Session - again

[greatwhitenorth98]

Yep, I'm a Newbie - with session problems. The code below, while relatively simple, does not keep the session variable to the next page. In fact, when looking at the temp file where the session ids are kept, there is one session generated by loading the first page, another when going from the first to the second and a third one going back to the first page. Regardless (and probably due to), the $_SESSION variable is not kept and echoed to the screen.

Please, someone tell me what is going on!? I'm going bananas here! I've looked throughout the forum and applied the ideas that I have found - to no avail.

Thanks a heap!

--------------------------
index.htm
--------------------------

<?php
session_start();

$_SESSION['user'] = "Hubert";

echo "(IDX) Session user: " .$_SESSION['user']. "<br>";

if(isset($_POST['session_check'])) {
header("Location: session_check.htm");
}
?>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Session test</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>

<form action="<?php echo $HTTP_SERVER_VARS['PHP_SELF']?>" method="post">
<br><br>
<input type="submit" name="session_check" value="Check Session variables">
</form>

</body>
</html>

--------------------------
session_check.htm
--------------------------

<?php
session_start();

if(isset($_POST['home'])) {
unset($_SESSION['user']);
header("Location: index.htm");
}
echo "(SC) Session user: " .$_SESSION['user']. "<br>";
?>

<!DOCTYPE HTML PUBLIC "-//W3C//DTD HTML 4.01 Transitional//EN">
<html>
<head>
<title>Session test - Page 2</title>
<meta http-equiv="Content-Type" content="text/html; charset=iso-8859-1">
</head>

<body>

<form action="<?php echo $HTTP_SERVER_VARS['PHP_SELF']?>" method="post">
<br><br>
<input type="submit" name="home" value="Home">
</form>

</body>

-------------------------

 

[greatwhitenorth98]

Neat! I didn't know that existed. I had a whole mess of stuff in there so I deleted everything and ran the script again.

There are no cookies written. I only had Opera cookies and one for Tek-Tips.

 

[sleipnir214]

Is your Opera installation accepting cookies?

Is the server actually sending them? You're going to have to use the telnet connection method I described above to see the raw headers from the server.

Want the best answers? Ask the best questions!

TANSTAAFL!!

 

[greatwhitenorth98]

I downloaded a Telnet client called Kevterm, installed it (pretty simple) and ran it - localhost with port 80. I said ok to ZoneAlarm when it asked to allow Kevterm to access the local lan and the internet.

So now I have a nice window open that is connected (so it says). I don't know what to do with it. You said to Initiate an HTTP request to the web server by hand and type in the request. I can't type on that window. Sorry, but I am lost. Don't give up on me, I've just never gotten this deep so I am pretty green to this stuff.

Also, I've got to sign off (it's late here in France). I'll take a look at your response in the morning - bright and early likely.

Thanks.

 

[sleipnir214]

Check your local echo setting. Chances are, it's allowing you to type in, just not showing you what you've typed.

Want the best answers? Ask the best questions!

TANSTAAFL!!

 

[greatwhitenorth98]

The little program that I downloaded "KevTerm" allows you to send a line of text under "Options" "Send text line...". So using this I send the first line you suggested:

GET / HTTP/1.1 <CRLF>

then I send the next line in the same manner

127.0.0.1 <CRLF>

The connection I open is "localhost" with port "80".

Then I rerun the little session test program but nothing is displayed on the KevTerm screen and nothing else seems to happen. I am missing something important.

 

[sleipnir214]

Do you have a blank line at the end of the input?

It should be:

GET /thescript.php HTTP/1.1[enter]
Host: <the hostname as defined in your httpd.conf>[enter]
[enter]



Want the best answers? Ask the best questions!

TANSTAAFL!!

 

[greatwhitenorth98]

Ok, I entered a dummy command using the method I outlined above (send text line) and got the following information back...

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>400 Bad Request</TITLE>
                                                                                            </HEAD><BODY>

<H1>Bad Request</H1>
Your browser sent a request that this server could not understand.
<P>help
<P>Invalid URI in request
<HR>
<ADDRESS>Apache/1.3.27 Server at localhost Port 80</ADDRESS>
</BODY></HTML>



HTTP/1.1 400 Bad Request
Date: Tue, 13 Apr 2004 16:01:20 GMT
Server: Apache/1.3.27 (Win32) PHP/4.2.3
Connection: close
Content-Type: text/html; charset=iso-8859-1

<!DOCTYPE HTML PUBLIC "-//IETF//DTD HTML 2.0//EN">
<HTML><HEAD>
<TITLE>400 Bad Request</TITLE>
                                                                                            </HEAD><BODY>

<H1>Bad Request</H1>
Your browser sent a request that this server could not understand.
<P>The request line contained invalid characters following the protocol string.
<P><P>

<HR>
<ADDRESS>Apache/1.3.27 Server at localhost Port 80</ADDRESS>
</BODY></HTML>

I added the carriage returns and removed extra spaces. Does this help?

