e387d63b78bb17ed4b49b5

POST: Array
(
    [FirstOrder] => YES
    [PROD_CD_5_99] => 
    [PROD_SS_5_99] => 
    [PROD_WG_5_99] => 4
    [TOTAL] => $23.96
    [SubmitPage1] => CONTINUE
)

COOKIE: Array
(
    [PHPSESSID] => 85aab42b46e387d63b78bb17ed4b49b5
)

SESSION: Array
(
    [FirstOrder] => YES
    [page1] => Array
        (
            [PROD_WG_5_99] => 4
        )

)

This is what my debug code shows first thing on the next page -- note that the session cookie is present but the page 1 data is missing from the $_SESSION array:

SESSION_NAME=PHPSESSID
SESSION_ID=85aab42b46e387d63b78bb17ed4b49b5

GET: Array
(
)

COOKIE: Array
(
    [PHPSESSID] => 85aab42b46e387d63b78bb17ed4b49b5
)

SESSION: Array
(
    [page2] => Array
        (
        )

)

Lastly, in case you wonder, my debug code is an include file which looks like this:

<?php
echo '<pre>SESSION_NAME='.session_name()."\n";
echo 'SESSION_ID='.$_REQUEST[session_name()]."\n";
echo '</pre>'."\n";
//
if ($_SERVER['REQUEST_METHOD'] != 'POST'){
	echo '<pre>GET: ';
	print_r($_GET);
	echo '</pre>'."\n";
}else{
	echo '<pre>POST: ';
	print_r($_POST);
	echo '</pre>'."\n";
}
//
echo '<pre>COOKIE: ';
print_r($_COOKIE);
echo '</pre>'."\n";
//
echo '<pre>SESSION: ';
print_r($_SESSION);
echo '</pre>'."\n";
?>

...and the beginning of page 2 looks like this:

<?php
if(!isset($_REQUEST[session_name()])
|| empty($_REQUEST[session_name()])):
	if ($_SERVER['HTTPS'] == 'on'):
		$url = 'https://';
	else:
		$url = 'http://';
	endif;
	$url = $url . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . '/order1.php';
	header("Location: {$url}");
	exit;
endif;
ini_set('url_rewriter.tags', ''); // Tells the URL rewriter not to change anything
ini_set('session.use_trans_sid', '0'); // Disables transparent SID support
ini_set('session.use_only_cookies', '1');
session_start();

Lastly, from phpinfo():

Directive	Local Value	Master Value
----------	----------------	----------------
session.auto_start	Off	Off
session.bug_compat_42	Off	Off
session.bug_compat_warn	On	On
session.cache_expire	180	180
session.cache_limiter	nocache	nocache
session.cookie_domain	no value	no value
session.cookie_httponly	Off	Off
session.cookie_lifetime	0	0
session.cookie_path	/	/
session.cookie_secure	Off	Off
session.entropy_file	no value	no value
session.entropy_length	0	0
session.gc_divisor	100	100
session.gc_maxlifetime	1440	1440
session.gc_probability	1	1
session.hash_bits_per_character	4	4
session.hash_function	0	0
session.name	PHPSESSID	PHPSESSID
session.referer_check	no value	no value
session.save_handler	files	files
session.save_path	/var/php_sessions	/var/php_sessions
session.serialize_handler	php	php
session.use_cookies	On	On
session.use_only_cookies	Off	Off
session.use_trans_sid	1	1

Any ideas?

PHP321

Also, this is the code which transfers from the first page:

if (strlen($errors) == 0){
	session_write_close();				// added for PHP 5.2.4 on Linux
	if ($_SERVER['HTTPS'] == 'on'){
		$url = 'https://';
	}else{
		$url = 'http://';
	}
	$url = $url . $_SERVER['HTTP_HOST'] . dirname($_SERVER['PHP_SELF']) . '/order2.php';
	header("Location: {$url}");
	exit;
}

Anything else you'd need to know?

PHP321

Update: I got my client to downgrade to PHP 4.4.7 but the same problem is still exhibiting itself. Thus, it would seem this is not a bug in PHP but, rather, some kind of configuration issue.

So, the moderators can move this out of the PHP5 forum, I guess. But, now what?

PHP321

Guess, I'm out of luck. Eh? So I'll be forced to save the data in my own file and restore the data myself.

Jack_McSlay

I'm curious, don't see the code writing to the session anywhere. To me it looks like you're overwriting the page1's session data with an empty array.

And no offense, but trying to convince your client to downgrade to an obsolete and discontinued software sounds plain unprofessional

PHP321

Jack McSlay wrote:
And no offense, but trying to convince your client to downgrade to an obsolete and discontinued software sounds plain unprofessional

You're an assumptious and insultive sort of person, eh? Relax. It was a temporary move (since offered by the provider) to eliminate the possibility of a bug in PHP5. Grief! Some people. :rolleyes:

Jack McSlay wrote:
I'm curious, don't see the code writing to the session anywhere. To me it looks like you're overwriting the page1's session data with an empty array.

Well, I guess if you're going to assume that I'm unprofessional enough to "force" a permanent downgrade on a client then you'd be justified in assuming I'd be stupid enough to overwrite my own data. NOT!

Anyway... I've written my own save and restore session data and the client is happy now.

PHP321

OK, here are the pertinent messages from the error log. My guess wasn't too far off.

PHP Warning: session_start() [<a href='function.session-start'>function.session-start</a>]: open(/var/php_sessions/sess_06031d2193e9366e374524ebb446f1ea, O_RDWR) failed: No such file or directory (2) in /hermes/bosweb/web241/b2410/sl.pacificb/public_html/orders/order2.php on line 13

PHP Warning: session_write_close() [<a href='function.session-write-close'>function.session-write-close</a>]: open(/var/php_sessions/sess_06031d2193e9366e374524ebb446f1ea, O_RDWR) failed: No such file or directory (2) in /hermes/bosweb/web241/b2410/sl.pacificb/public_html/orders/order2.php on line 56

Question is, what is the correct course of action from this point? My client's site is, apparently, only managed through a control panel. Meaning, I don't think there is the ability to create the folder specified in the /var/ directory.

I can create a folder called php_sessions in my client's home folder (one above the public html folder), but what would the correct permissions combination be for such a folder? Then, I guess I just need to change the php.ini file to specify:

session.save_path = '/hermes/bosweb/web241/b2410/sl.pacificb/php_sessions'

Is that all there is to it?

Jack_McSlay

then the best course of action if to chown the directory to whatever user apache is running on and chmod it to 600

PHP321

Jack McSlay wrote:
then the best course of action if to chown the directory to whatever user apache is running on and chmod it to 600

chown? Change ownership? (I'm not a Linux admin type.) I don't see a method for doing that via this control panel.

PHP321

OK, it is all working now. I created the folder with 660 permissions (because I couldn't change the ownership of the folder) and I updated the php.ini file. When I tried it, I got a permissions error. So, I tried 770 and it worked. Thanks.