Session variables - what's up?

Thanks, Massimo - I'll check it out....

--
Murray --- ICQ 71997575
Adobe Community Expert
(If you *MUST* email me, don't LAUGH when you do so!)
==================
http://www.projectseven.com/go - DW FAQs, Tutorials & Resources
http://www.dwfaq.com - DW FAQs, Tutorials & Resources
==================


"Massimo Foti" <massimo@massimocorner.com> wrote in message
news:fjkcbs$1h5$1@forums.macromedia.com...
>I haven't used PHP in the last few years, so I am just wild guessing, since
>I am not sure how PHP handles redirects and cookies these days.
>
> Is the redirect preventing any cookie to be set, including the one used to
> identify the session?
> A quick look at the cookies or the HTTP headers could help
>
> --
> ----------------------------
> Massimo Foti, web-programmer for hire
> Tools for ColdFusion and Dreamweaver developers:
> http://www.massimocorner.com
> ----------------------------
>
>

> Is the redirect preventing any cookie to be set

If I replace the redirect with a link to the other page, and click on the
link, the results are the same.

> A quick look at the cookies or the HTTP headers could help

The headers for the linked page are these -

Date: Mon, 10 Dec 2007 20:59:29 GMT
Server: Apache/2.2.3 (Red Hat) mod_fastcgi/2.4.2 DAV/2 mod_ssl/2.2.3
OpenSSL/0.9.8b SVN/1.4.2
X-Powered-By: PHP/5.1.6
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0,
pre-check=0
Pragma: no-cache
Connection: close
Transfer-Encoding: chunked
Content-Type: text/html; charset=UTF-8

200 OK

Not sure what to look for there.
--
Murray --- ICQ 71997575
Adobe Community Expert
(If you *MUST* email me, don't LAUGH when you do so!)
==================
http://www.projectseven.com/go - DW FAQs, Tutorials & Resources
http://www.dwfaq.com - DW FAQs, Tutorials & Resources
==================


"Massimo Foti" <massimo@massimocorner.com> wrote in message
news:fjkcbs$1h5$1@forums.macromedia.com...
>I haven't used PHP in the last few years, so I am just wild guessing, since
>I am not sure how PHP handles redirects and cookies these days.
>
> Is the redirect preventing any cookie to be set, including the one used to
> identify the session?
> A quick look at the cookies or the HTTP headers could help
>
> --
> ----------------------------
> Massimo Foti, web-programmer for hire
> Tools for ColdFusion and Dreamweaver developers:
> http://www.massimocorner.com
> ----------------------------
>
>

"Murray *ACE*" <forums@HAHAgreat-web-sights.com> wrote in message
news:fjkd56$2d7$1@forums.macromedia.com...
>> A quick look at the cookies or the HTTP headers could help
>
> The headers for the linked page are these -

You have to look at the values of the cookies sent by the browsers, either
by looking at the HTTP Request headers (not the response you posted) or the
tools available in FF (plus the ones added by many extensions).

If I remember well, the session identifier cookie in PHP should be named:
"PHPSESSID". The value for it must be the same accross different requests in
order for the session to persist

BTW Have you checked your browser is set to accept cookies?

Massimo

Massimo - cookies are enabled in both IE7 and FF2x.

Which FF tool will show me request headers?

I am seeing a cookie for the session called PHPSESSID, and its value is the
same on all the pages involved, but I am not seeing any other cookie....

--
Murray --- ICQ 71997575
Adobe Community Expert
(If you *MUST* email me, don't LAUGH when you do so!)
==================
http://www.projectseven.com/go - DW FAQs, Tutorials & Resources
http://www.dwfaq.com - DW FAQs, Tutorials & Resources
==================


"Massimo Foti" <massimo@massimocorner.com> wrote in message
news:fjkdr8$35v$1@forums.macromedia.com...
> "Murray *ACE*" <forums@HAHAgreat-web-sights.com> wrote in message
> news:fjkd56$2d7$1@forums.macromedia.com...
>>> A quick look at the cookies or the HTTP headers could help
>>
>> The headers for the linked page are these -
>
> You have to look at the values of the cookies sent by the browsers, either
> by looking at the HTTP Request headers (not the response you posted) or
> the tools available in FF (plus the ones added by many extensions).
>
> If I remember well, the session identifier cookie in PHP should be named:
> "PHPSESSID". The value for it must be the same accross different requests
> in order for the session to persist
>
> BTW Have you checked your browser is set to accept cookies?
>
> Massimo
>

"Murray *ACE*" <forums@HAHAgreat-web-sights.com> wrote in message
news:fjkecd$3on$1@forums.macromedia.com...
> Which FF tool will show me request headers?

