Page 1 of 2 12 Last
  • Jump to page:
    #1
  1. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2012
    Posts
    33
    Rep Power
    2

    Help needed in $_SESSION variables


    Hi:

    As you all know, I am a newbie and am picking a lot of PHP knowledge from this website! Thank you all for helping me learn!

    However, now I have a serious problem. The web server where my databse management software system, developed in PHP/MySQL, is not allowing me to login, with 'LOGIN UNSUCCESSFUL' message. This message is occurring when username / password combination has been found in the database but the Welcome script is failing because the $_SESSION variables are not getting set properly. When I brought this to the notice of web server administrator, I got the following reply -

    "Definitely looks like a Session setting…
    I think you are using the default setting for session path and whenever our server gets rebooted this is giving you a problem.

    The best recommended way to use sessions variable is to define your own path within your hosting and give write permission to it through control panel. So no external reboots will affect it.

    I will go ahead and give the sessions path the write permission.. But you might want to implement the above procedure."


    Now how to implement this solution? This has happened a second time. Earlier without anybody's interference, the problem got resolved on its own somehow. I don't understand how. What do I do now? In my authentication script, I am setting SESSION variables which are supposed to get set after finding valid username / password combination. If MySQL isn't affected and I should be able to see the data then why a simple PHP script that connects to the database and runs an SQL that is supposed to show the existing records, failing and giving me Internal Server Error (HTTP 500)? Shouldn't that PHP script at least work for me even if the scripts with the SESSION variables are somehow giving me problems? I don't understand. To prevent scrambling of SESSION variables, I had even prevented the users NOT to login from two different machines at the same time with the same username / password combo. Things were working pretty good only a few days back. What could have possibly gone wrong? Can you please help? I am trying to understand more on SESSION variables and also would like to understand the comment in bold and underlined. Please help
  2. #2
  3. No Profile Picture
    Contributing User
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2003
    Posts
    3,538
    Rep Power
    595
    There are 10 kinds of people in the world. Those that understand binary and those that don't.
  4. #3
  5. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2012
    Posts
    33
    Rep Power
    2
    Originally Posted by gw1500se
    Do I use this statement before session_start() wherever I am using? If I make this change in almost every script of my software, then after re-uploading the scripts on the web-server, will I be able to login?
  6. #4
  7. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2012
    Posts
    33
    Rep Power
    2
    Do I use session_save_path() before sessions_start() wherever it appears? If so, after making changes to all the concerned scripts and re-uploading them on the web server, will I be able to login now?
  8. #5
  9. No Profile Picture
    Contributing User
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2003
    Posts
    3,538
    Rep Power
    595
    I don't know about that but it will fix the path problem after server restarts.
    There are 10 kinds of people in the world. Those that understand binary and those that don't.
  10. #6
  11. Sarcky
    Devshed Supreme Being (6500+ posts)

    Join Date
    Oct 2006
    Location
    Pennsylvania, USA
    Posts
    10,908
    Rep Power
    6352
    The manual for that function specifically says it must be called before session_start, so yes, call it before.

    The problem is: The sessions are stored on the hard drive. You're using a session path that doesn't belong to you (it belongs to another user or to the server owner). You should change the path to something which DOES belong to you, then make sure that path is readable and writable by PHP using your control panel.

    You can change that path in two ways:
    1) Through PHP.ini, if you have access to it.
    2) Through the function call you've been given, called just before session_start().
    HEY! YOU! Read the New User Guide and Forum Rules

    "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin

    "The greatest tragedy of this changing society is that people who never knew what it was like before will simply assume that this is the way things are supposed to be." -2600 Magazine, Fall 2002

    Think we're being rude? Maybe you asked a bad question or you're a Help Vampire. Trying to argue intelligently? Please read this.
  12. #7
  13. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2012
    Posts
    33
    Rep Power
    2
    Do I use session_save_path as follows?

    session_save_path('http://www.mysite.com/test_dir/session')

    before session_start() in EVERY PHP script of my software? Is the above syntax correct? I did try this but the system is still logging in. What do I tell the web server administrator? Should he re-start the server?
  14. #8
  15. No Profile Picture
    Contributing User
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2003
    Posts
    3,538
    Rep Power
    595
    No, the session path is not a URL, it is a directory path for which you give apache R/W permissions.
    There are 10 kinds of people in the world. Those that understand binary and those that don't.
  16. #9
  17. Sarcky
    Devshed Supreme Being (6500+ posts)

    Join Date
    Oct 2006
    Location
    Pennsylvania, USA
    Posts
    10,908
    Rep Power
    6352
    No, the session save path is a hard drive path to where you want the session files to be stored. Just like it says in the manual

    You should really be centralizing things like your session_start calls so you can make changes like this only once instead of once for every page on your site, but that's a whole other discussion.
    HEY! YOU! Read the New User Guide and Forum Rules

    "They that can give up essential liberty to obtain a little temporary safety deserve neither liberty nor safety." -Benjamin Franklin

    "The greatest tragedy of this changing society is that people who never knew what it was like before will simply assume that this is the way things are supposed to be." -2600 Magazine, Fall 2002

    Think we're being rude? Maybe you asked a bad question or you're a Help Vampire. Trying to argue intelligently? Please read this.
  18. #10
  19. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2012
    Posts
    33
    Rep Power
    2
    Thanks!

