INI settings regarding sessions

[mpopnoe]

Could somebody please tell me all the recommended settings for sessions in the INI file? I believe my code is correct and the problem lies in the way I set up the INI file. I'm using Windows 2000 with IIS 5 and the latest version of PHP4. Please include all session settings because I may have changed some I shouldn't have.

Thank you very much!

mike

 

[rycamor]

Why don't you show us your existing settings for sessions in php.ini? It's probably a file path issue, but it is much easier to point it out if you show your settings. -------------------------------------------

"Calculus is just the meaningless manipulation of higher symbols"
                          -unknown F student

 

[mpopnoe]

Here they are:

session.save_handler = files

session.save_path = c:\inetpub\

http://wwwroot\temp

session.use_cookies = 1

session.name = PHPSESSID

session.auto_start = 0

session.cookie_lifetime = 0

session.cookie_path = c:\inetpub\

http://wwwroot\temp

session.cookie_domain =

session.serialize_handler = php

session.gc_probability = 1

session.gc_maxlifetime = 1440

session.referer_check =

session.entropy_length = 0

%%%%%%(these came commented out)%%%%%%%%%%%%
; Specified here to create the session id.
;session.entropy_file = c:\inetpub\

http://wwwroot\temp

;session.entropy_length = 16
;session.entropy_file = /dev/urandom
%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%%

session.cache_limiter = nocache

session.cache_expire = 180

session.use_trans_sid = 1

Thank you very much!

mike

 

[rycamor]

I don't see anything wrong with these settings, as long as the c:\inetpub\

http://wwwroot\temp\

allows the IIS special user to write to it. Have you looked at your Event Log?

The special user for IIS is usually named IUSR_{hostname}, so if your machine is named MPOPNOE, the the user would be called IUSR_MPOPNOE. See if this user has permissions to write to your temp folder.

An easier solution might be just to use the generic Windows temp folder, such as C:\TEMP\, or C:\WINNT\TEMP\, because these are automatically writable by IUSR_hostname.

If this doesn't work, then try posting some of your test code for sessions. -------------------------------------------

"Calculus is just the meaningless manipulation of higher symbols"
                          -unknown F student

 

[mpopnoe]

I know that the session files are being written to the temp folder in

http://wwwroot

because I open them up to make sure the variable values are present. I'll try using the WINNT temp folder but I think that is the folder I used originally. I'm really stumped as to why I'm having such a hard time with sessions. My web pages are pretty big so I wouldn't want to post them, but I think the problem lies in how I submit my forms. On a page with a form, I have the form post back to the same page it resides on, so there is alot of script that displays different data depending on what the form values are. I made sure that where I'm registering session variables is before any output, and I know that is working correctly because the session values are being stored in a file in the temp folder. On my login page, where I register the security variables, I know that they are not getting registered twice, but as soon as I redirect the browser to my first secure page and check the session variable, a new session is started.

Thanks to everyone for your prompt help, I truly appreciate it

mike

 

[mpopnoe]

Thanks for all you help, I finally got it working. I needed to append the SID to the url eventhough I have trans_id set in the INI file. I had tried this before but used PHPSESSID instead of SID so it didn't work and instead of troubleshooting it I moved on.

thanks again

mike