Wrox Programmer Forums
Go Back   Wrox Programmer Forums > PHP/MySQL > Pro PHP
|
Pro PHP Advanced PHP coding discussions. Beginning-level questions will be redirected to the Beginning PHP forum.
Welcome to the p2p.wrox.com Forums.

You are currently viewing the Pro PHP section of the Wrox Programmer to Programmer discussions. This is a community of software programmers and website developers including Wrox book authors and readers. New member registration was closed in 2019. New posts were shut off and the site was archived into this static format as of October 1, 2020. If you require technical support for a Wrox book please contact http://hub.wiley.com
 
Old May 7th, 2004, 12:09 PM
Registered User
 
Join Date: May 2004
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
Default strange behaviour: session variable/virtual host

Hi,

(sorry if it's a stupid question but i found nothing about this)
i'm running PHP 4.3.5 on redhat 9 apache 2.
I'm testing 2 test scripts (i'm not the writer, i've just configured the server):
##########test1.php########
<?
        session_start();
        $_SESSION['toto']="TOTO";
        echo "<h1>Here test1 : ".$_SESSION['toto']."</h1>"

?>

##########test2.php########
<?
        session_start();
        echo "<h1>here test2 : ".$_SESSION['toto']."</h1>"
?>


When i use http://servername/directory/test1.php
It returns "Here test1 : toto"
When i use http://servername/directory/test2.php
It returns "Here test2 : toto" .... nothing special...

but when i use http://virtualhost/test1.php
It returns "Here test1 : toto"
and (i don't know why)http://virtualhost/test2.php
It returns "Here test2 : "

It seems to loose session variable..
Maybe i'm missing something with configuration or code.
Any idea??
Thanks for your help!
 
Old May 8th, 2004, 05:21 AM
Friend of Wrox
 
Join Date: Jun 2003
Posts: 256
Thanks: 0
Thanked 0 Times in 0 Posts
Default

This is probably an authorisation problem. "Virtualhost" clearly doesn't have acccess to "servernames"'s cookies, but should be able to access cookies of its own.

(Of course, you should never be able to pass straight from http://servername/directory/test1.php to http://virtualhost/test2.php, or vice versa, and see sessions preserved, as that would be a serious security flaw.)

Take a look at your session cookie configuration.
 
Old May 10th, 2004, 03:40 AM
Registered User
 
Join Date: May 2004
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
Default

thanks for your answer!
how can i look to session cookie configuration??
is that config ok? :
session.auto_start Off Off
session.bug_compat_42 On On
session.bug_compat_warn On On
session.cache_expire 180 180
session.cache_limiter nocache nocache
session.cookie_domain no value no value
session.cookie_lifetime 0 0
session.cookie_path / /
session.cookie_secure Off Off
session.entropy_file no value no value
session.entropy_length 0 0
session.gc_divisor 100 100
session.gc_maxlifetime 1440 1440
session.gc_probability 1 1
session.name PHPSESSID PHPSESSID
session.referer_check no value no value
session.save_handler files files
session.save_path /<file rwx for everyone> /<file rwx for everyone>
session.serialize_handler php php
session.use_cookies On On
session.use_only_cookies Off Off
session.use_trans_sid Off Off

thanks for your help!

 
Old May 10th, 2004, 07:46 AM
Registered User
 
Join Date: May 2004
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
Default

after tests :
using ipaddress create 1 session file but virtual host 2...
i don't understand why test2.php create session file!
 
Old May 11th, 2004, 09:59 AM
Friend of Wrox
 
Join Date: Jun 2003
Posts: 256
Thanks: 0
Thanked 0 Times in 0 Posts
Default

Well, I'm not particularly familiar with Apache 2, but I suspect you may want to look into that:

"session.cookie_domain"

setting, since I'm pretty sure that, since it's the domains that are, effectively, giving you the gyp, the fact that you have session.cookie_domain set as "no value no value", taht may be part of your problem.
 
Old May 11th, 2004, 11:42 AM
Registered User
 
Join Date: May 2004
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
Default

i've found on many php web site that user $_session do not create cookies... it creates flat files with a randow ID and destroy it (if needed) after, i'm wrong??
 
Old May 11th, 2004, 04:38 PM
Friend of Wrox
 
Join Date: Jun 2003
Posts: 256
Thanks: 0
Thanked 0 Times in 0 Posts
Default

I am not sure I follow you. Certainly, cookies are just _one _way_ of perpetuating a session, and PHP can be configured (and usually defaults to) using other means of perpetuating the session, if it detects that cookies aren't available (e.g. user has them disabled).

What I suspect may be happening in your case, is that a cookie is being assigned in both cases (for _both_ hostnames), but that vitualhost isn't being given access to those cookies because it isn't being recognised as the owner of the cookie. The cookie is somehow being given out as if it was the property of 'servername', and when 'virtualhost' requests it, 'virtualhost' isn't being recognised as the legitimate owner of that cookie and so PHP denies access to it, for very good security reasons.

Like I say, I haven't used Apache2 since I stopped playing around with JSP, but I'd _guess_ that the "session.cookie_domain no value no value" business you quoted above might be a good place to start looking for a cause.
 
Old May 12th, 2004, 05:32 AM
Registered User
 
Join Date: May 2004
Posts: 5
Thanks: 0
Thanked 0 Times in 0 Posts
Default

it's not a seesion_cookie problem but i've find the problem :
it's an IE6 bug...
you could see it : http://support.microsoft.com/default...b;EN-US;316112

SYMPTOMS
After you install security patch MS01-055 for Microsoft Internet Explorer 5.5 or 6.0, you may encounter the following problems:
Session variables are lost.
Session state is not maintained between requests.
Cookies are not set on the client system.
Note These problems can also occur after you install a more recent patch that includes the fix that is provided in security patch MS01-055.
CAUSE
Security patch MS01-055 prevents servers with improper name syntax from setting cookies names. Domains that use cookies must use only alphanumeric characters ("-" or ".") in the domain name and the server name. Internet Explorer blocks cookies from a server if the server name contains other characters, such as an underscore character ("_").

Because ASP session state and session variables rely on cookies to function, ASP cannot maintain session state between requests if cookies cannot be set on the client.

This issue can also be caused by an incorrect name syntax in a host header.
RESOLUTION
To work around this problem, use one of the following methods:
Rename the domain name and the server name, and use only alphanumeric characters.
Browse to the server by using the Internet Protocol (IP) address rather than the domain/server name.

i've find it on : http://www.phpe.net/manual/function.session-start.php

thanks for answering!!
 
Old May 12th, 2004, 11:53 AM
Friend of Wrox
 
Join Date: Jun 2003
Posts: 256
Thanks: 0
Thanked 0 Times in 0 Posts
Default

"Get a new domain name or use your IP address all the time".

Hm, that's some "workaround". In other words:
"The product is fine, it's your behavour, that is at fault."

Remind me: there was some point that Microsoft had in mind, when it embarked upon dominating the browser market with this broken grey rectangle of a thing, wasn't there?





Similar Threads
Thread Thread Starter Forum Replies Last Post
Strange Behaviour VeganMan BOOK: Beginning ASP.NET 3.5 : in C# and VB BOOK ISBN: 978-0-470-18759-3 9 April 14th, 2008 11:16 AM
Strange behaviour with IE smolds BOOK: Beginning CSS: Cascading Style Sheets for Web Design ISBN: 978-0-7645-7642-3 2 October 15th, 2005 08:49 PM





Powered by vBulletin®
Copyright ©2000 - 2020, Jelsoft Enterprises Ltd.
Copyright (c) 2020 John Wiley & Sons, Inc.