sessions being destroyed prematurely

Hi,
I have a very specific problem that perhaps some of the smart people
here can figure out. I have a site based on PHP with some Java
applets on it. The session variables are being destroyed
prematurely. We are running Apache2 with PHP 5.

On the site, there is a PHP session variable that holds login
information. If you go to any page on the site, the session variables
remain intact... except the pages with Java applets. Every one of our
applets send POST and GET requests to the server and retrieve the
resulting php output.
Our group has determined that $_SESSION gets set to an empty array
exactly when getInputstream() is called by the applet's UrlConnection
class, regardless if the requests happen. The PHP session cookie is
not deleted though.
Interestingly, when sending a request via prototype's Ajax.Request,
the session variable still remain intact. Only the Java applets are
causing problems.

Is this problem familiar to anyone at all? I would really appreciate
any help.

One more (possible) piece of the puzzle: our IT installed the
following PHP modules around the time the problem started happening.
php5-pgsql
php5-suhosin
php5-uuid
php5-ps
php5-sqlite3
php5-pgsql
php5-mhash
php5-cli

Lee wrote:
> Hi,
> I have a very specific problem that perhaps some of the smart people
> here can figure out. I have a site based on PHP with some Java
> applets on it. The session variables are being destroyed
> prematurely. We are running Apache2 with PHP 5.
>
> On the site, there is a PHP session variable that holds login
> information. If you go to any page on the site, the session variables
> remain intact... except the pages with Java applets. Every one of our
> applets send POST and GET requests to the server and retrieve the
> resulting php output.
> Our group has determined that $_SESSION gets set to an empty array
> exactly when getInputstream() is called by the applet's UrlConnection
> class, regardless if the requests happen. The PHP session cookie is
> not deleted though.
> Interestingly, when sending a request via prototype's Ajax.Request,
> the session variable still remain intact. Only the Java applets are
> causing problems.
>
> Is this problem familiar to anyone at all? I would really appreciate
> any help.
>
> One more (possible) piece of the puzzle: our IT installed the
> following PHP modules around the time the problem started happening.
> php5-pgsql
> php5-suhosin
> php5-uuid
> php5-ps
> php5-sqlite3
> php5-pgsql
> php5-mhash
> php5-cli

Java applets can't access (at least not easily) PHP session information.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

> Java applets can't access (at least not easily) PHP session information.

The applet is not accessing the information actually--thank you for
prompting me to clarify.

The target PHP files carry session information themselves and return
specific data which are determined by their session information and
the applet's post/get variables. Thus, the applet never holds the
session variables.

Hi,

You may need to add a <param> with the session ID. For example:

<param name="sessionId" value="<?php echo htmlentities(session_id()) ?
>">

When you connect back to the site add "PHPSESSID=" +
getParameter("sessionId") to the URL or POST data.

Regards,

John Peters

On May 27, 3:32 pm, Lee <lsk...@gmail.com> wrote:
> Hi,
> I have a very specific problem that perhaps some of the smart people
> here can figure out. I have a site based on PHP with some Java
> applets on it. The session variables are being destroyed
> prematurely. We are running Apache2 with PHP 5.
>
> On the site, there is a PHP session variable that holds login
> information. If you go to any page on the site, the session variables
> remain intact... except the pages with Java applets. Every one of our
> applets send POST and GET requests to the server and retrieve the
> resulting php output.
> Our group has determined that $_SESSION gets set to an empty array
> exactly when getInputstream() is called by the applet's UrlConnection
> class, regardless if the requests happen. The PHP session cookie is
> not deleted though.
> Interestingly, when sending a request via prototype's Ajax.Request,
> the session variable still remain intact. Only the Java applets are
> causing problems.
>
> Is this problem familiar to anyone at all? I would really appreciate
> any help.
>
> One more (possible) piece of the puzzle: our IT installed the
> following PHP modules around the time the problem started happening.
> php5-pgsql
> php5-suhosin
> php5-uuid
> php5-ps
> php5-sqlite3
> php5-pgsql
> php5-mhash
> php5-cli

Lee wrote:
>> Java applets can't access (at least not easily) PHP session information.
>
> The applet is not accessing the information actually--thank you for
> prompting me to clarify.
>
> The target PHP files carry session information themselves and return
> specific data which are determined by their session information and
> the applet's post/get variables. Thus, the applet never holds the
> session variables.

