Session Variables not being passed 2

[caffrinho]

Hi,

I have a website which has an admin area 'protected' by a log in script and the checking of session variables. It has been working fine for months, I have not dabbled with this website for ages, so it's not a coding problem. I'm guessing something has changed at the hosting company that has rendered the way I use session cookies invalid -I don't know!

To test I set up two files

set_session_var.php

<?php
session_start();

$_SESSION['loggedin']="Y";
session_write_close();
print_r($_SESSION);
?>
<a href="get_session_var.php">TEST</a>

get_session_var.php

<?php
session_start();

print_r($_SESSION);

?>

On the first page, the array is printed showing the session variable set. Second page "Array()" is returned showing no results!
I've searched the forum, and wasted many hours trying various proposed solutions with no joy. I've checked to make sure the directory is writeable - it is. And now I am stuck.

PHP 4.4.9 on Windows.

TIA

Caff

Results of PHPINFO

session
Session Support                           enabled 
Registered save handlers                  files user 

Directive                          Local Value                 Master Value
session.auto_start                 Off                         Off
session.bug_compat_42              On                          On
session.bug_compat_warn            On                          On
session.cache_expire               180                         180
session.cache_limiter              nocache                     nocache
session.cookie_domain              no value                    no value
session.cookie_lifetime            0                           0
session.cookie_path                /                           /
session.cookie_secure              Off                         Off
session.entropy_file               no value                    no value
session.entropy_length             0                           0
session.gc_divisor                 100                         100
session.gc_maxlifetime             1440                        1440
session.gc_probability             1                           1
session.name                       PHPSESSID                   PHPSESSID
session.referer_check              no value                    no value
session.save_handler               files                       files
session.save_path                  c:\php\sessiondata          c:\php\sessiondata
session.serialize_handler          php                         php
session.use_cookies                On                          On
session.use_only_cookies           Off                         Off
session.use_trans_sid              Off                         Off

 

[vacunita]

Is the session id the same on both pages?

session_start();
...
echo session_id();

If its not the same, then the server is initiating a new blank session.



----------------------------------
Phil AKA Vacunita
----------------------------------
Ignorance is not necessarily Bliss, case in point:
Unknown has caused an Unknown Error on Unknown and must be shutdown to prevent damage to Unknown.

Web & Tech

 

[caffrinho]

Thanks for the response, I hadn't checked session id's. Having done so, they are both the same.


Cheers,

Caff

 

[jpadie]

try this and post back the results. My suspicion is that the session store is no longer present or no longer writable by php. it's odd, too, that the session store is the same for all users of this server (unless it is a virtual windows installation).

<?php 
echo file_exists('c:/php/sessiondata') . "\n";
echo is_writable('c:/php/sessiondata');
?>

also add this before your session_start() calls; and report back the error messages.

ini_set('display_errors', true);
error_reporting(E_ALL);

 

[caffrinho]

The first test responded with a 1 for both file exists and is writeable.

the errors reported by the second suggestion, follows. (I've removed the domain name)

Warning: session_start() [function.session-start]: open(c:\php\sessiondata\sess_828bcc93529bde762b39eec670b62de9, O_RDWR) failed: Permission denied (13) in 
C:\Domains\XXXX\[URL unfurl="true"]wwwroot\get_session_var.php[/URL] on line 5
Array ( ) 
Notice: Undefined index: loggedin in C:\Domains\XXXX\[URL unfurl="true"]wwwroot\get_session_var.php[/URL] on line 8
828bcc93529bde762b39eec670b62de9
Warning: Unknown(): open(c:\php\sessiondata\sess_828bcc93529bde762b39eec670b62de9, O_RDWR) failed: Permission denied (13) in Unknown on line 0

Warning: Unknown(): Failed to write session data (files). Please verify that the current setting of session.save_path is correct (c:\php\sessiondata) in Unknown on line 0

Am i right in thinking that this goes back to write permissions on the server?

Thanks for your help.

 

[vacunita]

I agree, I find it odd that the Session dir points to an absolute Windows style path.

I was just going to suggest testing the write-abilty of the actual session_store, becasue it looks as if the Session is simply not being written.



----------------------------------
Phil AKA Vacunita
----------------------------------
Ignorance is not necessarily Bliss, case in point:
Unknown has caused an Unknown Error on Unknown and must be shutdown to prevent damage to Unknown.

Web & Tech

 

[vacunita]

Warning: Unknown(): open(c:\php\sessiondata\sess_828bcc93529bde762b39eec670b62de9, O_RDWR) failed: Permission denied (13) in Unknown on line 0

Oddly enough it looks like the actual session store file can either not be created or written to after being created.

Time to contact the hosting company and tell them, PHP can't write to the session file. And show them the error.



----------------------------------
Phil AKA Vacunita
----------------------------------
Ignorance is not necessarily Bliss, case in point:
Unknown has caused an Unknown Error on Unknown and must be shutdown to prevent damage to Unknown.

Web & Tech

 

[caffrinho]

Will do, thanks for the help both!

 

[jpadie]

indeed. that is very odd that the directory is writable but then the file can't be created.
windoze used to have a limit on the number of files per folder. session files can mount up mighty quick, particularly if session duration is long and there is poor garbage collection.

for the time being, create a directory under the webroot and change its perms (via control panel) so that it is not web-accessible. then change the session save path to the new folder.

you can do this like so

if(session_id() == ''):
  session_save_path( './subdirectoryforsessions/');
  session_start();
endif;

 

[caffrinho]

I'll await a response from the webhost. In the mean time, thank you jpadie for that piece of code, works a treat.