 

[sleipnir214]

I don't know what it could be -- your browser's error logs will give more information. But it's likely a typo on your part.

I have a virtual server on my LAMP box with a ServerName setting of

http://www.foo.foo.

It is on 10.0.1.133.

I connect to the server with KevTerm [by the way -- if you have an IP stack installed on your Win32 workstation, you'll have a telnet client installed, too. Just go to a command prompt and try invoking it using the command "telnet"], telling KevTerm to connect on 10.0.1.133 on port 80.

After turning on local echo, I enter the following:

GET /test_session1.php HTTP/1.1[enterkey]
Host: www.foo.foo[enterkey]
[enterkey]

(test_session1.php is the script I posted earlier in this thread)

My Apache installation then responds with:

HTTP/1.1 302 Found
Date: Tue, 13 Apr 2004 17:26:57 GMT
Server: Apache
X-Powered-By: PHP/4.3.5
[blue]Set-Cookie: PHPSESSID=455cf46d3682abf797cbf355054597d2; path=/[/blue]
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
[blue]Location: test_session2.php[/blue]
Content-Length: 0
Content-Type: text/html; charset=ISO-8859-1


The lines in blue tell me the script is working.

I get the same output from my server when I go to a command prompt, enter "telnet 10.0.1.133 80", and type in the page fetch command.

You can also use a text editor to get the commands just right, and then copy and paste that text from the editor into your telnet session -- this works with both KevTerm and the command-line telnet client. But you can't just hit "Ctrl-v" on the command-line page -- you have to use the window's paste command.

Want the best answers? Ask the best questions!

TANSTAAFL!!

 

[greatwhitenorth98]

Whew! That took a while to understand - don't forget to put "host:" in front of the ip address. ;-)

This is what I get:

HTTP/1.1 302 Found
Date: Tue, 13 Apr 2004 19:09:30 GMT
Server: Apache/1.3.27 (Win32) PHP/4.2.3
X-Powered-By: PHP/4.2.3
Set-Cookie: PHPSESSID=5149be5a5b7c42ce6ddfaaa8d9299729; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, 

pre-check=0
Pragma: no-cache
Location: test_session2.php
Transfer-Encoding: chunked
Content-Type: text/html

0

And, yes, I did find HyperTerminal (Windows).

I looked in the directory where the session ids are located and found only one. That is good (I assume). I then ran the same script from the browser address window and then looked in that directory. Two new session ids were created. This means that the script works from the Telnet window but not when run by the browser (I guess). I tried both Opera and IE. Both created two session ids.

 

[sleipnir214]

Actually, you're seeing the same behavior from both the browsers and telnet.

When your script issues session_start(), PHP's session-handling mechanism looks for a cookie the name of which matches session.name from your php.ini. The default is "PHPSESSID".

If PHP's session-handling mechanism finds the cookie it's looking for, it uses the session id that is the value of that cookie to fetch the session variables from the session store. It will also resend the session cookie value. If the session-handling mechanism does not find that cookie, it generates a new session ID and sets the session cookie.

You can see this from telnet. Connect to your script as you did before, and look at the session cookie value. Connect again and fetch the page by hand again -- the session cookie value will change.

But if you connect a third time and pass back to the server the session cookie that you got earlier, PHP will use it.

Connection 1:

>GET /test_session1.php HTTP/1.1
>Host:

http://www.foo.foo

>
<HTTP/1.1 302 Found
<Date: Tue, 13 Apr 2004 20:19:42 GMT
<Server: Apache
<X-Powered-By: PHP/4.3.5
<Set-Cookie: PHPSESSID=b53f16fc523a767fea34e446847d6649; path=/
<Expires: Thu, 19 Nov 1981 08:52:00 GMT
<Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
<Pragma: no-cache
<Location: test_session2.php
<Content-Length: 0
<Content-Type: text/html; charset=ISO-8859-1

Looking on my server's filesystem, I see one session file.


Connection 2:

>GET /test_session1.php HTTP/1.1
>Host:

http://www.foo.foo

>
<HTTP/1.1 302 Found
<Date: Tue, 13 Apr 2004 20:20:09 GMT
<Server: Apache
<X-Powered-By: PHP/4.3.5
<Set-Cookie: PHPSESSID=64edccfc1fe6093370246387216a82b9; path=/
<Expires: Thu, 19 Nov 1981 08:52:00 GMT
<Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
<Pragma: no-cache
<Location: test_session2.php
<Content-Length: 0
<Content-Type: text/html; charset=ISO-8859-1

I now have two session files on my system.