It seems that what Jerry meant, was that java applets do not transmit
proper headers, that informs the php server what session files to use.
Since PHP does not receive the session id, it creates new session, that
is why you got an empty array - it's a new one.

Try checking headers, you will see the difference there.

As it's suggested in the other reply, you will need to force passing
some extra data. You can use both POST and GET requests to pass session
id to PHP

best regards
Piotr N

Lee wrote:
>> Java applets can't access (at least not easily) PHP session information.
>
> The applet is not accessing the information actually--thank you for
> prompting me to clarify.
>
> The target PHP files carry session information themselves and return
> specific data which are determined by their session information and
> the applet's post/get variables. Thus, the applet never holds the
> session variables.

OK, in that case you can do it. But again, you need a little help.

The PHP session id is typically stored in a cookie. Your java applet
will need to pass this information back to the PHP page. You can get
the cookie in your applet and pass it on in the header, or you can pass
it as a hidden field as a post value or in the url as a get value.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

Thank you all.

Just to clarify, simply adding in PHPSESSID into the request variables
will set the session? Or do I need to so something like
<?
session_start();
if(isset($_REQUEST['PHPSESSID']))
session_name($_REQUEST['PHPSESSID']);
?>
?

I will try this or whatever you suggest, thanks!

Lee wrote:
> Thank you all.
>
> Just to clarify, simply adding in PHPSESSID into the request variables
> will set the session? Or do I need to so something like
> <?
> session_start();
> if(isset($_REQUEST['PHPSESSID']))
> session_name($_REQUEST['PHPSESSID']);
> ?>
> ?
>
> I will try this or whatever you suggest, thanks!

It depends on your hosting company setup. If it allows the session id
to be in the URL (i.e. session.use_only_cookies NOT set to 1 in your
php.ini file), putting it in the URL should be all you need. You can
check this by disabling cookies in your browser and accessing the PHP
pages in your site (not using the java pages).

Otherwise you will need to call session_name with the session id (use
$_GET or $_POST, as appropriate - not $_REQUEST). But you need to call
session_name() BEFORE calling session_start().

But I think the better way would be to go ahead and just send the
session id as a cookie in Java. Check one of the Java newsgroups on how
to do that.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================

Ok so based on all of your recommendations, I write the following
code:
<?
if(isset($_GET['PHPSESSID'])){
$PHPSESSID=$_GET['PHPSESSID'];
session_id($PHPSESSID);
}
if(isset($_POST['PHPSESSID'])){
$PHPSESSID=$_POST['PHPSESSID'];
session_id($PHPSESSID);
}
session_start();
define('PHPSESSID',session_id());
?>

When I go to the web page and log in (essentially setting session
variables), it works like normal and I retrieve the session id.
Changing it logs me out, and reverting it logs me back in.
Ok so, setting the session id works perfectly.

However, when I run a Java program that makes a post request using
PHPSESSID, it logs me out (the session array is empty). Running the
Java program with an incorrect session id does not force me to log
out.

Is there anything I have done wrong here or have I done it right and
there could be another source of the problem? Thank you all for your
help.

Lee wrote:
> Ok so based on all of your recommendations, I write the following
> code:
> <?
> if(isset($_GET['PHPSESSID'])){
> $PHPSESSID=$_GET['PHPSESSID'];
> session_id($PHPSESSID);
> }
> if(isset($_POST['PHPSESSID'])){
> $PHPSESSID=$_POST['PHPSESSID'];
> session_id($PHPSESSID);
> }
> session_start();
> define('PHPSESSID',session_id());
> ?>
>
> When I go to the web page and log in (essentially setting session
> variables), it works like normal and I retrieve the session id.
> Changing it logs me out, and reverting it logs me back in.
> Ok so, setting the session id works perfectly.
>
> However, when I run a Java program that makes a post request using
> PHPSESSID, it logs me out (the session array is empty). Running the
> Java program with an incorrect session id does not force me to log
> out.
>
> Is there anything I have done wrong here or have I done it right and
> there could be another source of the problem? Thank you all for your
> help.

No, I suspect you're either using the wrong session ID, or using the
correct session id but passing it incorrectly from the Java applet.

Display your session id before and after running your applet - what does
it show?

Of course it's always possible something is clearing out your session
information. For instance, if you're using java at the server, and it's
set up to use the same session files as PHP, you might have an
incompatibility between languages.

--
==================
Remove the "x" from my email address
Jerry Stuckle
JDS Computer Training Corp.
jstucklex@attglobal.net
==================