I am at present learning PHP and am currently learning all about sessions. The problem I have is with the config of PHP in use of sessions(as I do understand the concept). Basically, on running the simple program below, each time the browser is refreshed a new session is created. The example in the book states that the created session ID won't change as long as I have enabled COOKIES. I have checked my browser setting and all looks fine.

My question is, could there be a setting in the PHP.ini file that I need to enable / change? I have also disabled Norton Systems Works (Firewall etc..) and that doesn't seem to work!

I have changed session.auto_start = 1 in PHP.ini file, so I don't have to keep writing session_start() at the beginning of each script. And have since changed this back and used the code to see what happens, but I still have the same problem. Any ideas?

<html>
<head>
<title>Test script</title>
</head>
<body>
<?php

echo "<p>Your session ID is " .session_id() . "</p>";

?>
</body>
</html>


I have set up a localhost on my PC and have configured the use of PHP 4, Apache 2 and MySQL for the running of my code.

Gaz

__________________
Gaz

Read my replies to the following topics:

http://p2p.wrox.com/topic.asp?TOPIC_ID=11791
http://p2p.wrox.com/topic.asp?TOPIC_ID=12148

Most importantly is session_start() must be called prior to using sessions.

-Rich

::::::::::::::::::::::::::::::::::::::::::
The Spicy Peanut Project
http://www.spicypeanut.net
::::::::::::::::::::::::::::::::::::::::::

Thank you for responding to my enquiry. I don't think I have explained my problem correctly. The above text code is used to create a session ID. The problem I faced is that on refreshing the browser the created session ID changes to a new session ID. Therefore, the following example would not work as it seems on every call of session_start() a new session ID is created.

 My question was, have I overlooked a configuration setting on the inital set-up of PHP to cause this problem? as I have uploaded the two below examples onto an actually live server and they work fine. I just cannot get the same result when run on a local server on my PC.

My understanding of sessions it that on first call of session_start() the ID created remains active and does'nt change when the browser in refreshed, unless the browser is closed and restarted. And that as long as COOKIES are enabled on the browser I shouldn't have the problem I currently face. Does that explain things better? as I am confused now?

The two problems below work fine on a live server, but not on my own local server:

<?php

session_start();

?>
<html>
<head><title>Listing 10.2 setting session variables</title></head>
<body>
<?php
$_SESSION[forename] = "Garry";
$_SESSION[surname] = "Butcher";

echo "Session variables have been created!";

?>
</body>
</html>


<?php

session_start();

?>
<html>
<head><title>Listing 10.3 session variables output</title></head>
<body>
<?php

echo "The data stored in your session variables are:<br>" .$_SESSION[forename] ." " .$_SESSION[surname];

?>
</body>
</html>



Gaz

Well that's what the other two threads are about, did you read my replies explicitly, nevermind the original topics.

On Windows the session data directory must be created and given write permissions explicitly or the session data is lost (hence an overlooked configuration setting), refer to topic posted at: http://p2p.wrox.com/topic.asp?TOPIC_ID=12148. This thread also refers to the php.ini configuration file, where all pre-set session configurations are stored.

What is the error_reporting directive of php.ini set to (to develop it should be E_ALL), if session_start() fails to create a session or send out a cookie it'll complain in the form of E_WARNING level errors. Are you seeing any error output?

Also look at these two and be sure that your errors aren't going to a log:
display_errors = On
log_errors = Off

The firewall doesn't have anything to do with PHP sessions, since all sessions are kept on the server and anything output from PHP goes over port 80, unless you're trying to access the server on another port, then there might be a problem there.

OK, session_start creates a session_id if one isn't currently active, it also imports all variables currently in that user's session data file into the current script (if any exist), these go into the $_SESSION superglobal. Then lastly, it outputs a cookie containing the session_id to the user's browser.

Read up on sessions:
http://www.php.net/session

hth,
Rich


::::::::::::::::::::::::::::::::::::::::::
The Spicy Peanut Project
http://www.spicypeanut.net
::::::::::::::::::::::::::::::::::::::::::

The characterset could be of influence.

Make sure you set the correct headers:

<?php echo "<?xml version=\"1.0\" encoding=\"iso-8859-1\"?".">"; ?>
<!DOCTYPE html PUBLIC "-//W3C//DTD XHTML 1.0 Transitional//EN" "http://www.w3.org/TR/xhtml1/DTD/xhtml1-transitional.dtd">
<html xmlns="http://www.w3.org/1999/xhtml">
<head>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1" />
<title>....................etcetera

Setting the characterset to utf-8 triggered a new sessid each refresh because the cookie couldn't be set.

Check your php.ini file for the line:

session.cookie_domain

Which will cause the behaviour you describe if it's incorrectly set.

If you are running your code on a development machine, there's no real reason to have it. So comment it out and restart Apache.