I use this:
http://livehttpheaders.mozdev.org/



> I am seeing a cookie for the session called PHPSESSID, and its value is
> the same on all the pages involved, but I am not seeing any other
> cookie....

If the value for PHPSESSID is the same the session should persist.

Is any session working on your test server?
Have you tried the same code on another server?

Massimo

On Mon, 10 Dec 2007 16:36:13 -0500, "Murray *ACE*"
<forums@HAHAgreat-web-sights.com> wrote:

>I never see a value echoed - what's up with that?

Works for me. On the page you're re-directing to, is the session_start()
at the beginning of the file?

<?php
session_start();
?>
<!DOCTYPE ...

The session_start() call must appear before any content is sent to the
browser.

Gary

> Works for me. On the page you're re-directing to, is the session_start()
> at the beginning of the file?
>
> <?php
> session_start();
> ?>
> <!DOCTYPE ...
>
> The session_start() call must appear before any content is sent to the
> browser.

Yes. It's right at the start of the page.

--
Murray --- ICQ 71997575
Adobe Community Expert
(If you *MUST* email me, don't LAUGH when you do so!)
==================
http://www.projectseven.com/go - DW FAQs, Tutorials & Resources
http://www.dwfaq.com - DW FAQs, Tutorials & Resources
==================


"Gary White" <reply@newsgroup.please> wrote in message
news:1mfrl39m8cdjhaqqgafmvqm9a7r5fo28ip@4ax.com...
> On Mon, 10 Dec 2007 16:36:13 -0500, "Murray *ACE*"
> <forums@HAHAgreat-web-sights.com> wrote:
>
>>I never see a value echoed - what's up with that?
>
> Works for me. On the page you're re-directing to, is the session_start()
> at the beginning of the file?
>
> <?php
> session_start();
> ?>
> <!DOCTYPE ...
>
> The session_start() call must appear before any content is sent to the
> browser.
>
> Gary

--
Murray --- ICQ 71997575
Adobe Community Expert
(If you *MUST* email me, don't LAUGH when you do so!)
==================
http://www.projectseven.com/go - DW FAQs, Tutorials & Resources
http://www.dwfaq.com - DW FAQs, Tutorials & Resources
==================


"Massimo Foti" <massimo@massimocorner.com> wrote in message
news:fjkem0$40b$1@forums.macromedia.com...
> "Murray *ACE*" <forums@HAHAgreat-web-sights.com> wrote in message
> news:fjkecd$3on$1@forums.macromedia.com...
>> Which FF tool will show me request headers?
>
> I use this:
> http://livehttpheaders.mozdev.org/

Cool - OK, I'll grab it.

>
>
>
>> I am seeing a cookie for the session called PHPSESSID, and its value is
>> the same on all the pages involved, but I am not seeing any other
>> cookie....
>
> If the value for PHPSESSID is the same the session should persist.
>
> Is any session working on your test server?

Yes. I have other code (from David Powers) that is working!

FILE1
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
" http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns=" http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Session test 1</title>
</head>

<body>
<form id="form1" name="form1" method="post" action="test2-session2.php">
<p>
<label for="name">Name:</label>
<input type="text" name="name" id="name" />
</p>
<p>
<input type="submit" name="button" id="button" value="Submit" />
</p>
</form>
</body>
</html>


FILE2

<?php
// initiate session
session_start();
// check that form has been submitted and that name is not empty
if ($_POST && !empty($_POST['name'])) {
// set session variable
$_SESSION['name'] = $_POST['name'];
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
" http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns=" http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Session test 2</title>
</head>

<body>
<?php
// check session variable is set
if (isset($_SESSION['name'])) {
//if set, greet by name
echo 'Hi, '.$_SESSION['name'].'. <a href="session3.php">Next</a>';
}
else {
// if not set, send back to login
echo 'Who are you? <a href="session1.php">Login</a>';
}
?>
</body>
</html>

Admittedly, it's not the same thing, since this is reading the value from
$_POST, but it is working.

> Have you tried the same code on another server?

No.

>
> Massimo
>

Can you get to that site, Massimo? It just times out for me....

