Session cookie doesn't work

Hi,

I'm working to use cookie to maintain session data across multiple
pages in PHP4.42. I have the following two scripts, where I think the
second file outputs a data in a session variable.

file 1 - test_1.php #####################

<?php
session_set_cookie_params(360 * 24 * 3600);
session_start();

$_SESSION['name'] = "Kevn";
?>

<a href="test_2.php?<php? echo SID ?>">Go next</a>

##########################################

file 2 - test_2.php ######################


<?php

session_start();
echo $_SESSION['name']; // Here I expect to show the word "Kevin"

?>


##########################################

phpinfo() tells me that
* Session Support enabled
* session.auto_start Off
* session.bug_compat_42 On
* session.bug_compat_warn On
* session.cache_expire 180
* session.cache_limiter nocache
* session.cookie_domain no value
* session.cookie_path /
* session.cookie_secure Off
* session.entropy_file no value
* session.entropy_length 0
* session.gc_divisor 100
* session.gc_maxlifetime 1440
* session.gc_probability 0
* session.name PHPSESSID
* session.referer_check no value
* session.save_handler files
* session.save_path /var/lib/php4
* session.use_cookies On
* session.use_only_cookies On
* session.use_trans_sid On

What am I missing?

In file 1, I also tried "<a href="test_2.php>Go next</a> .
I've been learning PHP using various books and websites. Still I don't
solve this issue.

Any help would be apprecaited.

Hey,

Your session will expire, regardless of the call to
session_set_cookie_params.
If you're looking to propagate a session across time, you should look at
keeping your session data in a database (google:
session_set_save_handler, there's a good tutorial on the zend site),
then calling a table row based on a cookie you set independently of the
session.

Based on the configuration you presented, I don't see why the following
code shouldn't give you the expected results:

## test1.php ##
<?php
session_start();
$_SESSION['name'] = 'Kevin';
?>
<a href="test2.php">test2</a>
###########

## test2.php ##
<?php
session_start();
echo $_SESSION['name'];
// If the above doesn't work, try doing a print_r($_SESSION) and let us
know what that brings up.
?>
###########

If for some reason I am not aware off, your typical setup doesn't
automatically save the session before exiting the script, you could try
ending your scripts with:
<?php
session_write_close();
?>


As a general tip, I suggest you set your error_reporting to E_ALL on
your development machine. That would print out a notice when a certain
index or key is not set in an array.


best regards,

Stijn


Teck wrote:
> Hi,
>
> I'm working to use cookie to maintain session data across multiple
> pages in PHP4.42. I have the following two scripts, where I think the
> second file outputs a data in a session variable.
>
> file 1 - test_1.php #####################
>
> <?php
> session_set_cookie_params(360 * 24 * 3600);
> session_start();
>
> $_SESSION['name'] = "Kevn";
> ?>
>
> <a href="test_2.php?<php? echo SID ?>">Go next</a>
>
> ##########################################
>
> file 2 - test_2.php ######################
>
>
> <?php
>
> session_start();
> echo $_SESSION['name']; // Here I expect to show the word "Kevin"
>
> ?>
>
>
> ##########################################
>
> phpinfo() tells me that
> * Session Support enabled
> * session.auto_start Off
> * session.bug_compat_42 On
> * session.bug_compat_warn On
> * session.cache_expire 180
> * session.cache_limiter nocache
> * session.cookie_domain no value
> * session.cookie_path /
> * session.cookie_secure Off
> * session.entropy_file no value
> * session.entropy_length 0
> * session.gc_divisor 100
> * session.gc_maxlifetime 1440
> * session.gc_probability 0
> * session.name PHPSESSID
> * session.referer_check no value
> * session.save_handler files
> * session.save_path /var/lib/php4
> * session.use_cookies On
> * session.use_only_cookies On
> * session.use_trans_sid On
>
> What am I missing?
>
> In file 1, I also tried "<a href="test_2.php>Go next</a> .
> I've been learning PHP using various books and websites. Still I don't
> solve this issue.
>
> Any help would be apprecaited.
>

Thanks Stijn for your advice.

