|
|
Posted by Rik Wasmus on 11/30/07 17:27
On Fri, 30 Nov 2007 16:57:18 +0100, <j.wendelmuth@carcopy.com> wrote:
> Hi,
>
> i have a problem with PHP sessions. The problem only occurs on one
> machine (PHP v5.2.4 incl. mod_security). On another one (PHP v5.2.0 no=
> mod security) my application works fine.
>
> Here's the precondition:
> I have 2 PHP applications, A and B. Both on a seperate server/machine.=
> A perfoms via SoapClient a request on B, where a Soap service is
> located. B provides amongst others a function, that initializes a
> session with data on B's side
>
> $sess_id =3D md5(microtime());
Why do you want to do that???? microtime() is highly, highly unsuited fo=
r =
a busy server. At least use something like uniqid(). You basically are =
asking for problems creating session-ids like this. Is there any =
particular reason you want to set the session-id? Why not let PHP handle=
=
it (and it's uniqueness at that time). If you just want to know a =
session-id after it's being set just call session_id() with no arguments=
..
> session_name('SESSID');
> session_id($sess_id);
> session_start();
>
> $_SESSION['blah'] =3D 'blah';
> $_SESSION['fasel'] =3D 'fasel';
> $_SESSION['blubb'] =3D 'blubb';
>
> session_write_close();
>
> and returns the session id and a URL to A.
OK, and where is the sharded storage of session data? Are both servers s=
et =
up to look at the same storage?
> A takes the URL and the session id and performs a redirect via
>
> header('Location: ' . $url . '?SESSID=3D' . $sess_id). The URL=
> points to a script located on B's side.
Using a GET is somewhat hazardous. What domains do your servers have? Yo=
u =
might be better of setting a cookie for a wildcard domain (setcookie() -=
> =
<http://nl2.php.net/manual/en/function.setcookie.php>, i.e. set the doma=
in =
to '.example.com' rather then 'server1.example.com' or =
'server2.example.com'.
> When the script on B is called, it checks if a session id is given
> within the URL ($_GET) and tries to start the session.
>
> $sess_id =3D $_GET['SESSID'];
> session_name('SESSID');
> session_id($sess_id);
> session_start();
>
> As i mentioned above it works fine on the PHP v5.2.0 machine but not
> on v5.2.4. After session_start() the existing session will be
> overwritten with an empty one, having the same session id. I've
> additionally confirmed this behaviour in the sessions directory.
Where is this sessions directory, and how have you configured the server=
s =
to look into one and the same directory (which can be on only 1 server, =
=
either A or B, or an unmentioned C) for the storage?
When 'crossing' servers with sessions, I usually opt for setting up my o=
wn =
sessionhandler (set_session_handler()), and use a single database server=
=
to store/retrieve session data from.
-- =
Rik Wasmus
Navigation:
[Reply to this message]
|