6

I can access my SESSIONS from subfolders eg. /teachers, /students on my website but not from files directly under /.

My setup:

Above my pages:

session_set_cookie_params(time()+86400000, '/', '.mysite.com', 0, 1);
    ini_set('session.use_only_cookies', 1);
    if(!isset($_SESSION))
    {
        session_start();
    }

How I set my SESSIONS

session_regenerate_id(true);
$_SESSION['signature'] = $signature;

My PHP.ini

session.save_path = '/home/mysite/cvsessions'

What am I getting wrong?

Ogugua Belonwu
  • 2,051
  • 6
  • 26
  • 44
  • two suggestions: If you want to have a specific domain omit the point at the beginning. For more domains use a wildcard and add a * before the point of the domain name. Further try to add a / behnd the domain. So your first line looks like: "session_set_cookie_params(time()+86400000, '/', 'mysite.com/', 0, 1);" Also have you tried to call this function BEFORE session_start(); As far as I know this is the recommended order – JRsz Aug 07 '16 at 21:04
  • Your session set cookie parameters should be put directly into your `php.ini` file. Are there any other session related settings in your custom php.ini file?d you have a php.ini in every directory or is it one `.ini` file for the whole domain account? – Martin Aug 07 '16 at 21:06
  • @JRsz I will implement now and revert. – Ogugua Belonwu Aug 08 '16 at 07:19
  • @Martin I will put it now. Yes, I have only one php.ini in root folder. Do I change this? – Ogugua Belonwu Aug 08 '16 at 07:20

3 Answers3

10

Clarification: This answer is about using php.ini files in the same folders that contain the PHP files in order to overwrite the system-wide default settings, this answer assumes that you already have a standard default php.ini file whose settings you either can not or should not edit.

I have had similar issues to what you're describing and would hazard a guess that you do not have php.ini files in each active folder, whereas you may only actually be having ONE php.ini file in your root folder and so any of the subfolders (/students, etc.) are not using the root php.ini and simply using the account- or system- default.

Depending on what server system you have set up (for example CPanel install?) then in order to change settings from the default server-wide php.ini, a new php.ini file containing just the custom settings (such as in your case account specific session storage location) needs to be installed into every directory needing to use non-default php.ini settings.

So, step by step:

  • Do you have a php.ini in every folder, such as /,/teachers,/students etc.?

  • Are all these php.ini files the same?

  • All folders should be the same, so all should have their own php.ini copy or none of them should. Otherwise this sort of change in behaviour which is causing your inconsistency issues will occur when changing between one (custom) php.ini setting and another (system default) php.ini setting.

If any folder is missing them or prehaps only your public html root folder has the php.ini file then that means all the other folders are using the default, and so the public html root is looking for sessions in the wrong place -- It's looking in the '/home/mysite/cvsessions' address whereas the default address for PHP sessions is something like /home/tmp.

Does this help or is this well off the mark ?

Better way of checking if session is started:

PHP >= 5.4 

if (session_status() == PHP_SESSION_NONE) {
    session_start();
}

For versions of PHP < 5.4.0

if(session_id() == '') {
    session_start();
}

Source: https://stackoverflow.com/a/18542272/3536236

Community
  • 1
  • 1
Martin
  • 19,815
  • 6
  • 53
  • 104
  • There is something very wrong with your php installation if it is using multiple phl.ini files, nevermind requiring them. – symcbean Aug 07 '16 at 21:33
  • it's the way CPanel works, there a single default php.ini file, and then to make changes to this default php.ini for a certain account a php.ini file containing just the adjusted settings is saved to each folder in the account domain. Perhaps I should clarify this..... @symcbean – Martin Aug 07 '16 at 21:36
  • For example where session files are stored is account specific so this is not set (in my case) in the default php.ini which covers many accounts, so needs to be set on an account-by-account basis. Although it's not the most idea that each folder needs a copy of the changed settings but.... – Martin Aug 07 '16 at 21:43
  • I find it hard to believe that even cPanel would implement such a strange system of config management and see no mention of this in the documentation at https://documentation.cpanel.net/display/CKB/How+to+Edit+Your+php.ini+File can you provide a link to where this documented? – symcbean Aug 07 '16 at 21:53
  • haha, well with the greatest respect, its the way cPanel has worked for several versions and it's the way my server running dozens of accounts works and your documentation link is wrong because that's about editing the core system-level php.ini whereas I am talking about making account specific changes on an account specific *copy* of the system level php.ini. Look up suPHP with Cpanel as the link you reference is entirely inapprorpiate. – Martin Aug 07 '16 at 22:03
  • ((using .htaccess makes the method easier but I'm not rolling that big explanation into this answer at this stage)) – Martin Aug 07 '16 at 22:20
0