I wonder if my "session.save_path /var/lib/php4" is correct. Who
should be the owner of the directory? Is there any permission settings
I need to care about?

I also consider "session.cookie_path /". After searching, it means
cookies are avaiable for all the directories under, let's say, http://www.example.com/
. So if I work only at http://example.com/myspace , would it be
better to change the path? What permissions are required to the path?

Sessions work when I use URL as paramers such as http://www.example.com?SESSID=3u498q7rtq34897
. But I want to make session cookies work.

- T

On Nov 26, 2007, at 8:12 PM, metastable wrote:

> Hey,
>
> Your session will expire, regardless of the call to
> session_set_cookie_params.
> If you're looking to propagate a session across time, you should
> look at keeping your session data in a database (google:
> session_set_save_handler, there's a good tutorial on the zend site),
> then calling a table row based on a cookie you set independently of
> the session.
>
> Based on the configuration you presented, I don't see why the
> following code shouldn't give you the expected results:
>
> ## test1.php ##
> <?php
> session_start();
> $_SESSION['name'] = 'Kevin';
> ?>
> <a href="test2.php">test2</a>
> ###########
>
> ## test2.php ##
> <?php
> session_start();
> echo $_SESSION['name'];
> // If the above doesn't work, try doing a print_r($_SESSION) and let
> us know what that brings up.
> ?>
> ###########
>
> If for some reason I am not aware off, your typical setup doesn't
> automatically save the session before exiting the script, you could
> try ending your scripts with:
> <?php
> session_write_close();
> ?>
>
>
> As a general tip, I suggest you set your error_reporting to E_ALL on
> your development machine. That would print out a notice when a
> certain index or key is not set in an array.
>
>
> best regards,
>
> Stijn
>
>
> Teck wrote:
>> Hi,
>>
>> I'm working to use cookie to maintain session data across multiple
>> pages in PHP4.42. I have the following two scripts, where I think
>> the second file outputs a data in a session variable.
>>
>> file 1 - test_1.php #####################
>>
>> <?php
>> session_set_cookie_params(360 * 24 * 3600);
>> session_start();
>>
>> $_SESSION['name'] = "Kevn";
>> ?>
>>
>> <a href="test_2.php?<php? echo SID ?>">Go next</a>
>>
>> ##########################################
>>
>> file 2 - test_2.php ######################
>>
>>
>> <?php
>>
>> session_start();
>> echo $_SESSION['name']; // Here I expect to show the word "Kevin"
>>
>> ?>
>>
>>
>> ##########################################
>>
>> phpinfo() tells me that
>> * Session Support enabled
>> * session.auto_start Off
>> * session.bug_compat_42 On
>> * session.bug_compat_warn On
>> * session.cache_expire 180
>> * session.cache_limiter nocache
>> * session.cookie_domain no value
>> * session.cookie_path /
>> * session.cookie_secure Off
>> * session.entropy_file no value
>> * session.entropy_length 0
>> * session.gc_divisor 100
>> * session.gc_maxlifetime 1440
>> * session.gc_probability 0
>> * session.name PHPSESSID
>> * session.referer_check no value
>> * session.save_handler files
>> * session.save_path /var/lib/php4
>> * session.use_cookies On
>> * session.use_only_cookies On
>> * session.use_trans_sid On
>>
>> What am I missing?
>>
>> In file 1, I also tried "<a href="test_2.php>Go next</a> .
>> I've been learning PHP using various books and websites. Still I
>> don't solve this issue.
>>
>> Any help would be apprecaited.
>>
>

Hey Teck,

If the session works when you append the session id to the URL, I would
think that the session_save_path is ok and writable.
You can assure yourself that it is indeed the case, by going to your
session.save_path and checking out the contents of the session files there.
Better practice might be to create a directory under /tmp, chmod it to
700 and use that as the session.save_path.
In general, it will be the user running apache that writes to all the
paths, so at least that user (probably apache:apache) needs read, write
and execute permissions for the directory.

I don't know anything about the cookie_path, and can't find a decent
explanation as to what it does at the moment.