Connection 3:

>GET /test_session1.php HTTP/1.1
>Host:

http://www.foo.foo

>[blue]Cookie: PHPSESSID=64edccfc1fe6093370246387216a82b9[/blue]
>
<HTTP/1.1 302 Found
<Date: Tue, 13 Apr 2004 20:21:05 GMT
<Server: Apache
<X-Powered-By: PHP/4.3.5
<[blue]Set-Cookie: PHPSESSID=64edccfc1fe6093370246387216a82b9; path=/[/blue]
<Expires: Thu, 19 Nov 1981 08:52:00 GMT
<Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
<Pragma: no-cache
<Location: test_session2.php
<Content-Length: 0
<Content-Type: text/html; charset=ISO-8859-1

I still have only two session files -- PHP reused the second one because I gave it a session id.


The problem with your system is that for some reason PHP doesn't think it's getting a session cookie. Why this is, I'm not sure.



Want the best answers? Ask the best questions!

TANSTAAFL!!

 

[greatwhitenorth98]

I was able to do exactly as you did - complete with the creation of a new session id and the reuse of an existing one. This was all through Telnet. Now why the *ùù$ù%$ù doesn't it work through the browser?

It can't be the firewall (can it?) because even the Telnet client had to go through it. I ran the script in the browser with ZoneAlarm turned off. The same thing happened - two session ids were created.

Unless you have some other idea, I think I may end up spending a day reinstalling my system from scratch to see if that does the trick. What a pain that would be - my disk images for naught!

 

[sleipnir214]

You've managed to stump the chump. I can see no good reason why both IE and Opera would be giving you problems with sessions.

Want the best answers? Ask the best questions!

TANSTAAFL!!

 

[greatwhitenorth98]

Hey, don't think that I tried to do it on purpose!

I thank you very much for the time you invested in this problem. If I ever get the dang thing working I'll post.

 

[sleipnir214]

greatwhitenorth98:

What version of PHP are you running?
How did you install it?
Is your current version an initial install or an upgrade from a lower-numbered version?

Want the best answers? Ask the best questions!

TANSTAAFL!!

 

[greatwhitenorth98]

I installed PHPDEV which included PHP/4.2.3 (April 13 post) so it is a 'clean' install. I did notice however that your version is more recent so I'll likely go pick up a copy of that one.

I won't be at it until later today (hopefully) though. I'm in the middle of a clean install of my system. If I can only understand why explorer crashes when I open the control panel!!!!!

 

[sleipnir214]

I'm not sure what I did, but my system began misbehaving like yours did.

I wrote a script that would take a value in on the URL, append that value to an array in a session variable and output a link back to the script but with the URL value incremented. By repetetivly clicking that link, I should have been able to append one element after another to the array session variable.

The script lost its sessions at 1, but kept 2 and 3. Then it lost its mind each time at 4 through 9. 10 through 20 worked as it should have, but it lost the session every time after that with only a couple of exceptions up to about 50.

I had originally installed PHP 4.3.4 from source as an Apache module. I then upgraded to 4.3.5. But I had never upgraded /etc/php.ini, and the "make install" step will apparently not overwrite the file if it exists. When I went into the 4.3.5 untarred source directory, I found php.ini-recommended, which I copied to /etc/php.ini.

My session problems then all cleared up. I guess one source of the kind of problem you've been seeing is an incomplete php.ini.

And my version is not the latest, either. Since we lasted posted in this thread, the boys at Zend have released 4.3.6.



Want the best answers? Ask the best questions!

TANSTAAFL!!

 

[greatwhitenorth98]

Your prompt on the INI file got me to looking a bit closer at the parameters for the SESSION variable and settings. There I found a comment that said the session save path should be changed if we are using Windows. Wow! A revelation! That, I hadn't done before. So I did and...

It worked! At least it seemed that it worked. I tested our test_session script, checking the number of session ids created and all seemed well. I started working on my test site (that is two weeks late because of this darned problem) and kept checking every time I changed pages.

All of a sudden, it stopped working! £¨M££@!!

I don't know why. I tried changing the path again. No good. The test script doesn't work again. This is on a brand spanking new install of Win2KPro with all of the updates (that takes the longest time!) that I spent all day yesterday doing.

After this I tried updating my versions but I think I messed it up. I still get the same version number popping up. Man, I'm tired.

 

[greatwhitenorth98]

Never mind the previous post. It couldn't have worked. The script is supposed to print the word "bar" on the screen. I don't recall having seen the word even when it supposedly 'worked'.

[explitive]

 

[greatwhitenorth98]

Well, I said that I would post when I got the dang thing working. And I have. What a pain, all in all, though.

Anyways, I reinstalled my complete system (twice actually, due to a video card issue - drive images are soooo useful). After the reinstallation the session issue was partially resolved - and, for the life of me, I can't say why.

However, when using a form input button, the session ID on the address line would disappear and every time I changed pages, the session id would be recreated. The page changing method was the php header('Location: ... command. Even the position.top didn't solve the problem.

And the solution is.....

Append the session id to the location command (not forgetting the "?" character).

Voilà! I'm on my way doing more interesting things now.

Thanks, sleipnir214, for your time. I hope this helps others. Still, it would be interesting to know why I have to append the SID. It seems to be that I shouldn't have to.

greatwhitenorth98 signing off for this thread.