--
Murray --- ICQ 71997575
Adobe Community Expert
(If you *MUST* email me, don't LAUGH when you do so!)
==================
http://www.projectseven.com/go - DW FAQs, Tutorials & Resources
http://www.dwfaq.com - DW FAQs, Tutorials & Resources
==================


"Massimo Foti" <massimo@massimocorner.com> wrote in message
news:fjkem0$40b$1@forums.macromedia.com...
> "Murray *ACE*" <forums@HAHAgreat-web-sights.com> wrote in message
> news:fjkecd$3on$1@forums.macromedia.com...
>> Which FF tool will show me request headers?
>
> I use this:
> http://livehttpheaders.mozdev.org/
>
>
>
>> I am seeing a cookie for the session called PHPSESSID, and its value is
>> the same on all the pages involved, but I am not seeing any other
>> cookie....
>
> If the value for PHPSESSID is the same the session should persist.
>
> Is any session working on your test server?
> Have you tried the same code on another server?
>
> Massimo
>

.oO(Murray *ACE*)

>Can you get to that site, Massimo? It just times out for me....

There's also an online tool to check request and response headers:

http://web-sniffer.net

Micha

.oO(Massimo Foti)

>If I remember well, the session identifier cookie in PHP should be named:
>"PHPSESSID". The value for it must be the same accross different requests in
>order for the session to persist

The name can be changed to whatever you like with session_name().

Micha

Micha:

Do you have any ideas why that code would be failing?

--
Murray --- ICQ 71997575
Adobe Community Expert
(If you *MUST* email me, don't LAUGH when you do so!)
==================
http://www.projectseven.com/go - DW FAQs, Tutorials & Resources
http://www.dwfaq.com - DW FAQs, Tutorials & Resources
==================


"Michael Fesser" <netizen@gmx.de> wrote in message
news:h8btl39nua9ri8ibjud1sh3f2k0p0pp2dq@4ax.com...
> .oO(Murray *ACE*)
>
>>Can you get to that site, Massimo? It just times out for me....
>
> There's also an online tool to check request and response headers:
>
> http://web-sniffer.net
>
> Micha

.oO(Murray *ACE*)

>I have a page with this markup -
>
><?php
>
>session_start();
>
>$_SESSION['usertype'] = 2;
>
>header("Location: s_support-repair-parts.php");

Full URL please.

>exit();
>
>?>
>
>The page redirects to a new page containing this markup -
>
><?php session_start(); ?>
>...
><?php
>echo "User is type: " . $_SESSION['usertype'];
>...
>?>
>
>I never see a value echoed - what's up with that?

Do you use session cookies? If not, the SID will be lost on the
redirect. You would have to append the magic constant "SID" by hand to
the redirection URL.

Micha

Even when I change that initial page to a simple link rather than a
redirection, it still fails.

Full link is here -

http://76.12.89.239/test-session2.php

Markup =

<?php

session_start();

$_SESSION['usertype'] = 2;

//header("Location: test-session2b.php");

?>
<html>
<head>
</head>
<body>
<p><a href="test-session2b.php">Click</a></p>
</body>
</html>

LINKED PAGE MARKUP -

<?php

session_start();

?>

<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
" http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns=" http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Untitled Document</title>
<meta http-equiv="imagetoolbar" content="no" />
<meta name="MSSmartTagsPreventParsing" content="TRUE" />
<meta name="robots" content="index,follow" />
</head>

<body>
<p>The session variable has a value of - <?php echo $_SESSION['usertype'];
?></p>
</body>
</html>

--
Murray --- ICQ 71997575
Adobe Community Expert
(If you *MUST* email me, don't LAUGH when you do so!)
==================
http://www.projectseven.com/go - DW FAQs, Tutorials & Resources
http://www.dwfaq.com - DW FAQs, Tutorials & Resources
==================


"Michael Fesser" <netizen@gmx.de> wrote in message
news:55btl3hf2sta6saaifav84r4qse64qktth@4ax.com...
> .oO(Murray *ACE*)
>
>>I have a page with this markup -
>>
>><?php
>>
>>session_start();
>>
>>$_SESSION['usertype'] = 2;
>>
>>header("Location: s_support-repair-parts.php");
>
> Full URL please.
>
>>exit();
>>
>>?>
>>
>>The page redirects to a new page containing this markup -
>>
>><?php session_start(); ?>
>>...
>><?php
>>echo "User is type: " . $_SESSION['usertype'];
>>...
>>?>
>>
>>I never see a value echoed - what's up with that?
>
> Do you use session cookies? If not, the SID will be lost on the
> redirect. You would have to append the magic constant "SID" by hand to
> the redirection URL.
>
> Micha

.oO(Murray *ACE*)

>Even when I change that initial page to a simple link rather than a
>redirection, it still fails.

