#1
  1. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    May 2009
    Posts
    13
    Rep Power
    0

    Session variables dissapear immediately


    I'm running IIS v7 on a Win7 development machine. I have PHP code that saves session variables and calls them back later. This has been working on this machine for some time.

    For some reason now, the session variables dissapear immediatly after saving. Code that used to work fine on http://localhost/, suddenly now does not.

    I have tested different browsers - the variables dissapear regardless of browser.

    I have tested session variables with both PHP and classic ASP. The variables dissapear regardless of language.

    I have tested identical code on different servers. The problem exists only on this development machine.

    I tried some code that saves a session var, then reads it back and displays it, then shows a link to click on to read it back and display again. What happens is the session var DOES get written and read back and displayed ok. But when you click the link to view it again, it's gone.

    I don't recall making any changes to IIS. But I did run several malware scanners and clean-up tools.

    Is anyone aware of any setting in IIS that disallows session vars? Any other throughts?
  2. #2
  3. No Profile Picture
    Stumpier old Moderator
    Devshed Supreme Being (6500+ posts)

    Join Date
    Jun 2003
    Posts
    14,409
    Rep Power
    4538
    Did you change any cookie settings in the web browser you're using?

    php and asp use completely unrelated mechanisms for storing session data, the only thing that I can think of that's common to both is the need for browser session cookie support.

    Beyond that, permissions problems are always a good guess with web server problems.
    ======
    Doug G
    ======
    It is a truism of American politics that no man who can win an election deserves to. --Trevanian, from the novel Shibumi
  4. #3
  5. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    May 2009
    Posts
    13
    Rep Power
    0
    Not ruling anything out, but I'm not suspicious of cookie settings on a given browser because even if I had changed something in say, IE, I don't think that would change other browser's session behavior. The problem exists in all browsers on this machine: IE, Firefox, Chrome and Opera.

    As for permissions, I don't know what would have changed. But I do see in my php.ini file the following line:
    session.save_path="C:\Windows\Temp"
    I'm not sure if that is the correct setting, but the IUSR user did not have any permissions there. I changed to read/write and that didn't fix the problem.

    Not sure if ASP stores sessions in that same folder.

    This is really a huge problem, because I'm dead as far as development goes on this machine.

    I really don't know what to suspect. Any other thoughts?
  6. #4
  7. No Profile Picture
    Stumpier old Moderator
    Devshed Supreme Being (6500+ posts)

    Join Date
    Jun 2003
    Posts
    14,409
    Rep Power
    4538
    I don't recall making any changes to IIS. But I did run several malware scanners and clean-up tools.
    If you ran these tools because your server was infected, the best course of action is to erase and reformat the hard drive and reinstall windows from scratch then restore known clean copies of whatever backed up data you need to restore.

    Unrelated to the above, asp doesn't store sessions in any folder, sessions are an object in IIS.
    ======
    Doug G
    ======
    It is a truism of American politics that no man who can win an election deserves to. --Trevanian, from the novel Shibumi
  8. #5
  9. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    May 2009
    Posts
    13
    Rep Power
    0
    Everything came out clean on the virus scans, so there shouldn't be any need to reinstall, except of course the general instability of Windows makes that a good idea every so often.

    Still, I'd hate to have to resort to that just to fix what I am assuming is some little setting that somehow got changed. This install isn't that old.

    I'm not sure how a browser would handle session vars if a setting was used to dissallow. I think it's interesting that my code shows the var does initialliy get set. It just goes away, either right after that, or when I go to another page. So would a browser setting allow the var, then take it away? I'm almost suspecting my antivirus somehow. But I haven't seen anything in there (Kaspersky) what would do that. Also, I turned antivirus off and tested -- no change in behavior.

    Again, my suspicion is that it's something global, like IIS or antivirus, because all four browsers and both languages have the problem.