I would say your browser rejects cookies, or is at least setup to reject
cookies from your domain (localhost, I assume). Could you check that out ?


Greetz,

Stijn



Teck wrote:
> Thanks Stijn for your advice.
>
> I wonder if my "session.save_path /var/lib/php4" is correct. Who
> should be the owner of the directory? Is there any permission settings
> I need to care about?
>
> I also consider "session.cookie_path /". After searching, it means
> cookies are avaiable for all the directories under, let's say,
> http://www.example.com/ . So if I work only at
> http://example.com/myspace , would it be better to change the path?
> What permissions are required to the path?
>
> Sessions work when I use URL as paramers such as
> http://www.example.com?SESSID=3u498q7rtq34897 . But I want to make
> session cookies work.
>
> - T
>
> On Nov 26, 2007, at 8:12 PM, metastable wrote:
>
>> Hey,
>>
>> Your session will expire, regardless of the call to
>> session_set_cookie_params.
>> If you're looking to propagate a session across time, you should look
>> at keeping your session data in a database (google:
>> session_set_save_handler, there's a good tutorial on the zend site),
>> then calling a table row based on a cookie you set independently of
>> the session.
>>
>> Based on the configuration you presented, I don't see why the
>> following code shouldn't give you the expected results:
>>
>> ## test1.php ##
>> <?php
>> session_start();
>> $_SESSION['name'] = 'Kevin';
>> ?>
>> <a href="test2.php">test2</a>
>> ###########
>>
>> ## test2.php ##
>> <?php
>> session_start();
>> echo $_SESSION['name'];
>> // If the above doesn't work, try doing a print_r($_SESSION) and let
>> us know what that brings up.
>> ?>
>> ###########
>>
>> If for some reason I am not aware off, your typical setup doesn't
>> automatically save the session before exiting the script, you could
>> try ending your scripts with:
>> <?php
>> session_write_close();
>> ?>
>>
>>
>> As a general tip, I suggest you set your error_reporting to E_ALL on
>> your development machine. That would print out a notice when a
>> certain index or key is not set in an array.
>>
>>
>> best regards,
>>
>> Stijn
>>
>>
>> Teck wrote:
>>> Hi,
>>>
>>> I'm working to use cookie to maintain session data across multiple
>>> pages in PHP4.42. I have the following two scripts, where I think
>>> the second file outputs a data in a session variable.
>>>
>>> file 1 - test_1.php #####################
>>>
>>> <?php
>>> session_set_cookie_params(360 * 24 * 3600);
>>> session_start();
>>>
>>> $_SESSION['name'] = "Kevn";
>>> ?>
>>>
>>> <a href="test_2.php?<php? echo SID ?>">Go next</a>
>>>
>>> ##########################################
>>>
>>> file 2 - test_2.php ######################
>>>
>>>
>>> <?php
>>>
>>> session_start();
>>> echo $_SESSION['name']; // Here I expect to show the word "Kevin"
>>>
>>> ?>
>>>
>>>
>>> ##########################################
>>>
>>> phpinfo() tells me that
>>> * Session Support enabled
>>> * session.auto_start Off
>>> * session.bug_compat_42 On
>>> * session.bug_compat_warn On
>>> * session.cache_expire 180
>>> * session.cache_limiter nocache
>>> * session.cookie_domain no value
>>> * session.cookie_path /
>>> * session.cookie_secure Off
>>> * session.entropy_file no value
>>> * session.entropy_length 0
>>> * session.gc_divisor 100
>>> * session.gc_maxlifetime 1440
>>> * session.gc_probability 0
>>> * session.name PHPSESSID
>>> * session.referer_check no value
>>> * session.save_handler files
>>> * session.save_path /var/lib/php4
>>> * session.use_cookies On
>>> * session.use_only_cookies On
>>> * session.use_trans_sid On
>>>
>>> What am I missing?
>>>
>>> In file 1, I also tried "<a href="test_2.php>Go next</a> .
>>> I've been learning PHP using various books and websites. Still I
>>> don't solve this issue.
>>>
>>> Any help would be apprecaited.
>>>
>>
>