Hi please go through the code

 $lifetime=time()+86400000;
 session_start();
 setcookie(session_name(),session_id(),$lifetime,'/', '.mysite.com');
Martin
  • 19,815
  • 6
  • 53
  • 104
Golduno Support
  • 191
  • 11
  • Have you made sure that you use `setcookie()` before any content is sent? i.e. no whitespace from end blocks such as `?>` to any `echo` to stream – Carl Casbolt Aug 04 '16 at 09:14
  • I added this at the begining of the pages: $lifetime=time()+86400000; session_set_cookie_params($lifetime, '/', '.myjobmag.com', 0, 1); ini_set('session.use_only_cookies', 1); if(!isset($_SESSION)) { session_start(); } setcookie(session_name(),session_id(),$lifetime,'/', '.myjobmag.com'); – Ogugua Belonwu Aug 04 '16 at 10:41
  • yhea this is perfect, first delete all cookies in your browser just use firebug and navigate to cookies and remove all cookies, after that hit the code and if you face same issue, please tell us what are the cookies are there? – Golduno Support Aug 04 '16 at 10:48
  • I cleared all COOKIES from Dev tools. Logged in again from mysite.com/students. Navigated away to www.mysite.com but the SESSION is still unavailable but the PHPSESSID cookies is present. – Ogugua Belonwu Aug 04 '16 at 13:16
  • it's working that if PHPSESSID is present, what you get when u use print_r() in both place root as well as /students? – Golduno Support Aug 04 '16 at 13:23
  • @GoldunoSupport, when I print_r($_SESSIONS) from / i get Array ( [logged_in] => ). But from /students gives me: Array ( [logged_in] => 1 [fbstate] => 1491479543935 [signature] => 7a747231a34808cc5ee1f41a61a51d1c0a8dddd3b4d551e3f82731a71c0658cb734644556955b112f2fd40f3bc [logbook] => xyz@yahoo.com [LAST_ACTIVITY] => 1470331297 ) – Ogugua Belonwu Aug 04 '16 at 17:26
  • @GoldunoSupport I am using core php – Ogugua Belonwu Aug 05 '16 at 06:13
  • ok, please share the function or code where session is created as you shared in question, but i need full code of session. I hope only one place session register call is happening. – Golduno Support Aug 05 '16 at 06:50
  • @GoldunoSupport , where do I share the code? It is quite lengthy. – Ogugua Belonwu Aug 07 '16 at 20:59
0

Sop changing settings and start trying to diagnose the issue.

There is nothing in the information you have supplied to point to a cause. Your first step is to create a simple script like this:

<?php
error_reporting(E_ALL);
session_start();
$_SESSION['visits'][]=$_SERVER['PHP_SELF'];
print "<pre>" . var_export($_SESSION['visits'],true)
   . "</pre><br />" . session_name() . "\n<br />" .
   ini_get('session.save_path');

Then copy the script to each directory.

Visit the URLs for each deployed instance, checking that the session_name doesnot change and no errors are reported.

Most likely the error is in your code - something emit body content before the call to session_start() (and hence flushing the headers) or the session save path is being overridden somewhere.

symcbean
  • 45,607
  • 5
  • 49
  • 83