sessions across directories

Anon

Hi!
if a register a session variable inside a directory ... will i be able access the same across another direcory ...

my directory structure is something like this ...

i register a session variable "user" inside the file login.php ...when i try to print the same inside the file test.php it doesn't display anything ..
does anyone know why is it so ...??

thanks,
danny

Anon

If you use a cookie to maintain the session
state the answer is simple:

According to the cookies specification, a
cookie is always bound to some path. The
"/" path is always the most general path
and it causes the cookie to be valid for
all paths beneath it. Other paths causes
the cookie to be valid only when the
requested URL is under them.

For example: Suppose that your session
has registered a special 'session_id'
cookie under the /signup/ path. This means
that this cookie will be valid only for
URLs that are under this path. In order
to make the 'session_id' cookie valid for
all URLs in the site, you need to do one
of the following:

(simplest) - do the signup in the root
path. Will cause the cookie to be registered
under the root path so it will be valid for
all URLs under the site.

(more difficult) - Make sure that your
session_id cookie is registered with the
'path' attribute being "/".

Here is what the cookies spec has to say
about it (note the 'path' section):

A cookie is introduced to the client by including a Set-Cookie header as part of an HTTP response, typically this will be generated by a CGI script.

Syntax of the Set-Cookie HTTP Response Header

This is the format a CGI script would use to add to the HTTP headers a new piece of data which is to be stored by the client for later retrieval.

Set-Cookie: NAME=VALUE; expires=DATE;
path=PATH; domain=DOMAIN_NAME; secure

NAME=VALUE
This string is a sequence of characters excluding semi-colon, comma and white space. If there is a need to place such data in the name or value, some encoding method such as URL style %XX encoding is recommended, though no encoding is defined or required.
This is the only required attribute on the Set-Cookie header.

expires=DATE
The expires attribute specifies a date string that defines the valid life time of that cookie. Once the expiration date has been reached, the cookie will no longer be stored or given out.
The date string is formatted as:

Wdy, DD-Mon-YYYY HH:MM:SS GMT
This is based on RFC 822, RFC 850, RFC 1036, and RFC 1123, with the variations that the only legal time zone is GMT and the separators between the elements of the date must be dashes.
expires is an optional attribute. If not specified, the cookie will expire when the user's session ends.

Note: There is a bug in Netscape Navigator version 1.1 and earlier. Only cookies whose path attribute is set explicitly to "/" will be properly saved between sessions if they have an expires attribute.

domain=DOMAIN_NAME
When searching the cookie list for valid cookies, a comparison of the domain attributes of the cookie is made with the Internet domain name of the host from which the URL will be fetched. If there is a tail match, then the cookie will go through path matching to see if it should be sent. "Tail matching" means that domain attribute is matched against the tail of the fully qualified domain name of the host. A domain attribute of "acme.com" would match host names "anvil.acme.com" as well as "shipping.crate.acme.com".
Only hosts within the specified domain can set a cookie for a domain and domains must have at least two (2) or three (3) periods in them to prevent domains of the form: ".com", ".edu", and "va.us". Any domain that fails within one of the seven special top level domains listed below only require two periods. Any other domain requires at least three. The seven special top level domains are: "COM", "EDU", "NET", "ORG", "GOV", "MIL", and "INT".

The default value of domain is the host name of the server which generated the cookie response.

path=PATH
The path attribute is used to specify the subset of URLs in a domain for which the cookie is valid. If a cookie has already passed domain matching, then the pathname component of the URL is compared with the path attribute, and if there is a match, the cookie is considered valid and is sent along with the URL request. The path "/foo" would match "/foobar" and "/foo/bar.html". The path "/" is the most general path.
If the path is not specified, it as assumed to be the same path as the document being described by the header which contains the cookie.

secure
If a cookie is marked secure, it will only be transmitted if the communications channel with the host is a secure one. Currently this means that secure cookies will only be sent to HTTPS (HTTP over SSL) servers.
If secure is not specified, a cookie is considered safe to be sent in the clear over unsecured channels.

Anon

hello,
Thanks for your suggestion.
but my problem is .. i do not set a cookie explicitly ...(since it is done by php..when i say session_start())

i have used a php function called session_save_path(string path);
since it allows me to specify the path for the cookie ...

my present path says it is /tmp

what should be my path if i want my session to be valid throught the site ... or is there any other method ...

thanks,
danny

Anon

What you did is a mistake. The session_save_path() function does not refer to the
'path' attribute of the session cookie. It refers to the path used to
store temporary session files on the web server.

You need to set the 'path' attribute of the session cookie to "/" . For this
take a look at the session_set_cookie_params() function, it is located in the following URL: http://www.phpbuilder.com/manual/function.session-set-cookie-params.php
That's where you need to set the path attribute.

Good luck