| Strange url session behaviour after upgrade to 5.3 (was: Strange url session behaviour after upgrade to 4.3) [message #182762 is a reply to message #182756] |
Thu, 05 September 2013 22:23   |
Thomas 'PointedEars'
Messages: 701
Registered: October 2010
Karma:
|
Senior Member |
|
|
Tobiah wrote:
> On 09/03/2013 11:38 AM, Christoph Michael Becker wrote:
>> Tobiah wrote:
>>> The crux I think is that this works:
>>>
>>> session_id($_COOKIE['PHPSESSID']);
>>> session_start();
>>>
>>> but plain session_start() does not.
>>
>> You may consider checking the PHP ini settings session.name and
>> session.use_cookies.
>
> session.name = PHPSESSID
> session.use_cookies = 1
>
> I wasn't looking too much at the php.ini because the sessions
> work fine when loading normal pages. I know I'm using the PHPSESSID
> cookie, because when I delete that cookie, my session goes away.
> The only difference here is that instead of using a browser, I'm
> using curl.
>
> I know that curl is setting the cookie because of the code quoted
> above.
Still, the culprit appears to be the “session.name” or “session.use_cookies”
configuration setting. Both settings being PHP_INI_ALL-changeable, they can
be overridden by
- using the Apache “php_admin_value” and “php_value” directives in
httpd.conf (including Virtual Host configurations), .htaccess, or
.user.ini;
- calling ini_set() prior to session_start() or
- calling session_name() prior to session_start().
(In theory, you can configure it in the Windows Registry as well, but
I think php.ini settings override the settings in the Windows Registry.
I may be wrong.)
In fact, this is recommended for “session.name”, so that each application on
a server uses its own session name (unless there is a reason that two
applications use the same session data).
It would probably be best to make sure what is the setting of “session.name”
and “session_use_cookies” before you call session_start(), by inserting
phpinfo(INFO_GENERAL | INFO_CONFIGURATION);
See also:
<http://php.net/manual/en/session.configuration.php>
<http://php.net/manual/en/configuration.changes.modes.php>
<http://php.net/session_name>
<http://php.net/phpinfo>
Please use your full (real) name.
I have also fixed the Subject header field. Please be more careful next
time.
PointedEars
--
> If you get a bunch of authors […] that state the same "best practices"
> in any programming language, then you can bet who is wrong or right...
Not with javascript. Nonsense propagates like wildfire in this field.
-- Richard Cornford, comp.lang.javascript, 2011-11-14
|
|
|
|
Calendar
Search
Help
Members
Register
Login
Home
]