|
|
Posted by j.wendelmuth on 11/30/07 15:57
Hi,
i have a problem with PHP sessions. The problem only occurs on one
machine (PHP v5.2.4 incl. mod_security). On another one (PHP v5.2.0 no
mod security) my application works fine.
Here's the precondition:
I have 2 PHP applications, A and B. Both on a seperate server/machine.
A perfoms via SoapClient a request on B, where a Soap service is
located. B provides amongst others a function, that initializes a
session with data on B's side
$sess_id = md5(microtime());
session_name('SESSID');
session_id($sess_id);
session_start();
$_SESSION['blah'] = 'blah';
$_SESSION['fasel'] = 'fasel';
$_SESSION['blubb'] = 'blubb';
session_write_close();
and returns the session id and a URL to A.
A takes the URL and the session id and performs a redirect via
header('Location: ' . $url . '?SESSID=' . $sess_id). The URL
points to a script located on B's side.
When the script on B is called, it checks if a session id is given
within the URL ($_GET) and tries to start the session.
$sess_id = $_GET['SESSID'];
session_name('SESSID');
session_id($sess_id);
session_start();
As i mentioned above it works fine on the PHP v5.2.0 machine but not
on v5.2.4. After session_start() the existing session will be
overwritten with an empty one, having the same session id. I've
additionally confirmed this behaviour in the sessions directory.
I'm not using session coockies.
ini_set('session.use_cookies', 0);
ini_set('session.use_only_cookies', 0);
ini_set('session.use_trans_sid', 0);
I've also compared the session parameter configuration of both servers
and there's no diff. The log files of the server give me no hint.
Can anybody give my a hint?
Thanks in advance,
der Jens
Navigation:
[Reply to this message]
|