Sessions in PHP

[mikerobb]

I've been using PHP sessions for some time on a public web server.

Recently I installed Redhat 9 / Apache and PHP on a local PC [on my LAN].

PHP 4.3.6 [from terminal > php --version]
PHP 4.2.2 [from Apache via phpinfo() test page]
Apache 2.0.40

With this test session code:

<?
session_start();
                                                                                                               
if(isset($HTTP_POST_VARS['inputName']))
{
  $Name=$HTTP_POST_VARS['inputName'];
}
                                                                                                               
$nameIs=0;
if($_SESSION["Name"]){$nameIs+=1;}
if($HTTP_SESSION_VARS["Name"]){$nameIs+=4;}
                                                                                                               
$Count++;
session_register("Name");
session_register("Count");
?>
<html>
<body>
<?
$SID=session_id();
echo "session name: ".session_name()."<BR>\n";
echo "session id: ".session_id()."<BR>\n";
echo "session module name: ".session_module_name()."<BR>\n";
echo "session save path: ".session_save_path()."<BR>\n";
echo "encoded session: ".session_encode()."<BR>\n";
                                                                                                               
                                                                                                               
if($Name!=""){echo "Hello $Name<BR>";}
                                                                                                               
echo "You [ $Name ] have been here $Count times.<BR>\n";
                                                                                                               
echo "<form action='$SCRIPT_NAME?".$SID."' METHOD=POST>";
echo "<input name='inputName' value='$sess_name'><BR>";
echo "<input type=submit>";
echo "<a href='$SCRIPT_NAME?".$SID."'>Reload Page</a>";
                                                                                                               
?>
<HR>
NameIs=<?=$nameIs;?>

If I load up the page and enter "blah" and submit, it will store into the /tmp/sess* file this:

Name|s:4:"blah";Count|i:1;

But it will never update it from there, the count remains 1 etc. I can delete the file, or destroy the session and then it will store the new posted data.

any help would be grealy appreciated. pointers or suggested reading is fine too

session
Session Support enabled

Directive Local Value Master Value
session.auto_start
On On
session.cache_expire
180 180
session.cache_limiter
nocache nocache
session.cookie_domain
no value no value
session.cookie_lifetime
0 0
session.cookie_path
/ /
session.cookie_secure
Off Off
session.entropy_file
no value no value
session.entropy_length
0 0
session.gc_maxlifetime
1440 1440
session.gc_probability
1 1
session.name
PHPSESSID PHPSESSID
session.referer_check
no value no value
session.save_handler
files files
session.save_path
/tmp /tmp
session.serialize_handler
php php
session.use_cookies
On On
session.use_trans_sid
1 1

 

[nawlej]

did you try

$_SESSION['Count']++;

???

 

[sleipnir214]

A few pointers.

First, if your version of PHP is 4.1.0 or newer, I strongly recommend that you use the superglobal arrays $_POST, $_GET, $_COOKIE and $_SESSION instead of the older "long" arrays $HTTP_POST_VARS, $HTTP_GET_VARS, $HTTP_COOKIE_VARS and $HTTP_SESSION_VARS. This is for several reasons: because the superglobals are available everywhere, including inside functions and class methods where the "long" arrays are not; because they are if not deprecated then deemphasized in version 5.0; they require less typing.

Second, the PHP manual recommends that you either use session_register() or references to the elements of $_SESSION, but not both. I recommend that you use only references to the elements of $_SESSION -- session_register() requires that register_globals be set to on (see the notes here), which can open security problems.

Third, you should only register a variable into a session once. After that, just invoke session_start() and reference the elements fo $_SESSION. If your code needs to test whether a session variable exists, use isset() or array_key_exists().

Fourth, either use session cookies or let PHP add the session ID to links. You don't have to do it manually as you do in this line:
echo "<a href='$SCRIPT_NAME?".$SID."'>Reload Page</a>";
Since your installation has both session.use_cookies and session.use_trans_sid both set to "on", you definately don't need to be doing this.

Fifth, as nawlej has pointed out, PHP's session-handling mechanism doesn't actually manipulate the session variables -- it just makes them available. If you need a count to increment, your code must do it.

Sixth, since your PHP installation has session.auto_start set to "on", you don't need to invoke session_start().


This is test_basic_session.php:

<?php
session_start();

print '<html><body>';


if (!isset($_SESSION['name']))
{
        $_SESSION['name'] = '';
        $_SESSION['count'] = 1;


        print 'Greetings, stranger!  Please enter your name:';

        print '<form method="POST" action="test_basic_session.php"><input type="text" name="name"><br>';

        print '<input type="submit"></form>';

}
else
{
        if (isset($_POST['name']))
        {
                $_SESSION['name'] = $_POST['name'];
        }
        $_SESSION['count']++;
        print 'Greetings, ' . $_SESSION['name'] . '!  This is visit number ' . $_SESSION['count'] . '.';
}

print '</body></html>';
?>

Want the best answers? Ask the best questions!

TANSTAAFL!!

 

[mikerobb]

very helpful reply sleipnir214.
id like to send you a couple of bucks [via paypal] for the very detailed helpful reply you provided to me. let me know how i could do this.

 

[sleipnir214]

The thought is appreciated. But no, thank you.



Want the best answers? Ask the best questions!

TANSTAAFL!!