What's the setting of 'session.use_trans_sid', 'session.use_cookies' and
'session.use_only_cookies' (check phpinfo())?

With transSID enabled, PHP would automagically append the session ID to
your link, but it seems as if it's disabled.

Micha

Micha:

I'm not sure where to look for those, but a quick perusal doesn't find
them....

http://76.12.89.239/info.php

Curiously, I have these two pages -

http://76.12.89.239/test2-session1.php
http://76.12.89.239/test2-session2.php

(the code on the second page follows)

<?php
// initiate session
session_start();
// check that form has been submitted and that name is not empty
if ($_POST && !empty($_POST['name'])) {
// set session variable
$_SESSION['name'] = $_POST['name'];
}
?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN"
" http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns=" http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=utf-8" />
<title>Session test 2</title>
</head>

<body>
<?php
// check session variable is set
if (isset($_SESSION['name'])) {
//if set, greet by name
echo 'Hi, '.$_SESSION['name'].'. <a href="session3.php">Next</a>';
}
else {
// if not set, send back to login
echo 'Who are you? <a href="session1.php">Login</a>';
}
?>
</body>
</html>

And those two pages work!


--
Murray --- ICQ 71997575
Adobe Community Expert
(If you *MUST* email me, don't LAUGH when you do so!)
==================
http://www.projectseven.com/go - DW FAQs, Tutorials & Resources
http://www.dwfaq.com - DW FAQs, Tutorials & Resources
==================


"Michael Fesser" <netizen@gmx.de> wrote in message
news:p2ctl3hc5i2o9rh88v83tbte2m6avb3hfv@4ax.com...
> .oO(Murray *ACE*)
>
>>Even when I change that initial page to a simple link rather than a
>>redirection, it still fails.
>
> What's the setting of 'session.use_trans_sid', 'session.use_cookies' and
> 'session.use_only_cookies' (check phpinfo())?
>
> With transSID enabled, PHP would automagically append the session ID to
> your link, but it seems as if it's disabled.
>
> Micha

Murray *ACE* wrote:
> And those two pages work!

Sessions obviously work. However, your server has display_errors turned
off. It's possible that there's a control character or whitespace before
the call to session_start(). Put this at the very top of both pages:

<?php ini_set('display_errors', '1'); ?>

See if you get any error messages.

--
David Powers, Adobe Community Expert
Author, "The Essential Guide to Dreamweaver CS3" (friends of ED)
Author, "PHP Solutions" (friends of ED)
http://foundationphp.com/

.oO(Murray *ACE*)

BTW: With the "Full URL please." from my first reply I just meant the
Location header - the HTTP spec requires a full URL there. But that's
just a side note.

>I'm not sure where to look for those, but a quick perusal doesn't find
>them....
>
> http://76.12.89.239/info.php

Down in the 'session' section:

session.use_cookies On On
session.use_only_cookies Off Off
session.use_trans_sid 0 0

This means that PHP will try to set a cookie. If the browser accepts it,
the session should work. But if you reject the cookie, the session won't
work. TransSID is disabled, so PHP will not automatically append the SID
to your links.

>Curiously, I have these two pages -
>
> http://76.12.89.239/test2-session1.php
> http://76.12.89.239/test2-session2.php
>
>(the code on the second page follows)
>[snipped]
>
>And those two pages work!

Hmm, not exactly. If I enter something, it's submitted to the second
page and shown there. The second page also wants to set the session
cookie, which I accept. But - if I now reload the second page without
submitting the POST data again, the session seems to be lost again,
while instead it should show my name again.

David gave a good hint. See if you get an error message somewhere.

Micha

On Mon, 10 Dec 2007 17:53:13 -0500, "Murray *ACE*"
<forums@HAHAgreat-web-sights.com> wrote:

>
>Yes. It's right at the start of the page.

Can you make copies of both pages with a .txt extension and upload
those? If that would expose sensitive information, e-mail them to me if
you want and I'll look deeper.