    Anyone ..... anyone?
  10. #6
  11. No Profile Picture
    Stumpier old Moderator
    Devshed Supreme Being (6500+ posts)

    Join Date
    Jun 2003
    Posts
    14,409
    Rep Power
    4538
    The browser doesn't handle session variables, session variables reside on the server. In the case of asp there is an IIS-generated session cookie that is injected into the http headers which is the only tidbit of information that is maintained by the browser. When IIS gets a new http request that includes the session cookie, IIS will take the session ID and re-create the session object for that connection and make it available to asp code.

    PHP works similarly, although PHP offers different ways to store the session data on the server, but the session ID is still the only piece of information that is exchanged between the server and browser.

    You might want to tour the IIS settings, there is a setting that can disable sessions for ASP. I don't think there is any IIS configuration that will turn off PHP sessions, though, I think you have to edit php.ini to disable sessions.
    ======
    Doug G
    ======
    It is a truism of American politics that no man who can win an election deserves to. --Trevanian, from the novel Shibumi
  12. #7
  13. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    May 2009
    Posts
    13
    Rep Power
    0
    Well I'm obviously grasping at straws.

    I'm not sure where all to look in IIS. But any settings I've run accross seem to be correct.

    May have to try re-installing IIS.
    I haven't run accros anyone who has seen this before.
  14. #8
  15. No Profile Picture
    Stumpier old Moderator
    Devshed Supreme Being (6500+ posts)

    Join Date
    Jun 2003
    Posts
    14,409
    Rep Power
    4538
    You are using session_start() in each of the php pages that want to use session data, right? Also try turning on error reporting for everything in your php page, maybe some code error is causing problems.
    ======
    Doug G
    ======
    It is a truism of American politics that no man who can win an election deserves to. --Trevanian, from the novel Shibumi
  16. #9
  17. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    May 2009
    Posts
    13
    Rep Power
    0
    Right, I am doing both of those, as PHP is more picky about the session than is ASP.

    And any change to my test code I make, I copy to the other servers I'm testing with. Still, no matter what I do, it works on other machines, but not on this one.

    And again..... in multiple languages, so that also suggests it's not the code.

    Looks like it's the universal Windows fix..... reinstall.
  18. #10
  19. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    May 2009
    Posts
    13
    Rep Power
    0
    I just uninstalled / reinstalled IIS. I thought this would take care of the problem, but no.

    So either some settings are still around from the previous IIS install (which I doubt), or the problem is caused by something other than IIS. However I have no idea what that might be.
  20. #11
  21. No Profile Picture
    Registered User
    Devshed Newbie (0 - 499 posts)

    Join Date
    May 2009
    Posts
    13
    Rep Power
    0
    The answer has been found!

    In my php.ini file, the session save path is defined:
    session.save_path="C:\Windows\Temp"
    Appearently this is also where classic ASP stores session data.

    Someone on another forum suggested I change permissions on that folder, which I though I had tried before to no avail. However, when I re-read the post and followed his instructions to the letter, it fixed the problem!

    I was only changing permissions for the user IUSR, however, I needed to also change it for IIS_USRS.

    This problem was driving me crazy.

    For anyone who comes here from a search with the same problem, I'll copy the post from HCamper below (hopefully he won't mind):
    Hello,

    For this "I have tested session variables with both PHP and classic ASP. The variables dissapear regardless of language."
    problem.
    I suggest that you check account settings for IUSR,IIS_USRS having read,execute,list,write permissions
    for the directory where sessions are stored.
    I suggest that you check account settings for IUSR,IIS_USERS having read,execute,list,write permissions
    for the C:\WIndows\Temp directory.
    Look at your php.ini file settings for: What directory your using and make sure accounts can write sessions as files.
    Thank You,
    Martin
  22. #12
  23. No Profile Picture
    Stumpier old Moderator
    Devshed Supreme Being (6500+ posts)

    Join Date
    Jun 2003
    Posts
    14,409
    Rep Power
    4538
    Thanks for posting your solution.
    ======
    Doug G
    ======
    It is a truism of American politics that no man who can win an election deserves to. --Trevanian, from the novel Shibumi

IMN logo majestic logo threadwatch logo seochat tools logo