SV: [PHP-INSTALL] why is the session recreated?

Wed, 04 Feb 2004 08:29:35 -0800

Title: why is the session recreated?
Hello!
 
Important additional information: session.name is set to YKKOSKANAVA in php.ini file, which should explain the strange name of the cookie.
 
/jonas
 
-----Ursprungligt meddelande-----
Från: Jonas Blåberg [mailto:[EMAIL PROTECTED]
Skickat: den 4 februari 2004 11:44
Till: [EMAIL PROTECTED]
Ämne: [PHP-INSTALL] why is the session recreated?

Hello!

I have a problem with sessions. It is working as it should in an installation using PHP 4.2.3 but I cannot get it to work using PHP 4.3.3!

The rest of the enviornment is Solaris 7 and iPlanet WS 4.1


The setup is like this: An HTML page where the user submits user and password, next a PHP script which is called using the POST method which validates the user, and then the first PHP script of the application which is accessed using the GET method.


When I am tracing the web server I can see the the following is posted to the first PHP script:

POST /validate.php HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/msword, application/vnd.ms-powerpoint, application/x-shockwave-flash, */*

Referer: http://1.2.3.4/refering.html
Accept-Language: en-us
Content-Type: application/x-www-form-urlencoded
Accept-Encoding: gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 4.0)
Host: 1.2.3.4
Content-Length: 30
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: NSES40Session=0%253A401f9667%253A4ebb2335a6106cf3; YKKOSKANAVA=72dec6197fca54fce2776688ea1bd926

login=demo&password=demo


The first rows of validate.php are:

<?php
session_start();


Then I can see the process read from /dev/random and a creation of a session file:

15257:  4217096.5446     0.0003 open("/dev/random", O_RDONLY)                   = 20
15257:  4217096.5449     0.0003 read(20, 0xF71BE508, 16)                        = 16
15257:    16 uD0F7 3 2 @ NE7 r =19D083B7
15257:  4217096.5452     0.0003 close(20)                                       = 0
15257:  4217096.5515     0.0063 resolvepath("/export/home/php/session//sess_0778039f10e73ce1523380ef721b7ad3", 0xF71BE490, 1024) Err#2 ENOENT

15257:  4217096.6229     0.0714 open("/export/home/php/session/sess_0778039f10e73ce1523380ef721b7ad3", O_RDWR|O_CREAT, 0600) = 20


As you can see there is a new session file created, even though the browser sent us a cookie!


This is the redirection sent back to the web browser:

HTTP/1.1 302 Moved Temporarily
Server: Netscape-Enterprise/4.1
Date: Tue, 03 Feb 2004 12:39:15 GMT
Set-Cookie: YKKOSKANAVA=0778039f10e73ce1523380ef721b7ad3;expires=Tue, 03-Feb-04 15:59:15GMT; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Location:application.php
Content-type: text/html
Connection: close


And here is the GET request for application.php:

GET /application.php HTTP/1.1
Accept: image/gif, image/x-xbitmap, image/jpeg, image/pjpeg, application/vnd.ms-excel, application/msword,application/vnd.ms-powerpoint, application/x-shockwave-flash, */*

Referer: http://1.2.3.4/refering.html
Accept-Language: en-us
Accept-Encoding:gzip, deflate
User-Agent: Mozilla/4.0 (compatible; MSIE 6.0; Windows NT 4.0)
Host: 1.2.3.4
Connection: Keep-Alive
Cache-Control: no-cache
Cookie: NSES40Session=0%253A401f9667%253A4ebb2335a6106cf3; YKKOSKANAVA=0778039f10e73ce1523380ef721b7ad3


And once again, the session_start in the beginning of the PHP script is reading from /dev/random, and creating a new session file, which is reflected in the cookie reply to the web browser, and of course the application has detected the session has ended...

HTTP/1.1 302 Moved Temporarily
Server: Netscape-Enterprise/4.1
Date: Tue, 03 Feb 2004 12:39:16 GMT
Set-Cookie: YKKOSKANAVA=cf6c44eb0e4a9b83ed5b9c963bd796a0;expires=Tue, 03-Feb-04 15:59:16GMT; path=/
Expires: Thu, 19 Nov 1981 08:52:00 GMT
Cache-Control: no-store, no-cache, must-revalidate, post-check=0, pre-check=0
Pragma: no-cache
Location:end_of_session.php
Content-type: text/html
Connection: close


I almost forgot to mention - session.auto_start is set to 0 in php.ini.

For some reason the session_start function is unable to recognize the cookie obviously sent to the web browser. What could be wrong in the setup?

/jonas




Jonas Blåberg
  Mandator Infrastructure
  Kruthusgatan 17,6
  S-411 04 Göteborg
[EMAIL PROTECTED]
office: +46-(0)31-739 84 54
mobile: +46-(0)709-95 00 68


Reply via email to