Gary

Thanks, David - looks like that has uncovered something (this from the
test-session2.php page) -

Warning: session_start() [function.session-start]:
open(/var/lib/php/session/vservers/squarewheeli/tmp/sess_t9e4u778e1pmnfaqp80g72j9d4,
O_RDWR) failed: Permission denied (13) in
/vservers/squarewheeli/htdocs/test-session2.php on line 4

Click

Warning: Unknown:
open(/var/lib/php/session/vservers/squarewheeli/tmp/sess_t9e4u778e1pmnfaqp80g72j9d4,
O_RDWR) failed: Permission denied (13) in Unknown on line 0

Warning: Unknown: Failed to write session data (files). Please verify that
the current setting of session.save_path is correct
(/var/lib/php/session/vservers/squarewheeli/tmp) in Unknown on line 0

And then, when I click, this from the subsequent page -

Warning: session_start() [function.session-start]:
open(/var/lib/php/session/vservers/squarewheeli/tmp/sess_t9e4u778e1pmnfaqp80g72j9d4,
O_RDWR) failed: Permission denied (13) in
/vservers/squarewheeli/htdocs/test-session2b.php on line 4

The session variable has a value of -
Notice: Undefined index: usertype in
/vservers/squarewheeli/htdocs/test-session2b.php on line 19

Warning: Unknown:
open(/var/lib/php/session/vservers/squarewheeli/tmp/sess_t9e4u778e1pmnfaqp80g72j9d4,
O_RDWR) failed: Permission denied (13) in Unknown on line 0

Warning: Unknown: Failed to write session data (files). Please verify that
the current setting of session.save_path is correct
(/var/lib/php/session/vservers/squarewheeli/tmp) in Unknown on line 0

--
Murray --- ICQ 71997575
Adobe Community Expert
(If you *MUST* email me, don't LAUGH when you do so!)
==================
http://www.projectseven.com/go - DW FAQs, Tutorials & Resources
http://www.dwfaq.com - DW FAQs, Tutorials & Resources
==================


"David Powers" <david@example.com> wrote in message
news:fjmddh$c4d$1@forums.macromedia.com...
> Murray *ACE* wrote:
>> And those two pages work!
>
> Sessions obviously work. However, your server has display_errors turned
> off. It's possible that there's a control character or whitespace before
> the call to session_start(). Put this at the very top of both pages:
>
> <?php ini_set('display_errors', '1'); ?>
>
> See if you get any error messages.
>
> --
> David Powers, Adobe Community Expert
> Author, "The Essential Guide to Dreamweaver CS3" (friends of ED)
> Author, "PHP Solutions" (friends of ED)
> http://foundationphp.com/

.oO(Murray *ACE*)

>Thanks, David - looks like that has uncovered something (this from the
>test-session2.php page) -
>
>Warning: session_start() [function.session-start]:
>open(/var/lib/php/session/vservers/squarewheeli/tmp/sess_t9e4u778e1pmnfaqp80g72j9d4,
>O_RDWR) failed: Permission denied (13) in
>/vservers/squarewheeli/htdocs/test-session2.php on line 4

This explains a lot. The web server is not allowed to store the session
file on disk. Usually you want to change the session directory to
something below your own home directory, where you can then set the
required permissions. See session_save_path(). Or try to change the
permissions of the directory above if this should be your own server.

Micha

It's not my own server, unfortunately. I'll contact the host....

Thanks for sticking with me on this to all of you. I'll post the results
when I get them.

--
Murray --- ICQ 71997575
Adobe Community Expert
(If you *MUST* email me, don't LAUGH when you do so!)
==================
http://www.projectseven.com/go - DW FAQs, Tutorials & Resources
http://www.dwfaq.com - DW FAQs, Tutorials & Resources
==================


"Michael Fesser" <netizen@gmx.de> wrote in message
news:pvjtl3phuiucsse6gebn254gi4nul3f01m@4ax.com...
> .oO(Murray *ACE*)
>
>>Thanks, David - looks like that has uncovered something (this from the
>>test-session2.php page) -
>>
>>Warning: session_start() [function.session-start]:
>>open(/var/lib/php/session/vservers/squarewheeli/tmp/sess_t9e4u778e1pmnfaqp80g72j9d4,
>>O_RDWR) failed: Permission denied (13) in
>>/vservers/squarewheeli/htdocs/test-session2.php on line 4
>
> This explains a lot. The web server is not allowed to store the session
> file on disk. Usually you want to change the session directory to
> something below your own home directory, where you can then set the
> required permissions. See session_save_path(). Or try to change the
> permissions of the directory above if this should be your own server.
>
> Micha