Tek-Tips is the largest IT community on the Internet today!

Members share and learn making Tek-Tips Forums the best source of peer-reviewed technical information on the Internet!

Register Log in
  • Congratulations derfloh on being selected by the Tek-Tips community for having the most helpful posts in the forums last week. Way to Go!

session id is changing 1

Status
Not open for further replies.
jlarysz

jlarysz

Programmer
Nov 8, 2003
12
US
I am using PHP with Apache, and I use session id's to manage the data associated with a user session. The problem I have is that at one point I go out to PayPal, giving Paypal a return URL. When the session comes back to my page, the session id as reported by session_id() has changed!

All my pages contain the code:

session_start();
$Session_State = session_register("MySession");

$Session_State come back TRUE.

When I run session_get_cookie_params(), all I get is:

lifetime=0
path=/
domain=
secure=

What is happening here?
 
Sort by date Sort by votes
and if you register the session again after the page is reloaded, then the session id is changed again
 
Upvote 0 Downvote
I don't know. What do I have to do to set it, and what does this do?
 
Upvote 0 Downvote
Yes, I register the session every time the page is called up. I do that throught the site, and it doesn't chnage the session id. It only seems to be changing when I move to a page outside the site, and then move back again.
 
Upvote 0 Downvote
If a session cookie was handed to PHP when the script was invoked, then PHP will reuse the session ID stored in it.

However, session IDs can be passed in PHP in either of two ways: cookies and URLs.

If your PHP installation is using cookies, the session-handling mechanism will automatically set the cookie for you. You should be able to view the cookie store of your browser to see that the cookie was set and what its value is.

If your PHP installation is passing session IDs in the URL, then they won't work when you send users to PayPal and back.

Want the best answers? Ask the best questions: TANSTAAFL!!
 
Upvote 0 Downvote
How can I find out how the session ID is being passed? I don't own the HTTPD server, but I can get changes made to its configuration.
 
Upvote 0 Downvote
Whether PHP uses cookies or URLs to pass session IDs is determined by the php.ini configuration directive session.use_trans_sid. If this is set to 0, PHP uses cookies. You can get this value by looking at the output of phpinfo().

Also, if you're passing session IDs via the URL, you will see them in the URL.

Want the best answers? Ask the best questions: TANSTAAFL!!
 
Upvote 0 Downvote
The host site has session.trans_use_sid = Off, so I guess that is the same as 0. The session id should be set correctly.

Odd.

I was really hopeful there. Shucks.
 
Upvote 0 Downvote
I think that it must be. All I do is issue session_start() and session_register() instructions.
 
Upvote 0 Downvote
Never assume. Verify.

Examine the cookie store of your browser. Does the cookie exist?

Also, since PHP version 4.1.0, the preferred method of using session data is through manipulation of the $_SESSION superglobal array rather than through the use of session_register().

Want the best answers? Ask the best questions: TANSTAAFL!!
 
Upvote 0 Downvote
OK, I've cracked it. It was plain old dumb programming - again. It's a long code page - I was issuing the session_register() function twice.

Thanks for all the help - it made me look at the code all over again.
 
Upvote 0 Downvote
Now I'm baffled again. I seem to be getting a reliable session_id at the moment, but I've no idea why.

I guess I'll have to wait for it to break again and keep looking.
 
Upvote 0 Downvote
I recall something odd with the behaviour of session settings if register_globals isset to off, you have to use the $_SESSION array instead of the session_register()function.
Alternativly I wonder if paypal is written in php and its destryoing your session as well as its own (just a thought). You can change the name of the cookie if required if this is the case.
 
Upvote 0 Downvote
It seems to working correctly since I removed the second call to session_register(). I don't understand it either.
 
Upvote 0 Downvote
Status
Not open for further replies.

Similar threads

cmayo
  • Locked
  • Question
Is PHP/PEAR MDB2 dead? Which PHP abstraction layer should I use?
Replies
1
Views
131
spamjim
spamjim
pc3957
  • Locked
  • Question
Any ideas how I can download a file from a web site that requires login mimicking clicks
Replies
1
Views
136
spamjim
spamjim
cmayo
  • Locked
  • Question
ZipArchive::close is terribly slow when executed by Apache2
Replies
3
Views
450
cmayo
cmayo
southbeach
  • Locked
  • Question
Haunted by vanishing session 1
Replies
4
Views
164
southbeach
southbeach
coldbohemia
  • Locked
  • Question
network folder inaccessible from php is_dir function
Replies
2
Views
284
coldbohemia
coldbohemia

Part and Inventory Search

Sponsor

Back
Top