    Now, what does the following statement do?

    ini_set('session.gc_probability', 1);

    should i use it along with session_save_path()? is it necessary to re-start the server after making changes?
  20. #11
  21. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1014
    Originally Posted by mozart66
    Now, what does the following statement do?

    ini_set('session.gc_probability', 1);
    Read the manual.
    session.gc_probability in conjunction with session.gc_divisor is used to manage probability that the gc (garbage collection) routine is started. Defaults to 1. See session.gc_divisor for details.


    Originally Posted by mozart66
    should i use it along with session_save_path()?
    No, do not touch the session configuration at all. The only thing that's concerning you is the save path.



    Originally Posted by mozart66
    is it necessary to re-start the server after making changes?
    Yes.
    The 6 worst sins of securityHow to (properly) access a MySQL database with PHP

    Why can’t I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  22. #12
  23. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2012
    Posts
    33
    Rep Power
    2
    THANK YOU ALL OF YOU!!!! All your suggestions worked!!!! The server didn't need to be re-started though, because probably, the drive on the hard disk that I mentioned in the session_save_path was different than the original path and so the whole process of starting the software system started all over again in the newly mentioned directory, thus avoiding the server start!! This is just my experience and my logical answer! I will still request the remote server administrator to re-start the server if possible or needed but as of now, my system in php could be successfully logged in and I can see the data!!!

    THANK YOU!!!
  24. #13
  25. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2012
    Posts
    33
    Rep Power
    2
    Hi!

    Another quick question related to $_SESSION variables. I have observed that in the directory (physical path) where the session data is stored for a session, is growing with each day's session files for each user. I used session_unset() just before using session_destroy() in my log out script, the session files are just piling up in that directory and sizes of these files are not too small. When I opened one session file in Notepad, I found out all the session variables ($_SESSION) related to a session were still showing the values (of the $_SESSION array) in that session file. Didn't session_unset() or session_destroy() destroy the data and the session file? How do I get rid of the session file itself after the log out so that they don't keep piling up?

    Another thing, I had used another $_SESSION variable down the line in one of the scripts (a menu option) to set a parameter value for a complex SQL query for data extraction from the database. I am unable to see that Session variable value now. The directory where all my PHP scripts on the web server are is '/abc' and the session_save_path() 'pqr' is outside '/abc' and hence I have written session_save_path('../pqr') above session_start(). But the session value that is not being set is for a report script which appears in the directory under '/abc', e.g. '/abc/xyz'. Now with the same session_save_path('../pqr') even for the reports under '/abc/xyz', obviously the session file is not being accessible to the report script and hence I get Server error, but then what should be that path? I have put in just one include file all the session_save_path() and session_start() for all the scripts universally. But for reports it isn't working. Can you please help me with the path? (Sorry, since my software in PHP is being hosted on Linux and my development platform being Windows, I think I am confused with the way in which directories are accessed.... sorry about that)
  26. #14
  27. --
    Devshed Expert (3500 - 3999 posts)

    Join Date
    Jul 2012
    Posts
    3,959
    Rep Power
    1014
    Hi,

    about deleting sessions: Do you have a session_start() on top of the script? If you don't, session_unset() and session_destroy() have no effect.

    It's normal to have a lot of unused session files. Many people don't log out explicitly, so the session file remains until the garbage collector deletes it. PHP also creates a lot of unnecessary sessions, because it doesn't distinguish between resuming and starting a session.

    But a few bytes for each session shouldn't be a problem -- I don't expect you to run a big site with thousands of visits per second.
    The 6 worst sins of securityHow to (properly) access a MySQL database with PHP

    Why can’t I use certain words like "drop" as part of my Security Question answers?
    There are certain words used by hackers to try to gain access to systems and manipulate data; therefore, the following words are restricted: "select," "delete," "update," "insert," "drop" and "null".
  28. #15
  29. No Profile Picture
    Contributing User
    Devshed Newbie (0 - 499 posts)

    Join Date
    Dec 2012
    Posts
    33
    Rep Power
    2
    Yes, I do have session_start() in my log out script. It is as follows.

    PHP Code:
    <?php

    session_start
    ();
    session_unset();
    session_destroy();

    header("Location: login.php");

    ?>
    Will I need anything else in my log out script?
Page 1 of 2 12 Last
  • Jump to page:

IMN logo majestic logo threadwatch logo seochat tools logo