 

[caffrinho]

UPDATE: Useless to55ers at the hosting company "solved" this problem for me by upgrading to PHP 5.3.13. This has now rendered my entire website useless as I cannot connect to the MySQL database.

 

[caffrinho]

I should have said that on the plus side, session variables are now working :-s

 

[jpadie]

the php version had no link to the session problem. it was caused by wrong permissions on the folder or wrong configuration of the php installation. don't let them tell you otherwise.

you may need to update your mysql bindings to work with the new php version. no idea how to do this on windows (and why are you hosting on windows anyway?)

 

[caffrinho]

That's what I have said in my latest support ticket...

As for hosting on windows, I have no choice on the package I have. I will be looking elsewhere though, and it's just inertia that has stopped me from doing so previously (Too many domains to move and too little time.)

As for the Mysql connection problems, it's to do with old password hashes. Since I don't have the required privileges, I cannot resolve myself.

mysqlnd cannot connect to MySQL 4.1+ using the old insecure authentication. Please use an administration tool to reset your password 
with the command SET PASSWORD = PASSWORD('your_existing_password'). This will store a new, and more secure, hash value in mysql.user. 
If this user is used in other scripts executed by PHP 5.2 or earlier you might need to remove the old-passwords flag from your my.cnf file

Thanks again!

 

[jpadie]

yup. that needs host intervention unless you have terminal access or you can execute scripts using exec. in which case you should be able to craft a script that issues the commands via the shell rather than via the binding.

if you do contact the host about this ask them why they are still on mysql 4 rather than 5.

and if your host is so stupid/inconsiderate then run to an alternative like the wind. I use rackspace (the US site not the UK version) and have not had trouble with them in the last three years. I think I pay about 110$ a year.

 

[jpadie]

just possible that this will work (assuming that mysqladmin is in the path. otherwise you will have to find out where it is and put an absolute reference into the beginning of $command.

Even then it may not work. never tried this on windoze.

[b][COLOR=#000000]ini_set[/color][/b][COLOR=#990000]([/color][COLOR=#FF0000]'display_errors'[/color][COLOR=#990000],[/color] true[COLOR=#990000]);[/color]
[b][COLOR=#000000]error_reporting[/color][/b][COLOR=#990000]([/color]E_ALL[COLOR=#990000]);[/color]
[COLOR=#009900]$dbHost[/color] [COLOR=#990000]=[/color] [COLOR=#FF0000]''[/color][COLOR=#990000];[/color]
[COLOR=#009900]$mysqlUserName[/color] [COLOR=#990000]=[/color] [COLOR=#FF0000]''[/color][COLOR=#990000];[/color]
[COLOR=#009900]$mysqlPassword[/color] [COLOR=#990000]=[/color] [COLOR=#FF0000]''[/color][COLOR=#990000];[/color]

[COLOR=#009900]$command[/color] [COLOR=#990000]=[/color] [COLOR=#FF0000]"mysqladmin --host=%s --verbose --user=%s --password=%s password %s"[/color][COLOR=#990000];[/color]
[COLOR=#009900]$cmd[/color] [COLOR=#990000]=[/color] [b][COLOR=#000000]sprintf[/color][/b][COLOR=#990000]([/color]   [COLOR=#009900]$command[/color][COLOR=#990000],[/color] 
[tab][tab][tab][tab]  [b][COLOR=#000000]escapeshellarg[/color][/b][COLOR=#990000]([/color][COLOR=#009900]$dbHost[/color][COLOR=#990000]),[/color]
[tab][tab][tab][tab]  [b][COLOR=#000000]escapeshellarg[/color][/b][COLOR=#990000]([/color][COLOR=#009900]$mysqlUserName[/color][COLOR=#990000]),[/color] 
[tab][tab][tab][tab]  [b][COLOR=#000000]escapeshellarg[/color][/b][COLOR=#990000]([/color][COLOR=#009900]$mysqlPassword[/color][COLOR=#990000]),[/color] 
[tab][tab][tab][tab]  [b][COLOR=#000000]escapeshellarg[/color][/b][COLOR=#990000]([/color][COLOR=#009900]$mysqlPassword[/color][COLOR=#990000])[/color]  [COLOR=#990000]);[/color]
[b][COLOR=#000000]exec[/color][/b][COLOR=#990000]([/color][COLOR=#009900]$cmd[/color][COLOR=#990000],[/color] [COLOR=#009900]$output[/color][COLOR=#990000],[/color] [COLOR=#009900]$return[/color][COLOR=#990000]);[/color]
[b][COLOR=#0000FF]echo[/color][/b] [COLOR=#FF0000]'<pre>'[/color][COLOR=#990000];[/color]
[b][COLOR=#000000]print_r[/color][/b][COLOR=#990000]([/color][COLOR=#009900]$output[/color][COLOR=#990000]);[/color] [b][COLOR=#000000]print_r[/color][/b][COLOR=#990000]([/color][COLOR=#009900]$return[/color][COLOR=#990000]);[/color]
[b][COLOR=#0000FF]if[/color][/b][COLOR=#990000]([/color][b][COLOR=#000000]mysql_connect[/color][/b][COLOR=#990000]([/color][COLOR=#009900]$dbHose[/color][COLOR=#990000],[/color][COLOR=#009900]$mysqlUserName[/color][COLOR=#990000],[/color] [COLOR=#009900]$mysqlPassword[/color][COLOR=#990000]))[/color] [b][COLOR=#0000FF]die[/color][/b][COLOR=#990000]([/color][COLOR=#FF0000]"\npassword ok"[/color][COLOR=#990000]);[/color]
[b][COLOR=#0000FF]echo[/color][/b] [b][COLOR=#000000]mysql_error[/color][/b][COLOR=#990000]();[/color]